Last Comment Bug 645284 - crash [@ libxul.so@0x5fbfc0] [@ vp8_decode_mb_tokens]
: crash [@ libxul.so@0x5fbfc0] [@ vp8_decode_mb_tokens]
Status: RESOLVED FIXED
[fixed by disabling feature]
: crash
Product: Core
Classification: Components
Component: Audio/Video (show other bugs)
: Trunk
: All Linux
-- critical (vote)
: mozilla7
Assigned To: Timothy B. Terriberry (:derf)
:
: Maire Reavy [:mreavy] Please needinfo me
Mentors:
http://www.bluishcoder.co.nz/2011/03/...
: 671271 676141 676153 (view as bug list)
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2011-03-25 23:53 PDT by cajbir (:cajbir)
Modified: 2011-08-16 08:00 PDT (History)
11 users (show)
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---
+
fixed
-


Attachments
Disable arm detokenizer (1.60 KB, patch)
2011-04-04 04:48 PDT, Timothy B. Terriberry (:derf)
khuey: review+
romaxa: feedback+
blassey.bugs: approval‑mozilla‑aurora+
Details | Diff | Splinter Review

Description User image cajbir (:cajbir) 2011-03-25 23:53:29 PDT
This bug was filed from the Socorro interface and is 
report bp-8dd16848-0a73-4cca-b4a6-82d9c2110325 .
=============================================================
Comment 1 User image cajbir (:cajbir) 2011-03-25 23:57:06 PDT
This was during playback of a WebM video in the URL. Stack trace is in the VP8 decoder. Should this be raised under the Video/Audio component instead?

0 	libxul.so 	libxul.so@0x5fbfc0 	
1 	libnspr4.so 	_pt_root 	nsprpub/pr/src/pthreads/ptthread.c:128
2 	libxul.so 	vp8_decode_mb_tokens 	media/libvpx/vp8/decoder/detokenize.c:225
3 	libxul.so 	vp8_decode_macroblock 	media/libvpx/vp8/decoder/decodframe.c:190
4 	libxul.so 	vp8_decode_mb_row 	media/libvpx/vp8/decoder/decodframe.c:395
5 	libxul.so 	vp8_decode_frame 	media/libvpx/vp8/decoder/decodframe.c:874
6 	libxul.so 	vp8dx_receive_compressed_data 	media/libvpx/vp8/decoder/onyxd_if.c:374
7 	libxul.so 	vp8_decode 	media/libvpx/vp8/vp8_dx_iface.c:424
8 	libxul.so 	vpx_codec_decode 	media/libvpx/vpx/src/vpx_decoder.c:127
9 	libxul.so 	nsWebMReader::DecodeVideoFrame 	content/media/webm/nsWebMReader.cpp:690
10 	libxul.so 	nsBuiltinDecoderStateMachine::DecodeLoop 	content/media/nsBuiltinDecoderStateMachine.cpp:297
11 	libxul.so 	nsRunnableMethodImpl<void , true>::Run 	nsThreadUtils.h:347
12 	libxul.so 	nsThread::ProcessNextEvent 	xpcom/threads/nsThread.cpp:633
13 	libxul.so 	NS_ProcessNextEvent_P 	nsThreadUtils.cpp:250
14 	libxul.so 	nsThread::ThreadFunc 	xpcom/threads/nsThread.h:85
15 	libnspr4.so 	_pt_root 	nsprpub/pr/src/pthreads/ptthread.c:190
16 	libc.so 	libc.so@0x111b3 	
17 	libc.so 	libc.so@0x10ca3
Comment 2 User image cajbir (:cajbir) 2011-03-26 00:00:09 PDT
Device was a Samsung Galaxy S running Android 2.2.1 (the stock install)
Comment 3 User image Timothy B. Terriberry (:derf) 2011-03-26 00:10:43 PDT
This looks like it's using the ARM asm detokenizer. This has been removed from current versions of libvpx (see https://review.webmproject.org/1741), because it, "hasn't been kept up to date." Perhaps we should just disable it?
Comment 4 User image Timothy B. Terriberry (:derf) 2011-04-04 04:48:16 PDT
Created attachment 523967 [details] [diff] [review]
Disable arm detokenizer
Comment 5 User image Oleg Romashin (:romaxa) 2011-07-06 16:40:20 PDT
having this crash on Nokia Arm
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 6344]
0x3b564820 in SKIP_EOB_CHECK () from /home/user/fennec_instq/libxul.so
(gdb) disa 
disable      disassemble  
(gdb) disassemble 
Dump of assembler code for function SKIP_EOB_CHECK:
   0x3b564800 <+0>:	ldr	r7, [sp, #16]
   0x3b564804 <+4>:	ldr	r3, [r9, #32]
   0x3b564808 <+8>:	add	r1, r1, #2
   0x3b56480c <+12>:	cmp	r7, #15
   0x3b564810 <+16>:	ldr	r3, [r3, r7, lsl #2]
   0x3b564814 <+20>:	add	r7, r7, #1
   0x3b564818 <+24>:	add	r3, r11, r3, lsl #1
   0x3b56481c <+28>:	str	r7, [sp, #16]
=> 0x3b564820 <+32>:	strh	lr, [r3]
   0x3b564824 <+36>:	blt	0x3b5646bc <COEFF_LOOP>
   0x3b564828 <+40>:	sub	r7, r7, #1
Comment 6 User image Oleg Romashin (:romaxa) 2011-07-06 17:14:28 PDT
Comment on attachment 523967 [details] [diff] [review]
Disable arm detokenizer

with this patch problem is not reproducible anymore
Comment 7 User image Timothy B. Terriberry (:derf) 2011-07-12 11:24:15 PDT
http://hg.mozilla.org/integration/mozilla-inbound/rev/93d400457dc0
Comment 9 User image Timothy B. Terriberry (:derf) 2011-08-02 18:09:20 PDT
*** Bug 676141 has been marked as a duplicate of this bug. ***
Comment 10 User image Brad Lassey [:blassey] (use needinfo?) 2011-08-03 18:44:11 PDT
Comment on attachment 523967 [details] [diff] [review]
Disable arm detokenizer

according to derf the risk here is "basically none" and this is arm only. reward is it fixes webm for arm
Comment 11 User image Timothy B. Terriberry (:derf) 2011-08-04 17:45:32 PDT
http://hg.mozilla.org/releases/mozilla-aurora/rev/b8f899c4dd9e
Comment 12 User image Timothy B. Terriberry (:derf) 2011-08-05 09:48:30 PDT
*** Bug 676153 has been marked as a duplicate of this bug. ***
Comment 13 User image Naoki Hirata :nhirata (please use needinfo instead of cc) 2011-08-15 16:53:06 PDT
*** Bug 671271 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.