Last Comment Bug 645284 - crash [@ libxul.so@0x5fbfc0] [@ vp8_decode_mb_tokens]
: crash [@ libxul.so@0x5fbfc0] [@ vp8_decode_mb_tokens]
Status: RESOLVED FIXED
[fixed by disabling feature]
: crash
Product: Core
Classification: Components
Component: Audio/Video (show other bugs)
: Trunk
: All Linux
: -- critical (vote)
: mozilla7
Assigned To: Timothy B. Terriberry (:derf)
:
: Maire Reavy [:mreavy]
Mentors:
http://www.bluishcoder.co.nz/2011/03/...
: 671271 676141 676153 (view as bug list)
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2011-03-25 23:53 PDT by cajbir (:cajbir)
Modified: 2011-08-16 08:00 PDT (History)
11 users (show)
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---
+
fixed
-


Attachments
Disable arm detokenizer (1.60 KB, patch)
2011-04-04 04:48 PDT, Timothy B. Terriberry (:derf)
khuey: review+
romaxa: feedback+
blassey.bugs: approval‑mozilla‑aurora+
Details | Diff | Splinter Review

Description cajbir (:cajbir) 2011-03-25 23:53:29 PDT
This bug was filed from the Socorro interface and is 
report bp-8dd16848-0a73-4cca-b4a6-82d9c2110325 .
=============================================================
Comment 1 cajbir (:cajbir) 2011-03-25 23:57:06 PDT
This was during playback of a WebM video in the URL. Stack trace is in the VP8 decoder. Should this be raised under the Video/Audio component instead?

0 	libxul.so 	libxul.so@0x5fbfc0 	
1 	libnspr4.so 	_pt_root 	nsprpub/pr/src/pthreads/ptthread.c:128
2 	libxul.so 	vp8_decode_mb_tokens 	media/libvpx/vp8/decoder/detokenize.c:225
3 	libxul.so 	vp8_decode_macroblock 	media/libvpx/vp8/decoder/decodframe.c:190
4 	libxul.so 	vp8_decode_mb_row 	media/libvpx/vp8/decoder/decodframe.c:395
5 	libxul.so 	vp8_decode_frame 	media/libvpx/vp8/decoder/decodframe.c:874
6 	libxul.so 	vp8dx_receive_compressed_data 	media/libvpx/vp8/decoder/onyxd_if.c:374
7 	libxul.so 	vp8_decode 	media/libvpx/vp8/vp8_dx_iface.c:424
8 	libxul.so 	vpx_codec_decode 	media/libvpx/vpx/src/vpx_decoder.c:127
9 	libxul.so 	nsWebMReader::DecodeVideoFrame 	content/media/webm/nsWebMReader.cpp:690
10 	libxul.so 	nsBuiltinDecoderStateMachine::DecodeLoop 	content/media/nsBuiltinDecoderStateMachine.cpp:297
11 	libxul.so 	nsRunnableMethodImpl<void , true>::Run 	nsThreadUtils.h:347
12 	libxul.so 	nsThread::ProcessNextEvent 	xpcom/threads/nsThread.cpp:633
13 	libxul.so 	NS_ProcessNextEvent_P 	nsThreadUtils.cpp:250
14 	libxul.so 	nsThread::ThreadFunc 	xpcom/threads/nsThread.h:85
15 	libnspr4.so 	_pt_root 	nsprpub/pr/src/pthreads/ptthread.c:190
16 	libc.so 	libc.so@0x111b3 	
17 	libc.so 	libc.so@0x10ca3
Comment 2 cajbir (:cajbir) 2011-03-26 00:00:09 PDT
Device was a Samsung Galaxy S running Android 2.2.1 (the stock install)
Comment 3 Timothy B. Terriberry (:derf) 2011-03-26 00:10:43 PDT
This looks like it's using the ARM asm detokenizer. This has been removed from current versions of libvpx (see https://review.webmproject.org/1741), because it, "hasn't been kept up to date." Perhaps we should just disable it?
Comment 4 Timothy B. Terriberry (:derf) 2011-04-04 04:48:16 PDT
Created attachment 523967 [details] [diff] [review]
Disable arm detokenizer
Comment 5 Oleg Romashin (:romaxa) 2011-07-06 16:40:20 PDT
having this crash on Nokia Arm
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 6344]
0x3b564820 in SKIP_EOB_CHECK () from /home/user/fennec_instq/libxul.so
(gdb) disa 
disable      disassemble  
(gdb) disassemble 
Dump of assembler code for function SKIP_EOB_CHECK:
   0x3b564800 <+0>:	ldr	r7, [sp, #16]
   0x3b564804 <+4>:	ldr	r3, [r9, #32]
   0x3b564808 <+8>:	add	r1, r1, #2
   0x3b56480c <+12>:	cmp	r7, #15
   0x3b564810 <+16>:	ldr	r3, [r3, r7, lsl #2]
   0x3b564814 <+20>:	add	r7, r7, #1
   0x3b564818 <+24>:	add	r3, r11, r3, lsl #1
   0x3b56481c <+28>:	str	r7, [sp, #16]
=> 0x3b564820 <+32>:	strh	lr, [r3]
   0x3b564824 <+36>:	blt	0x3b5646bc <COEFF_LOOP>
   0x3b564828 <+40>:	sub	r7, r7, #1
Comment 6 Oleg Romashin (:romaxa) 2011-07-06 17:14:28 PDT
Comment on attachment 523967 [details] [diff] [review]
Disable arm detokenizer

with this patch problem is not reproducible anymore
Comment 7 Timothy B. Terriberry (:derf) 2011-07-12 11:24:15 PDT
http://hg.mozilla.org/integration/mozilla-inbound/rev/93d400457dc0
Comment 9 Timothy B. Terriberry (:derf) 2011-08-02 18:09:20 PDT
*** Bug 676141 has been marked as a duplicate of this bug. ***
Comment 10 Brad Lassey [:blassey] (use needinfo?) 2011-08-03 18:44:11 PDT
Comment on attachment 523967 [details] [diff] [review]
Disable arm detokenizer

according to derf the risk here is "basically none" and this is arm only. reward is it fixes webm for arm
Comment 11 Timothy B. Terriberry (:derf) 2011-08-04 17:45:32 PDT
http://hg.mozilla.org/releases/mozilla-aurora/rev/b8f899c4dd9e
Comment 12 Timothy B. Terriberry (:derf) 2011-08-05 09:48:30 PDT
*** Bug 676153 has been marked as a duplicate of this bug. ***
Comment 13 Naoki Hirata :nhirata (please use needinfo instead of cc) 2011-08-15 16:53:06 PDT
*** Bug 671271 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.