Closed Bug 495129 Opened 15 years ago Closed 15 years ago

ogg crash [@ vorbis_synthesis] with attached file

Categories

(Core :: Audio/Video, defect)

Product:
Core
Component:
Audio/Video
Version:
1.9.1 Branch
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
VERIFIED FIXED
Milestone:
mozilla1.9.2a1

People

(Reporter: shaver, Assigned: cajbir)

References

(
URL
)

Details

(Keywords: crash, testcase, verified1.9.1)

Crash Data

Attachments

(4 files, 1 obsolete file)

crash on load in Firefox
119.34 KB, video/ogg
Details
liboggplay fixes
4.61 KB, patch
Details | Diff | Splinter Review
Fixes
4.27 KB, patch
roc
: review+
roc
: superreview+
Details | Diff | Splinter Review
Patch - add test
149.17 KB, patch
Details | Diff | Splinter Review 
      No description provided.
http://crash-stats.mozilla.com/report/index/f8ec0704-84c0-49ed-92e3-65fd82090527?p=1
0  	xul.dll  	vorbis_synthesis  	 media/libvorbis/lib/vorbis_synthesis.c:49
1 	xul.dll 	fs_vorbis_decode 	media/libfishsound/src/libfishsound/fishsound_vorbis.c:158
2 	xul.dll 	fish_sound_decode 	media/libfishsound/src/libfishsound/fishsound_decode.c:117
3 	xul.dll 	oggplay_callback_audio 	media/liboggplay/src/liboggplay/oggplay_callback.c:391
4 	xul.dll 	oggz_read_sync 	media/liboggz/src/liboggz/oggz_read.c:495
5 	xul.dll 	oggz_read 	media/liboggz/src/liboggz/oggz_read.c:592
6 	xul.dll 	oggplay_step_decoding 	media/liboggplay/src/liboggplay/oggplay.c:691
7 	xul.dll 	nsOggDecodeStateMachine::Run 	content/media/video/src/nsOggDecoder.cpp:1326
8 	xul.dll 	nsThread::ProcessNextEvent 	xpcom/threads/nsThread.cpp:510
9 	xul.dll 	NS_ProcessNextEvent_P 	obj-firefox/xpcom/build/nsThreadUtils.cpp:230
10 	xul.dll 	nsThread::ThreadFunc 	xpcom/threads/nsThread.cpp:254
11 	nspr4.dll 	_PR_NativeRunThread 	nsprpub/pr/src/threads/combined/pruthr.c:426
12 	nspr4.dll 	pr_root 	nsprpub/pr/src/md/windows/w95thred.c:122
13 	mozcrt19.dll 	_callthreadstartex 	obj-firefox/memory/jemalloc/crtsrc/threadex.c:348
14 	mozcrt19.dll 	_threadstartex 	obj-firefox/memory/jemalloc/crtsrc/threadex.c:326
15 	kernel32.dll 	kernel32.dll@0xb728 

The ogg file only seems to crash locally (not with the bugzilla url, at least).
Summary: ogg crash with attached file → ogg crash [@ vorbis_synthesis] with attached file
Related to bug 487519?
I have a fix for this. Preparing it now.
Attached patch liboggplay fixesSplinter Review 
Cherry picked fixes from liboggplay
Assignee: nobody → chris.double
Status: NEW → ASSIGNED

        Attachment #380031 -
        Flags: superreview?(roc)

        Attachment #380031 -
        Flags: review?(roc)

    
    

    
  
Comment on attachment 380031 [details] [diff] [review]
handle liboggplay error for bad input

+void nsOggDecodeStateMachine::HandleDecodeErrors(OggPlayErrorCode r)

aErrorCode?

    
  
Blocks: 493331

    
  
Blocks: 487519

    
    

    
  
Comment on attachment 380031 [details] [diff] [review]
handle liboggplay error for bad input

Patch has issue with non-broken content. Fixing.

        Attachment #380031 -
        Flags: superreview?(roc)

        Attachment #380031 -
        Flags: review?(roc)

    
  

        Attachment #380031 -
        Attachment is obsolete: true

    
    

    
  

      
      
      
      

        Attached patch
          
          
        FixesSplinter Review
      

    


  
Address review comment, fix playback of valid files.

        Attachment #380035 -
        Flags: superreview?(roc)

        Attachment #380035 -
        Flags: review?(roc)

        Attachment #380035 -
        Flags: superreview?(roc)

        Attachment #380035 -
        Flags: superreview+

        Attachment #380035 -
        Flags: review?(roc)

        Attachment #380035 -
        Flags: review+

    
    

    
  
http://hg.mozilla.org/mozilla-central/rev/95c878a87ccd
Status: ASSIGNED → RESOLVED
Closed: 15 years ago
Flags: blocking1.9.1+
Resolution: --- → FIXED

    
    

    
  
We need a crashtest here.
Flags: in-testsuite?

    
    

    
  
Follow-up bug for the crashtest filed as bug 495639; I think we should just get
this landed and not block outright on that test.
Whiteboard: [needs 191 landing]

    
    

    
  
Verified fixed on trunk and 1.9.1 with builds on all platforms like

Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.2a1pre) Gecko/20090604 Minefield/3.6a1pre ID:20090604031228

Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.1pre) Gecko/20090604 Shiretoko/3.5pre ID:20090604031153
Status: RESOLVED → VERIFIED
Keywords: fixed1.9.1verified1.9.1
OS: Mac OS X → All
Hardware: x86 → All
Target Milestone: --- → mozilla1.9.2a1

    
    

    
  

      
      
      
      

        Attached patch
          
          
        Patch - add testSplinter Review
      

    


  
Add testcase. Rebased on testcase patch for bug 501279.

    
    

    
  
Pushed patch for testcase to m-c:
http://hg.mozilla.org/mozilla-central/rev/3ce467cf8e0d
Flags: in-testsuite? → in-testsuite+

    
    

    
  
Chris, will those tests also be pushed to 1.9.1? And can we open this bug to
the public now?
Keywords: testcase

    
    

    
  
This was already fixed in 1.9.1, so it seems this bug can be made public. Also, I think the tests can be pushed to 1.9.1.

    
    

    
  
the test can't be directly pushed as 1.9.1 has a different test harness structure. It will need to be redone.
Crash Signature: [@ vorbis_synthesis]

    
    

    
  
Opening this up per comment 17. This issue has been resolved for long enough.
Group: core-security

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: