Closed
Bug 452262
Opened 16 years ago
Closed 16 years ago
Crash [@ nsOggDecoder::Stop]
Categories
(Core :: Audio/Video, defect)
Tracking
()
RESOLVED
FIXED
People
(Reporter: smaug, Assigned: smaug)
Details
(Whiteboard: [sg:critical?] new in 1.9.1)
Attachments
(3 files)
|
469 bytes,
text/html
|
Details | |
|
810 bytes,
text/html
|
Details | |
|
671 bytes,
patch
|
cajbir
:
review+
roc
:
superreview+
|
Details | Diff | Splinter Review |
I was trying to write a crasher testcase for nsHTMLMediaElement::BindToTree/UnbindFromTree (because those may, I think,
dispatch events synchronously), but I found this crasher.
#0 0x00110402 in __kernel_vsyscall ()
#1 0x00a5a116 in nanosleep () from /lib/libc.so.6
#2 0x00a59f3f in sleep () from /lib/libc.so.6
#3 0x00139333 in ah_crap_handler (signum=6) at nsSigHandlers.cpp:149
#4 0x0014aba8 in nsProfileLock::FatalSignalHandler (signo=6) at nsProfileLock.cpp:216
#5 <signal handler called>
#6 0x00110402 in __kernel_vsyscall ()
#7 0x009f2fa0 in raise () from /lib/libc.so.6
#8 0x009f48b1 in abort () from /lib/libc.so.6
#9 0x00354fb8 in PR_Assert (s=0x37cadb "PR_TRUE == cvar->lock->locked",
file=0x37c864 "/home/smaug/mozilla/mozilla_cvs/hg/mozilla/nsprpub/pr/src/pthreads/ptsynch.c", ln=302)
at /home/smaug/mozilla/mozilla_cvs/hg/mozilla/nsprpub/pr/src/io/prlog.c:577
#10 0x0036a1b4 in pt_PostNotifyToCvar (cvar=0xb08ff540, broadcast=1)
at /home/smaug/mozilla/mozilla_cvs/hg/mozilla/nsprpub/pr/src/pthreads/ptsynch.c:302
#11 0x0036a44a in PR_NotifyAllCondVar (cvar=0xb08ff540)
at /home/smaug/mozilla/mozilla_cvs/hg/mozilla/nsprpub/pr/src/pthreads/ptsynch.c:440
#12 0x01db6fd2 in nsOggDecoder::Stop (this=0xb0ab7420)
at /home/smaug/mozilla/mozilla_cvs/hg/mozilla/content/media/video/src/nsOggDecoder.cpp:510
#13 0x01c3d3b7 in ~nsHTMLMediaElement (this=0xb08ff180)
at /home/smaug/mozilla/mozilla_cvs/hg/mozilla/content/html/content/src/nsHTMLMediaElement.cpp:412
#14 0x01c3ea68 in nsHTMLVideoElement::~nsHTMLVideoElement$delete ()
at ../../../dist/include/xpcom/nsAutoPtr.h:923
#15 0x01b81d7f in nsNodeUtils::LastRelease (aNode=0xb08ff180)
at /home/smaug/mozilla/mozilla_cvs/hg/mozilla/content/base/src/nsNodeUtils.cpp:245
#16 0x01b65936 in nsGenericElement::Release (this=0xb08ff180)
at /home/smaug/mozilla/mozilla_cvs/hg/mozilla/content/base/src/nsGenericElement.cpp:4134
#17 0x01c3ee2d in nsHTMLVideoElement::Release (this=0xb08ff180)
at /home/smaug/mozilla/mozilla_cvs/hg/mozilla/content/html/content/src/nsHTMLVideoElement.cpp:74
#18 0x00f8edd0 in XPCJSRuntime::GCCallback (cx=0xb7c32420, status=JSGC_END)
at /home/smaug/mozilla/mozilla_cvs/hg/mozilla/js/src/xpconnect/src/xpcjsruntime.cpp:818
#19 0x01d0a9e4 in DOMGCCallback (cx=0xb7c32420, status=JSGC_END)
at /home/smaug/mozilla/mozilla_cvs/hg/mozilla/dom/src/base/nsJSEnvironment.cpp:3554
#20 0x00f6c1e0 in XPCCycleCollectGCCallback (cx=0xb7c32420, status=JSGC_END)
at /home/smaug/mozilla/mozilla_cvs/hg/mozilla/js/src/xpconnect/src/nsXPConnect.cpp:458
#21 0x001aaa28 in js_GC (cx=0xb7c32420, gckind=GC_NORMAL)
at /home/smaug/mozilla/mozilla_cvs/hg/mozilla/js/src/jsgc.cpp:3619
#22 0x00179532 in JS_GC (cx=0xb7c32420) at /home/smaug/mozilla/mozilla_cvs/hg/mozilla/js/src/jsapi.cpp:2517
#23 0x00f6d616 in nsXPConnect::Collect (this=0xb7b3d460)
at /home/smaug/mozilla/mozilla_cvs/hg/mozilla/js/src/xpconnect/src/nsXPConnect.cpp:529
#24 0x0030e2c4 in nsCycleCollector::Collect (this=0xb7cb5000, aTryCollections=1)
at /home/smaug/mozilla/mozilla_cvs/hg/mozilla/xpcom/base/nsCycleCollector.cpp:2256
#25 0x0030e386 in nsCycleCollector_collect ()
at /home/smaug/mozilla/mozilla_cvs/hg/mozilla/xpcom/base/nsCycleCollector.cpp:2904
#26 0x01d0ab84 in nsJSContext::CC ()
at /home/smaug/mozilla/mozilla_cvs/hg/mozilla/dom/src/base/nsJSEnvironment.cpp:3383
#27 0x01d0ad5e in nsJSContext::CCIfUserInactive ()
at /home/smaug/mozilla/mozilla_cvs/hg/mozilla/dom/src/base/nsJSEnvironment.cpp:3453
#28 0x01d0af16 in nsJSContext::Notify (this=0xb61a63c0, timer=0x94724b80)
at /home/smaug/mozilla/mozilla_cvs/hg/mozilla/dom/src/base/nsJSEnvironment.cpp:3475
#29 0x00301132 in nsTimerImpl::Fire (this=0x94724b80)
at /home/smaug/mozilla/mozilla_cvs/hg/mozilla/xpcom/threads/nsTimerImpl.cpp:423
#30 0x00301c69 in nsTimerEvent::Run (this=0x947b6620)
at /home/smaug/mozilla/mozilla_cvs/hg/mozilla/xpcom/threads/nsTimerImpl.cpp:512
#31 0x002fd393 in nsThread::ProcessNextEvent (this=0xb7c5b920, mayWait=1, result=0xbf8327d0)
at /home/smaug/mozilla/mozilla_cvs/hg/mozilla/xpcom/threads/nsThread.cpp:510
#32 0x002b2bab in NS_ProcessNextEvent_P (thread=0x272f, mayWait=1) at nsThreadUtils.cpp:227
#33 0x074662b4 in nsBaseAppShell::Run (this=0xb7b9f1f0)
at /home/smaug/mozilla/mozilla_cvs/hg/mozilla/widget/src/xpwidgets/nsBaseAppShell.cpp:170
#34 0x02948cd1 in nsAppStartup::Run (this=0xb7be9640)
at /home/smaug/mozilla/mozilla_cvs/hg/mozilla/toolkit/components/startup/src/nsAppStartup.cpp:181
#35 0x0013e5cf in XRE_main (argc=3, argv=0xbf832fd4, aAppData=0xb7c0e380)
at /home/smaug/mozilla/mozilla_cvs/hg/mozilla/toolkit/xre/nsAppRunner.cpp:3209
#36 0x08048b87 in main (argc=3, argv=0x0)
at /home/smaug/mozilla/mozilla_cvs/hg/mozilla/browser/app/nsBrowserApp.cpp:158Flags: blocking1.9.1?
|
Assignee | |
Comment 1•16 years ago
|
||
The testcase needs to be run locally.
|
|
Assignee | |
Comment 2•16 years ago
|
||
This does seem to crash in the same place
|
|
Assignee | |
Updated•16 years ago
|
Assignee: nobody → Olli.Pettay
|
|
Assignee | |
Comment 3•16 years ago
|
||
Attachment #335562 -
Flags: superreview?(roc)
Attachment #335562 -
Flags: review?(chris.double)
|
|
Assignee | |
Comment 4•16 years ago
|
||
(and at least UnbindFromTree is safe)
Attachment #335562 -
Flags: superreview?(roc) → superreview+
|
||
Updated•16 years ago
|
Attachment #335562 -
Flags: review?(chris.double) → review+
|
|
Assignee | |
Updated•16 years ago
|
Status: NEW → RESOLVED
Closed: 16 years ago
Resolution: --- → FIXED
|
|
Assignee | |
Updated•16 years ago
|
Flags: blocking1.9.1?
|
||
Updated•15 years ago
|
Flags: wanted1.9.0.x-
Flags: wanted1.8.1.x-
Whiteboard: [sg:critical?] new in 1.9.1
|
|
||
Updated•15 years ago
|
Group: core-security
You need to log in
before you can comment on or make changes to this bug.
Description
•