ogg crash [@ vorbis_synthesis] with attached file

VERIFIED FIXED in mozilla1.9.2a1

Status

()

Core
Audio/Video
--
critical
VERIFIED FIXED
9 years ago
6 years ago

People

(Reporter: shaver, Assigned: cajbir)

Tracking

({crash, testcase, verified1.9.1})

1.9.1 Branch
mozilla1.9.2a1
crash, testcase, verified1.9.1
Points:
---
Dependency tree / graph
Bug Flags:
blocking1.9.1 +
in-testsuite +

Firefox Tracking Flags

(Not tracked)

Details

(crash signature, URL)

Attachments

(4 attachments, 1 obsolete attachment)

http://crash-stats.mozilla.com/report/index/f8ec0704-84c0-49ed-92e3-65fd82090527?p=1
0  	xul.dll  	vorbis_synthesis  	 media/libvorbis/lib/vorbis_synthesis.c:49
1 	xul.dll 	fs_vorbis_decode 	media/libfishsound/src/libfishsound/fishsound_vorbis.c:158
2 	xul.dll 	fish_sound_decode 	media/libfishsound/src/libfishsound/fishsound_decode.c:117
3 	xul.dll 	oggplay_callback_audio 	media/liboggplay/src/liboggplay/oggplay_callback.c:391
4 	xul.dll 	oggz_read_sync 	media/liboggz/src/liboggz/oggz_read.c:495
5 	xul.dll 	oggz_read 	media/liboggz/src/liboggz/oggz_read.c:592
6 	xul.dll 	oggplay_step_decoding 	media/liboggplay/src/liboggplay/oggplay.c:691
7 	xul.dll 	nsOggDecodeStateMachine::Run 	content/media/video/src/nsOggDecoder.cpp:1326
8 	xul.dll 	nsThread::ProcessNextEvent 	xpcom/threads/nsThread.cpp:510
9 	xul.dll 	NS_ProcessNextEvent_P 	obj-firefox/xpcom/build/nsThreadUtils.cpp:230
10 	xul.dll 	nsThread::ThreadFunc 	xpcom/threads/nsThread.cpp:254
11 	nspr4.dll 	_PR_NativeRunThread 	nsprpub/pr/src/threads/combined/pruthr.c:426
12 	nspr4.dll 	pr_root 	nsprpub/pr/src/md/windows/w95thred.c:122
13 	mozcrt19.dll 	_callthreadstartex 	obj-firefox/memory/jemalloc/crtsrc/threadex.c:348
14 	mozcrt19.dll 	_threadstartex 	obj-firefox/memory/jemalloc/crtsrc/threadex.c:326
15 	kernel32.dll 	kernel32.dll@0xb728 

The ogg file only seems to crash locally (not with the bugzilla url, at least).
Summary: ogg crash with attached file → ogg crash [@ vorbis_synthesis] with attached file
Related to bug 487519?
(Assignee)

Comment 3

9 years ago
I have a fix for this. Preparing it now.
(Assignee)

Comment 4

9 years ago
Created attachment 380030 [details] [diff] [review]
liboggplay fixes

Cherry picked fixes from liboggplay
Assignee: nobody → chris.double
Status: NEW → ASSIGNED
(Assignee)

Comment 5

9 years ago
Created attachment 380031 [details] [diff] [review]
handle liboggplay error for bad input
Attachment #380031 - Flags: superreview?(roc)
Attachment #380031 - Flags: review?(roc)
Comment on attachment 380031 [details] [diff] [review]
handle liboggplay error for bad input

+void nsOggDecodeStateMachine::HandleDecodeErrors(OggPlayErrorCode r)

aErrorCode?
(Assignee)

Updated

9 years ago
Blocks: 493331
(Assignee)

Updated

9 years ago
Blocks: 487519
(Assignee)

Comment 7

9 years ago
Comment on attachment 380031 [details] [diff] [review]
handle liboggplay error for bad input

Patch has issue with non-broken content. Fixing.
Attachment #380031 - Flags: superreview?(roc)
Attachment #380031 - Flags: review?(roc)
(Assignee)

Updated

9 years ago
Attachment #380031 - Attachment is obsolete: true
(Assignee)

Comment 8

9 years ago
Created attachment 380035 [details] [diff] [review]
Fixes

Address review comment, fix playback of valid files.
Attachment #380035 - Flags: superreview?(roc)
Attachment #380035 - Flags: review?(roc)
Attachment #380035 - Flags: superreview?(roc)
Attachment #380035 - Flags: superreview+
Attachment #380035 - Flags: review?(roc)
Attachment #380035 - Flags: review+
http://hg.mozilla.org/mozilla-central/rev/95c878a87ccd
Status: ASSIGNED → RESOLVED
Last Resolved: 9 years ago
Flags: blocking1.9.1+
Resolution: --- → FIXED
We need a crashtest here.
Flags: in-testsuite?
Follow-up bug for the crashtest filed as bug 495639; I think we should just get
this landed and not block outright on that test.
Whiteboard: [needs 191 landing]
Verified fixed on trunk and 1.9.1 with builds on all platforms like

Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.2a1pre) Gecko/20090604 Minefield/3.6a1pre ID:20090604031228

Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.1pre) Gecko/20090604 Shiretoko/3.5pre ID:20090604031153
Status: RESOLVED → VERIFIED
Keywords: fixed1.9.1 → verified1.9.1
OS: Mac OS X → All
Hardware: x86 → All
Target Milestone: --- → mozilla1.9.2a1
Created attachment 392435 [details] [diff] [review]
Patch - add test

Add testcase. Rebased on testcase patch for bug 501279.
Pushed patch for testcase to m-c:
http://hg.mozilla.org/mozilla-central/rev/3ce467cf8e0d
Flags: in-testsuite? → in-testsuite+
Chris, will those tests also be pushed to 1.9.1? And can we open this bug to
the public now?
Keywords: testcase
This was already fixed in 1.9.1, so it seems this bug can be made public. Also, I think the tests can be pushed to 1.9.1.
(Assignee)

Comment 18

9 years ago
the test can't be directly pushed as 1.9.1 has a different test harness structure. It will need to be redone.
Crash Signature: [@ vorbis_synthesis]

Comment 19

6 years ago
Opening this up per comment 17. This issue has been resolved for long enough.
Group: core-security
You need to log in before you can comment on or make changes to this bug.