Assertion failure: mBase > 0, at /builds/worker/workspace/obj-build/dist/include/TimeUnits.h:84
Categories
(Core :: Audio/Video: Playback, defect)
Tracking
()
Tracking | Status | |
---|---|---|
firefox-esr102 | --- | unaffected |
firefox113 | --- | unaffected |
firefox114 | --- | unaffected |
firefox115 | --- | verified |
People
(Reporter: tsmith, Assigned: padenot)
References
(Blocks 1 open bug, Regression)
Details
(Keywords: assertion, regression, testcase, Whiteboard: [bugmon:bisected,confirmed])
Crash Data
Attachments
(2 files)
Found while fuzzing m-c 20230518-016166a0aefa (--enable-debug --enable-fuzzing)
To reproduce via Grizzly Replay:
$ pip install fuzzfetch grizzly-framework
$ python -m fuzzfetch -d --fuzzing -n firefox
$ python -m grizzly.replay ./firefox/firefox testcase.mp4
Assertion failure: mBase > 0, at /builds/worker/workspace/obj-build/dist/include/TimeUnits.h:84
#0 0x7fcd97510548 in TimeUnit /builds/worker/workspace/obj-build/dist/include/TimeUnits.h:84:5
#1 0x7fcd97510548 in mozilla::MP4SampleIndex::MP4SampleIndex(mozilla::IndiceWrapper const&, mozilla::ByteStream*, unsigned int, bool, int) /builds/worker/checkouts/gecko/dom/media/mp4/SampleIterator.cpp:454:11
#2 0x7fcd974f673f in mozilla::MP4TrackDemuxer::MP4TrackDemuxer(mozilla::MediaResource*, mozilla::UniquePtr<mozilla::TrackInfo, mozilla::DefaultDelete<mozilla::TrackInfo>>&&, mozilla::IndiceWrapper const&, int) /builds/worker/checkouts/gecko/dom/media/mp4/MP4Demuxer.cpp:320:18
#3 0x7fcd974f2ecd in mozilla::MP4Demuxer::Init() /builds/worker/checkouts/gecko/dom/media/mp4/MP4Demuxer.cpp:231:15
#4 0x7fcd96cbd261 in operator() /builds/worker/checkouts/gecko/dom/media/MediaFormatReader.cpp:784:47
#5 0x7fcd96cbd261 in mozilla::detail::ProxyFunctionRunnable<mozilla::MediaFormatReader::DemuxerProxy::Init()::$_2, mozilla::MozPromise<mozilla::MediaResult, mozilla::MediaResult, false>>::Run() /builds/worker/workspace/obj-build/dist/include/mozilla/MozPromise.h:1696:29
#6 0x7fcd92ef23ec in mozilla::TaskQueue::Runner::Run() /builds/worker/checkouts/gecko/xpcom/threads/TaskQueue.cpp:259:20
#7 0x7fcd92f0f0c5 in nsThreadPool::Run() /builds/worker/checkouts/gecko/xpcom/threads/nsThreadPool.cpp:343:14
#8 0x7fcd92f05f2a in nsThread::ProcessNextEvent(bool, bool*) /builds/worker/checkouts/gecko/xpcom/threads/nsThread.cpp:1233:16
#9 0x7fcd92f0c3fd in NS_ProcessNextEvent(nsIThread*, bool) /builds/worker/checkouts/gecko/xpcom/threads/nsThreadUtils.cpp:479:10
#10 0x7fcd93b5059e in mozilla::ipc::MessagePumpForNonMainThreads::Run(base::MessagePump::Delegate*) /builds/worker/checkouts/gecko/ipc/glue/MessagePump.cpp:300:20
#11 0x7fcd93a70d21 in RunHandler /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:362:3
#12 0x7fcd93a70d21 in MessageLoop::Run() /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:344:3
#13 0x7fcd92f01346 in nsThread::ThreadFunc(void*) /builds/worker/checkouts/gecko/xpcom/threads/nsThread.cpp:391:10
#14 0x7fcda8bf8a0f in _pt_root /builds/worker/checkouts/gecko/nsprpub/pr/src/pthreads/ptthread.c:201:5
#15 0x7fcda8894b42 in start_thread nptl/pthread_create.c:442:8
#16 0x7fcda89269ff misc/../sysdeps/unix/sysv/linux/x86_64/clone3.S:81
Comment 1•1 year ago
|
||
Got a crash from the testcase on Nightly: https://crash-stats.mozilla.org/report/index/331ae385-42b9-4a19-a096-173680230519
Comment 2•1 year ago
|
||
Verified bug as reproducible on mozilla-central 20230518213154-3a125a6b7c3a.
The bug appears to have been introduced in the following build range:
Start: b73c33aa86e6f1f38549530aecd999c7827d380e (20230517144015)
End: 488a1a8b33a0c427f85d10224a2f8db913e22b16 (20230517175836)
Pushlog: https://hg.mozilla.org/integration/autoland/pushloghtml?fromchange=b73c33aa86e6f1f38549530aecd999c7827d380e&tochange=488a1a8b33a0c427f85d10224a2f8db913e22b16
Comment 3•1 year ago
|
||
Set release status flags based on info from the regressing bug 1817997
:padenot, since you are the author of the regressor, bug 1817997, could you take a look? Also, could you set the severity field?
For more information, please visit BugBot documentation.
Comment 4•1 year ago
|
||
Setting firefox115 to Fixed, the regressor Bug 1817997 was backed out of central.
Comment 5•1 year ago
|
||
Testcase crashes using the initial build (mozilla-central 20230518092544-016166a0aefa) but not with tip (mozilla-central 20230519115028-225c5ab0d999.)
The bug appears to have been fixed in the following build range:
Start: d976369464663a9147b82c82436afcaab1f61aec (20230519041011)
End: 225c5ab0d999e743db5298d125893ae0702884af (20230519115028)
Pushlog: https://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=d976369464663a9147b82c82436afcaab1f61aec&tochange=225c5ab0d999e743db5298d125893ae0702884af
tsmith, can you confirm that the above bisection range is responsible for fixing this issue?
Removing bugmon keyword as no further action possible. Please review the bug and re-add the keyword for further analysis.
Updated•1 year ago
|
Reporter | ||
Updated•1 year ago
|
Reporter | ||
Updated•1 year ago
|
Comment 6•1 year ago
|
||
Looks like this got marked as a dupe of the timing work, but may not have been the result of that. Maybe you can point this ni to whoever might be best to look at it.
Comment 7•1 year ago
|
||
Verified bug as reproducible on mozilla-central 20230525234553-763f7f02601b.
The bug appears to have been introduced in the following build range:
Start: b73c33aa86e6f1f38549530aecd999c7827d380e (20230517144015)
End: 488a1a8b33a0c427f85d10224a2f8db913e22b16 (20230517175836)
Pushlog: https://hg.mozilla.org/integration/autoland/pushloghtml?fromchange=b73c33aa86e6f1f38549530aecd999c7827d380e&tochange=488a1a8b33a0c427f85d10224a2f8db913e22b16
Comment hidden (obsolete) |
Comment 9•1 year ago
|
||
(In reply to Takanori MATSUURA from comment #8)
Regressed by bug 1817997 or bug 1703812?
Ah, I missed the "Regressed-By" by tsmith.
Assignee | ||
Updated•1 year ago
|
Assignee | ||
Comment 10•1 year ago
|
||
Comment 11•1 year ago
|
||
Comment 12•1 year ago
|
||
bugherder |
Comment 13•1 year ago
|
||
Verified bug as fixed on rev mozilla-central 20230531214354-860d4ed91dff.
Removing bugmon keyword as no further action possible. Please review the bug and re-add the keyword for further analysis.
Description
•