Closed
Bug 1835363
Opened 2 years ago
Closed 2 years ago
Assertion failure: aTime >= 0.0 (Cannot seek to a negative value.), at /dom/media/MediaDecoder.cpp:697
Categories
(Core :: Audio/Video, defect, P1)
Tracking
()
VERIFIED
FIXED
115 Branch
| Tracking | Status | |
|---|---|---|
| firefox-esr102 | --- | unaffected |
| firefox113 | --- | unaffected |
| firefox114 | --- | unaffected |
| firefox115 | + | verified |
People
(Reporter: jkratzer, Assigned: padenot)
References
(Blocks 1 open bug, Regression)
Details
(Keywords: pernosco, regression, testcase, Whiteboard: [bugmon:bisected,confirmed])
Attachments
(2 files)
Testcase found while fuzzing mozilla-central rev d49f009b89ad (built with: --enable-debug --enable-fuzzing).
Testcase can be reproduced using the following commands:
$ pip install fuzzfetch grizzly-framework
$ python -m fuzzfetch --build d49f009b89ad --debug --fuzzing -n firefox
$ python -m grizzly.replay ./firefox/firefox testcase.zip
Assertion failure: aTime >= 0.0 (Cannot seek to a negative value.), at /dom/media/MediaDecoder.cpp:697
==78895==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f1786c31dac bp 0x7ffd55ea0b50 sp 0x7ffd55ea0ae0 T78895)
==78895==The signal is caused by a WRITE memory access.
==78895==Hint: address points to the zero page.
#0 0x7f1786c31dac in mozilla::MediaDecoder::Seek(double, mozilla::SeekTarget::Type) /dom/media/MediaDecoder.cpp:697:3
#1 0x7f1786a80d56 in mozilla::dom::HTMLMediaElement::Seek(double, mozilla::SeekTarget::Type, mozilla::ErrorResult&) /dom/html/HTMLMediaElement.cpp:3282:13
#2 0x7f1786a89717 in SetCurrentTime /dom/html/HTMLMediaElement.cpp:3141:3
#3 0x7f1786a89717 in mozilla::dom::HTMLMediaElement::SetCurrentTime(double) /builds/worker/workspace/obj-build/dist/include/mozilla/dom/HTMLMediaElement.h:539:5
#4 0x7f1786a8d7cb in mozilla::dom::HTMLMediaElement::MetadataLoaded(mozilla::MediaInfo const*, mozilla::UniquePtr<nsBaseHashtable<nsCStringHashKey, nsTString<char>, nsTString<char>, nsDefaultConverter<nsTString<char>, nsTString<char>>> const, mozilla::DefaultDelete<nsBaseHashtable<nsCStringHashKey, nsTString<char>, nsTString<char>, nsDefaultConverter<nsTString<char>, nsTString<char>>> const>>) /dom/html/HTMLMediaElement.cpp:5436:5
#5 0x7f1786c33adb in mozilla::MediaDecoder::MetadataLoaded(mozilla::UniquePtr<mozilla::MediaInfo, mozilla::DefaultDelete<mozilla::MediaInfo>>, mozilla::UniquePtr<nsBaseHashtable<nsCStringHashKey, nsTString<char>, nsTString<char>, nsDefaultConverter<nsTString<char>, nsTString<char>>>, mozilla::DefaultDelete<nsBaseHashtable<nsCStringHashKey, nsTString<char>, nsTString<char>, nsDefaultConverter<nsTString<char>, nsTString<char>>>>>, mozilla::MediaDecoderEventVisibility) /dom/media/MediaDecoder.cpp:783:17
#6 0x7f1786b8db20 in mozilla::ChannelMediaDecoder::MetadataLoaded(mozilla::UniquePtr<mozilla::MediaInfo, mozilla::DefaultDelete<mozilla::MediaInfo>>, mozilla::UniquePtr<nsBaseHashtable<nsCStringHashKey, nsTString<char>, nsTString<char>, nsDefaultConverter<nsTString<char>, nsTString<char>>>, mozilla::DefaultDelete<nsBaseHashtable<nsCStringHashKey, nsTString<char>, nsTString<char>, nsDefaultConverter<nsTString<char>, nsTString<char>>>>>, mozilla::MediaDecoderEventVisibility) /dom/media/ChannelMediaDecoder.cpp:550:17
#7 0x7f1786cc956e in operator() /dom/media/MediaEventSource.h:404:7
#8 0x7f1786cc956e in std::enable_if<TakeArgs<mozilla::AbstractThread>::value, void>::type mozilla::detail::ListenerImpl<mozilla::AbstractThread, std::enable_if<TakeArgs<void (mozilla::MediaDecoder::*)(mozilla::UniquePtr<mozilla::MediaInfo, mozilla::DefaultDelete<mozilla::MediaInfo>>, mozilla::UniquePtr<nsBaseHashtable<nsCStringHashKey, nsTString<char>, nsTString<char>, nsDefaultConverter<nsTString<char>, nsTString<char>>>, mozilla::DefaultDelete<nsBaseHashtable<nsCStringHashKey, nsTString<char>, nsTString<char>, nsDefaultConverter<nsTString<char>, nsTString<char>>>>>, mozilla::MediaDecoderEventVisibility)>::value, mozilla::MediaEventListener>::type mozilla::MediaEventSourceImpl<(mozilla::ListenerPolicy)0, mozilla::UniquePtr<mozilla::MediaInfo, mozilla::DefaultDelete<mozilla::MediaInfo>>, mozilla::UniquePtr<nsBaseHashtable<nsCStringHashKey, nsTString<char>, nsTString<char>, nsDefaultConverter<nsTString<char>, nsTString<char>>>, mozilla::DefaultDelete<nsBaseHashtable<nsCStringHashKey, nsTString<char>, nsTString<char>, nsDefaultConverter<nsTString<char>, nsTString<char>>>>>, mozilla::MediaDecoderEventVisibility>::ConnectInternal<mozilla::AbstractThread, mozilla::MediaDecoder, void (mozilla::MediaDecoder::*)(mozilla::UniquePtr<mozilla::MediaInfo, mozilla::DefaultDelete<mozilla::MediaInfo>>, mozilla::UniquePtr<nsBaseHashtable<nsCStringHashKey, nsTString<char>, nsTString<char>, nsDefaultConverter<nsTString<char>, nsTString<char>>>, mozilla::DefaultDelete<nsBaseHashtable<nsCStringHashKey, nsTString<char>, nsTString<char>, nsDefaultConverter<nsTString<char>, nsTString<char>>>>>, mozilla::MediaDecoderEventVisibility)>(mozilla::AbstractThread*, mozilla::MediaDecoder*, void (mozilla::MediaDecoder::*)(mozilla::UniquePtr<mozilla::MediaInfo, mozilla::DefaultDelete<mozilla::MediaInfo>>, mozilla::UniquePtr<nsBaseHashtable<nsCStringHashKey, nsTString<char>, nsTString<char>, nsDefaultConverter<nsTString<char>, nsTString<char>>>, mozilla::DefaultDelete<nsBaseHashtable<nsCStringHashKey, nsTString<char>, nsTString<char>, nsDefaultConverter<nsTString<char>, nsTString<char>>>>>, mozilla::MediaDecoderEventVisibility))::'lambda'(mozilla::UniquePtr<mozilla::MediaInfo, mozilla::DefaultDelete<mozilla::MediaInfo>>&&, mozilla::UniquePtr<nsBaseHashtable<nsCStringHashKey, nsTString<char>, nsTString<char>, nsDefaultConverter<nsTString<char>, nsTString<char>>>, mozilla::DefaultDelete<nsBaseHashtable<nsCStringHashKey, nsTString<char>, nsTString<char>, nsDefaultConverter<nsTString<char>, nsTString<char>>>>>&&, mozilla::MediaDecoderEventVisibility&&), mozilla::UniquePtr<mozilla::MediaInfo, mozilla::DefaultDelete<mozilla::MediaInfo>>, mozilla::UniquePtr<nsBaseHashtable<nsCStringHashKey, nsTString<char>, nsTString<char>, nsDefaultConverter<nsTString<char>, nsTString<char>>>, mozilla::DefaultDelete<nsBaseHashtable<nsCStringHashKey, nsTString<char>, nsTString<char>, nsDefaultConverter<nsTString<char>, nsTString<char>>>>>, mozilla::MediaDecoderEventVisibility>::ApplyWithArgsImpl<std::enable_if<TakeArgs<void (mozilla::MediaDecoder::*)(mozilla::UniquePtr<mozilla::MediaInfo, mozilla::DefaultDelete<mozilla::MediaInfo>>, mozilla::UniquePtr<nsBaseHashtable<nsCStringHashKey, nsTString<char>, nsTString<char>, nsDefaultConverter<nsTString<char>, nsTString<char>>>, mozilla::DefaultDelete<nsBaseHashtable<nsCStringHashKey, nsTString<char>, nsTString<char>, nsDefaultConverter<nsTString<char>, nsTString<char>>>>>, mozilla::MediaDecoderEventVisibility)>::value, mozilla::MediaEventListener>::type mozilla::MediaEventSourceImpl<(mozilla::ListenerPolicy)0, mozilla::UniquePtr<mozilla::MediaInfo, mozilla::DefaultDelete<mozilla::MediaInfo>>, mozilla::UniquePtr<nsBaseHashtable<nsCStringHashKey, nsTString<char>, nsTString<char>, nsDefaultConverter<nsTString<char>, nsTString<char>>>, mozilla::DefaultDelete<nsBaseHashtable<nsCStringHashKey, nsTString<char>, nsTString<char>, nsDefaultConverter<nsTString<char>, nsTString<char>>>>>, mozilla::MediaDecoderEventVisibility>::ConnectInternal<mozilla::AbstractThread, mozilla::MediaDecoder, void (mozilla::MediaDecoder::*)(mozilla::UniquePtr<mozilla::MediaInfo, mozilla::DefaultDelete<mozilla::MediaInfo>>, mozilla::UniquePtr<nsBaseHashtable<nsCStringHashKey, nsTString<char>, nsTString<char>, nsDefaultConverter<nsTString<char>, nsTString<char>>>, mozilla::DefaultDelete<nsBaseHashtable<nsCStringHashKey, nsTString<char>, nsTString<char>, nsDefaultConverter<nsTString<char>, nsTString<char>>>>>, mozilla::MediaDecoderEventVisibility)>(mozilla::AbstractThread*, mozilla::MediaDecoder*, void (mozilla::MediaDecoder::*)(mozilla::UniquePtr<mozilla::MediaInfo, mozilla::DefaultDelete<mozilla::MediaInfo>>, mozilla::UniquePtr<nsBaseHashtable<nsCStringHashKey, nsTString<char>, nsTString<char>, nsDefaultConverter<nsTString<char>, nsTString<char>>>, mozilla::DefaultDelete<nsBaseHashtable<nsCStringHashKey, nsTString<char>, nsTString<char>, nsDefaultConverter<nsTString<char>, nsTString<char>>>>>, mozilla::MediaDecoderEventVisibility))::'lambda'(mozilla::UniquePtr<mozilla::MediaInfo, mozilla::DefaultDelete<mozilla::MediaInfo>>&&, mozilla::UniquePtr<nsBaseHashtable<nsCStringHashKey, nsTString<char>, nsTString<char>, nsDefaultConverter<nsTString<char>, nsTString<char>>>, mozilla::DefaultDelete<nsBaseHashtable<nsCStringHashKey, nsTString<char>, nsTString<char>, nsDefaultConverter<nsTString<char>, nsTString<char>>>>>&&, mozilla::MediaDecoderEventVisibility&&)>(mozilla::AbstractThread*, mozilla::AbstractThread const&, mozilla::UniquePtr<mozilla::MediaInfo, mozilla::DefaultDelete<mozilla::MediaInfo>>&&, mozilla::UniquePtr<nsBaseHashtable<nsCStringHashKey, nsTString<char>, nsTString<char>, nsDefaultConverter<nsTString<char>, nsTString<char>>>, mozilla::DefaultDelete<nsBaseHashtable<nsCStringHashKey, nsTString<char>, nsTString<char>, nsDefaultConverter<nsTString<char>, nsTString<char>>>>>&&, mozilla::MediaDecoderEventVisibility&&) /dom/media/MediaEventSource.h:214:5
#9 0x7f1786cc8ee9 in mozilla::detail::ListenerImpl<mozilla::AbstractThread, std::enable_if<TakeArgs<void (mozilla::MediaDecoder::*)(mozilla::UniquePtr<mozilla::MediaInfo, mozilla::DefaultDelete<mozilla::MediaInfo>>, mozilla::UniquePtr<nsBaseHashtable<nsCStringHashKey, nsTString<char>, nsTString<char>, nsDefaultConverter<nsTString<char>, nsTString<char>>>, mozilla::DefaultDelete<nsBaseHashtable<nsCStringHashKey, nsTString<char>, nsTString<char>, nsDefaultConverter<nsTString<char>, nsTString<char>>>>>, mozilla::MediaDecoderEventVisibility)>::value, mozilla::MediaEventListener>::type mozilla::MediaEventSourceImpl<(mozilla::ListenerPolicy)0, mozilla::UniquePtr<mozilla::MediaInfo, mozilla::DefaultDelete<mozilla::MediaInfo>>, mozilla::UniquePtr<nsBaseHashtable<nsCStringHashKey, nsTString<char>, nsTString<char>, nsDefaultConverter<nsTString<char>, nsTString<char>>>, mozilla::DefaultDelete<nsBaseHashtable<nsCStringHashKey, nsTString<char>, nsTString<char>, nsDefaultConverter<nsTString<char>, nsTString<char>>>>>, mozilla::MediaDecoderEventVisibility>::ConnectInternal<mozilla::AbstractThread, mozilla::MediaDecoder, void (mozilla::MediaDecoder::*)(mozilla::UniquePtr<mozilla::MediaInfo, mozilla::DefaultDelete<mozilla::MediaInfo>>, mozilla::UniquePtr<nsBaseHashtable<nsCStringHashKey, nsTString<char>, nsTString<char>, nsDefaultConverter<nsTString<char>, nsTString<char>>>, mozilla::DefaultDelete<nsBaseHashtable<nsCStringHashKey, nsTString<char>, nsTString<char>, nsDefaultConverter<nsTString<char>, nsTString<char>>>>>, mozilla::MediaDecoderEventVisibility)>(mozilla::AbstractThread*, mozilla::MediaDecoder*, void (mozilla::MediaDecoder::*)(mozilla::UniquePtr<mozilla::MediaInfo, mozilla::DefaultDelete<mozilla::MediaInfo>>, mozilla::UniquePtr<nsBaseHashtable<nsCStringHashKey, nsTString<char>, nsTString<char>, nsDefaultConverter<nsTString<char>, nsTString<char>>>, mozilla::DefaultDelete<nsBaseHashtable<nsCStringHashKey, nsTString<char>, nsTString<char>, nsDefaultConverter<nsTString<char>, nsTString<char>>>>>, mozilla::MediaDecoderEventVisibility))::'lambda'(mozilla::UniquePtr<mozilla::MediaInfo, mozilla::DefaultDelete<mozilla::MediaInfo>>&&, mozilla::UniquePtr<nsBaseHashtable<nsCStringHashKey, nsTString<char>, nsTString<char>, nsDefaultConverter<nsTString<char>, nsTString<char>>>, mozilla::DefaultDelete<nsBaseHashtable<nsCStringHashKey, nsTString<char>, nsTString<char>, nsDefaultConverter<nsTString<char>, nsTString<char>>>>>&&, mozilla::MediaDecoderEventVisibility&&), mozilla::UniquePtr<mozilla::MediaInfo, mozilla::DefaultDelete<mozilla::MediaInfo>>, mozilla::UniquePtr<nsBaseHashtable<nsCStringHashKey, nsTString<char>, nsTString<char>, nsDefaultConverter<nsTString<char>, nsTString<char>>>, mozilla::DefaultDelete<nsBaseHashtable<nsCStringHashKey, nsTString<char>, nsTString<char>, nsDefaultConverter<nsTString<char>, nsTString<char>>>>>, mozilla::MediaDecoderEventVisibility>::ApplyWithArgs(mozilla::UniquePtr<mozilla::MediaInfo, mozilla::DefaultDelete<mozilla::MediaInfo>>&&, mozilla::UniquePtr<nsBaseHashtable<nsCStringHashKey, nsTString<char>, nsTString<char>, nsDefaultConverter<nsTString<char>, nsTString<char>>>, mozilla::DefaultDelete<nsBaseHashtable<nsCStringHashKey, nsTString<char>, nsTString<char>, nsDefaultConverter<nsTString<char>, nsTString<char>>>>>&&, mozilla::MediaDecoderEventVisibility&&) /dom/media/MediaEventSource.h:236:5
#10 0x7f1786cfcf28 in operator()<StoreCopyPassByRRef<mozilla::UniquePtr<mozilla::MediaInfo, mozilla::DefaultDelete<mozilla::MediaInfo> > > &, StoreCopyPassByRRef<mozilla::UniquePtr<nsBaseHashtable<nsCStringHashKey, nsTString<char>, nsTString<char>, nsDefaultConverter<nsTString<char>, nsTString<char> > >, mozilla::DefaultDelete<nsBaseHashtable<nsCStringHashKey, nsTString<char>, nsTString<char>, nsDefaultConverter<nsTString<char>, nsTString<char> > > > > > &, StoreCopyPassByRRef<mozilla::MediaDecoderEventVisibility> &> /builds/worker/workspace/obj-build/dist/include/nsThreadUtils.h:1164:18
#11 0x7f1786cfcf28 in __invoke_impl<void, (lambda at /builds/worker/workspace/obj-build/dist/include/nsThreadUtils.h:1163:9), StoreCopyPassByRRef<mozilla::UniquePtr<mozilla::MediaInfo, mozilla::DefaultDelete<mozilla::MediaInfo> > > &, StoreCopyPassByRRef<mozilla::UniquePtr<nsBaseHashtable<nsCStringHashKey, nsTString<char>, nsTString<char>, nsDefaultConverter<nsTString<char>, nsTString<char> > >, mozilla::DefaultDelete<nsBaseHashtable<nsCStringHashKey, nsTString<char>, nsTString<char>, nsDefaultConverter<nsTString<char>, nsTString<char> > > > > > &, StoreCopyPassByRRef<mozilla::MediaDecoderEventVisibility> &> /builds/worker/fetches/sysroot-x86_64-linux-gnu/usr/lib/gcc/x86_64-linux-gnu/7/../../../../include/c++/7/bits/invoke.h:60:14
#12 0x7f1786cfcf28 in __invoke<(lambda at /builds/worker/workspace/obj-build/dist/include/nsThreadUtils.h:1163:9), StoreCopyPassByRRef<mozilla::UniquePtr<mozilla::MediaInfo, mozilla::DefaultDelete<mozilla::MediaInfo> > > &, StoreCopyPassByRRef<mozilla::UniquePtr<nsBaseHashtable<nsCStringHashKey, nsTString<char>, nsTString<char>, nsDefaultConverter<nsTString<char>, nsTString<char> > >, mozilla::DefaultDelete<nsBaseHashtable<nsCStringHashKey, nsTString<char>, nsTString<char>, nsDefaultConverter<nsTString<char>, nsTString<char> > > > > > &, StoreCopyPassByRRef<mozilla::MediaDecoderEventVisibility> &> /builds/worker/fetches/sysroot-x86_64-linux-gnu/usr/lib/gcc/x86_64-linux-gnu/7/../../../../include/c++/7/bits/invoke.h:95:14
#13 0x7f1786cfcf28 in __apply_impl<(lambda at /builds/worker/workspace/obj-build/dist/include/nsThreadUtils.h:1163:9), std::tuple<StoreCopyPassByRRef<mozilla::UniquePtr<mozilla::MediaInfo, mozilla::DefaultDelete<mozilla::MediaInfo> > >, StoreCopyPassByRRef<mozilla::UniquePtr<nsBaseHashtable<nsCStringHashKey, nsTString<char>, nsTString<char>, nsDefaultConverter<nsTString<char>, nsTString<char> > >, mozilla::DefaultDelete<nsBaseHashtable<nsCStringHashKey, nsTString<char>, nsTString<char>, nsDefaultConverter<nsTString<char>, nsTString<char> > > > > >, StoreCopyPassByRRef<mozilla::MediaDecoderEventVisibility> > &, 0UL, 1UL, 2UL> /builds/worker/fetches/sysroot-x86_64-linux-gnu/usr/lib/gcc/x86_64-linux-gnu/7/../../../../include/c++/7/tuple:1662:14
#14 0x7f1786cfcf28 in apply<(lambda at /builds/worker/workspace/obj-build/dist/include/nsThreadUtils.h:1163:9), std::tuple<StoreCopyPassByRRef<mozilla::UniquePtr<mozilla::MediaInfo, mozilla::DefaultDelete<mozilla::MediaInfo> > >, StoreCopyPassByRRef<mozilla::UniquePtr<nsBaseHashtable<nsCStringHashKey, nsTString<char>, nsTString<char>, nsDefaultConverter<nsTString<char>, nsTString<char> > >, mozilla::DefaultDelete<nsBaseHashtable<nsCStringHashKey, nsTString<char>, nsTString<char>, nsDefaultConverter<nsTString<char>, nsTString<char> > > > > >, StoreCopyPassByRRef<mozilla::MediaDecoderEventVisibility> > &> /builds/worker/fetches/sysroot-x86_64-linux-gnu/usr/lib/gcc/x86_64-linux-gnu/7/../../../../include/c++/7/tuple:1671:14
#15 0x7f1786cfcf28 in apply<mozilla::detail::Listener<mozilla::UniquePtr<mozilla::MediaInfo, mozilla::DefaultDelete<mozilla::MediaInfo> >, mozilla::UniquePtr<nsBaseHashtable<nsCStringHashKey, nsTString<char>, nsTString<char>, nsDefaultConverter<nsTString<char>, nsTString<char> > >, mozilla::DefaultDelete<nsBaseHashtable<nsCStringHashKey, nsTString<char>, nsTString<char>, nsDefaultConverter<nsTString<char>, nsTString<char> > > > >, mozilla::MediaDecoderEventVisibility>, void (mozilla::detail::Listener<mozilla::UniquePtr<mozilla::MediaInfo, mozilla::DefaultDelete<mozilla::MediaInfo> >, mozilla::UniquePtr<nsBaseHashtable<nsCStringHashKey, nsTString<char>, nsTString<char>, nsDefaultConverter<nsTString<char>, nsTString<char> > >, mozilla::DefaultDelete<nsBaseHashtable<nsCStringHashKey, nsTString<char>, nsTString<char>, nsDefaultConverter<nsTString<char>, nsTString<char> > > > >, mozilla::MediaDecoderEventVisibility>::*)(mozilla::UniquePtr<mozilla::MediaInfo, mozilla::DefaultDelete<mozilla::MediaInfo> > &&, mozilla::UniquePtr<nsBaseHashtable<nsCStringHashKey, nsTString<char>, nsTString<char>, nsDefaultConverter<nsTString<char>, nsTString<char> > >, mozilla::DefaultDelete<nsBaseHashtable<nsCStringHashKey, nsTString<char>, nsTString<char>, nsDefaultConverter<nsTString<char>, nsTString<char> > > > > &&, mozilla::MediaDecoderEventVisibility &&)> /builds/worker/workspace/obj-build/dist/include/nsThreadUtils.h:1162:12
#16 0x7f1786cfcf28 in mozilla::detail::RunnableMethodImpl<mozilla::detail::Listener<mozilla::UniquePtr<mozilla::MediaInfo, mozilla::DefaultDelete<mozilla::MediaInfo>>, mozilla::UniquePtr<nsBaseHashtable<nsCStringHashKey, nsTString<char>, nsTString<char>, nsDefaultConverter<nsTString<char>, nsTString<char>>>, mozilla::DefaultDelete<nsBaseHashtable<nsCStringHashKey, nsTString<char>, nsTString<char>, nsDefaultConverter<nsTString<char>, nsTString<char>>>>>, mozilla::MediaDecoderEventVisibility>*, void (mozilla::detail::Listener<mozilla::UniquePtr<mozilla::MediaInfo, mozilla::DefaultDelete<mozilla::MediaInfo>>, mozilla::UniquePtr<nsBaseHashtable<nsCStringHashKey, nsTString<char>, nsTString<char>, nsDefaultConverter<nsTString<char>, nsTString<char>>>, mozilla::DefaultDelete<nsBaseHashtable<nsCStringHashKey, nsTString<char>, nsTString<char>, nsDefaultConverter<nsTString<char>, nsTString<char>>>>>, mozilla::MediaDecoderEventVisibility>::*)(mozilla::UniquePtr<mozilla::MediaInfo, mozilla::DefaultDelete<mozilla::MediaInfo>>&&, mozilla::UniquePtr<nsBaseHashtable<nsCStringHashKey, nsTString<char>, nsTString<char>, nsDefaultConverter<nsTString<char>, nsTString<char>>>, mozilla::DefaultDelete<nsBaseHashtable<nsCStringHashKey, nsTString<char>, nsTString<char>, nsDefaultConverter<nsTString<char>, nsTString<char>>>>>&&, mozilla::MediaDecoderEventVisibility&&), true, (mozilla::RunnableKind)0, mozilla::UniquePtr<mozilla::MediaInfo, mozilla::DefaultDelete<mozilla::MediaInfo>>&&, mozilla::UniquePtr<nsBaseHashtable<nsCStringHashKey, nsTString<char>, nsTString<char>, nsDefaultConverter<nsTString<char>, nsTString<char>>>, mozilla::DefaultDelete<nsBaseHashtable<nsCStringHashKey, nsTString<char>, nsTString<char>, nsDefaultConverter<nsTString<char>, nsTString<char>>>>>&&, mozilla::MediaDecoderEventVisibility&&>::Run() /builds/worker/workspace/obj-build/dist/include/nsThreadUtils.h:1213:13
#17 0x7f1782f6597f in mozilla::AutoTaskDispatcher::TaskGroupRunnable::Run() /builds/worker/workspace/obj-build/dist/include/mozilla/TaskDispatcher.h:230:35
#18 0x7f1782f64557 in mozilla::XPCOMThreadWrapper::Runner::Run() /xpcom/threads/AbstractThread.cpp:208:25
#19 0x7f1782f64317 in mozilla::RunnableTask::Run() /xpcom/threads/TaskController.cpp:555:16
#20 0x7f1782f5f51a in mozilla::TaskController::DoExecuteNextTaskOnlyMainThreadInternal(mozilla::detail::BaseAutoLock<mozilla::Mutex&> const&) /xpcom/threads/TaskController.cpp:879:26
#21 0x7f1782f5dff7 in mozilla::TaskController::ExecuteNextTaskOnlyMainThreadInternal(mozilla::detail::BaseAutoLock<mozilla::Mutex&> const&) /xpcom/threads/TaskController.cpp:702:15
#22 0x7f1782f5e375 in mozilla::TaskController::ProcessPendingMTTask(bool) /xpcom/threads/TaskController.cpp:491:36
#23 0x7f1782f678c6 in operator() /xpcom/threads/TaskController.cpp:218:37
#24 0x7f1782f678c6 in mozilla::detail::RunnableFunction<mozilla::TaskController::TaskController()::$_0>::Run() /xpcom/threads/nsThreadUtils.h:548:5
#25 0x7f1782f7dc5a in nsThread::ProcessNextEvent(bool, bool*) /xpcom/threads/nsThread.cpp:1240:16
#26 0x7f1782f8427d in NS_ProcessNextEvent(nsIThread*, bool) /xpcom/threads/nsThreadUtils.cpp:479:10
#27 0x7f1783bcfde5 in mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) /ipc/glue/MessagePump.cpp:85:21
#28 0x7f1783af1751 in RunHandler /ipc/chromium/src/base/message_loop.cc:361:3
#29 0x7f1783af1751 in MessageLoop::Run() /ipc/chromium/src/base/message_loop.cc:343:3
#30 0x7f1788257758 in nsBaseAppShell::Run() /widget/nsBaseAppShell.cpp:148:27
#31 0x7f178a4ac3cb in XRE_RunAppShell() /toolkit/xre/nsEmbedFunctions.cpp:724:20
#32 0x7f1783bd0c96 in mozilla::ipc::MessagePumpForChildProcess::Run(base::MessagePump::Delegate*) /ipc/glue/MessagePump.cpp:235:9
#33 0x7f1783af1751 in RunHandler /ipc/chromium/src/base/message_loop.cc:361:3
#34 0x7f1783af1751 in MessageLoop::Run() /ipc/chromium/src/base/message_loop.cc:343:3
#35 0x7f178a4abc92 in XRE_InitChildProcess(int, char**, XREChildData const*) /toolkit/xre/nsEmbedFunctions.cpp:659:34
#36 0x56228b0807a6 in content_process_main /browser/app/../../ipc/contentproc/plugin-container.cpp:57:28
#37 0x56228b0807a6 in main /browser/app/nsBrowserApp.cpp:375:18
#38 0x7f1797029d8f in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
#39 0x7f1797029e3f in __libc_start_main csu/../csu/libc-start.c:392:3
#40 0x56228b057a28 in _start (/home/jkratzer/builds/m-c-20230526040655-fuzzing-debug/firefox-bin+0x58a28) (BuildId: 088286da3f865fe4abd3877a445ec08e07fcc006)
UndefinedBehaviorSanitizer can not provide additional info.
SUMMARY: UndefinedBehaviorSanitizer: SEGV /dom/media/MediaDecoder.cpp:697:3 in mozilla::MediaDecoder::Seek(double, mozilla::SeekTarget::Type)
==78895==ABORTING
|
Reporter | |
Comment 1•2 years ago
|
||
|
||
Comment 2•2 years ago
|
||
Verified bug as reproducible on mozilla-central 20230526215433-fc6056442a0f.
The bug appears to have been introduced in the following build range:
Start: 9fa4a7ae19238256fcd261c727ad2b08c6f1a4fd (20230524162134)
End: 6a96bb1f430f92b83cc31f74db4e4c1f71e155e5 (20230524133440)
Pushlog: https://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=9fa4a7ae19238256fcd261c727ad2b08c6f1a4fd&tochange=6a96bb1f430f92b83cc31f74db4e4c1f71e155e5
Keywords: regression
Whiteboard: [bugmon:confirm] → [bugmon:bisected,confirmed]
|
||
Comment 3•2 years ago
|
||
This bug has been marked as a regression. Setting status flag for Nightly to affected.
status-firefox115:
--- → affected
|
||
Updated•2 years ago
|
status-firefox113:
--- → unaffected
status-firefox114:
--- → unaffected
status-firefox-esr102:
--- → unaffected
Regressed by: 1817997
|
|
||
Comment 4•2 years ago
|
||
:padenot, since you are the author of the regressor, bug 1817997, could you take a look? Also, could you set the severity field?
For more information, please visit BugBot documentation.
Flags: needinfo?(padenot)
|
Assignee | |
Updated•2 years ago
|
Assignee: nobody → padenot
Severity: -- → S2
Flags: needinfo?(padenot)
Priority: -- → P1
|
|
Assignee | |
Updated•2 years ago
|
Keywords: pernosco-wanted
|
|
Assignee | |
Comment 5•2 years ago
|
||
This one I can't reproduce, maybe the infra will be luckier than me.
|
|
||
Comment 6•2 years ago
|
||
Successfully recorded a pernosco session. A link to the pernosco session will be added here shortly.
Keywords: pernosco-wanted → pernosco
|
|
||
Updated•2 years ago
|
tracking-firefox115:
--- → +
|
|
Assignee | |
Comment 8•2 years ago
|
||
Pushed by padenot@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/5125278fa1d7
Consistently return a positive range for HTMLMediaElement.seekable. r=media-playback-reviewers,kinetik
|
||
Comment 10•2 years ago
|
||
| bugherder | ||
Status: NEW → RESOLVED
Closed: 2 years ago
Resolution: --- → FIXED
Target Milestone: --- → 115 Branch
|
|
||
Comment 11•2 years ago
|
||
Verified bug as fixed on rev mozilla-central 20230531214354-860d4ed91dff.
Removing bugmon keyword as no further action possible. Please review the bug and re-add the keyword for further analysis.
|
||
Comment 12•2 years ago
|
||
This assertion failure would have been triggered because mFirstDemuxedSampleTime is set with a time now clamped to be >= 0, so the raw MediaFormatReader::mBuffered intervals are no longer adjusted by a negative first sample time.
You need to log in
before you can comment on or make changes to this bug.
Description
•