Closed
Bug 645284
Opened 14 years ago
Closed 14 years ago
crash [@ libxul.so@0x5fbfc0] [@ vp8_decode_mb_tokens]
Categories
(Core :: Audio/Video, defect)
Tracking
()
RESOLVED
FIXED
mozilla7
People
(Reporter: cajbir, Assigned: derf)
References
()
Details
(Keywords: crash, Whiteboard: [fixed by disabling feature])
Crash Data
Attachments
(1 file)
|
1.60 KB,
patch
|
khuey
:
review+
romaxa
:
feedback+
blassey
:
approval-mozilla-aurora+
|
Details | Diff | Splinter Review |
This bug was filed from the Socorro interface and is
report bp-8dd16848-0a73-4cca-b4a6-82d9c2110325 .
=============================================================
|
Reporter | |
Comment 1•14 years ago
|
||
This was during playback of a WebM video in the URL. Stack trace is in the VP8 decoder. Should this be raised under the Video/Audio component instead?
0 libxul.so libxul.so@0x5fbfc0
1 libnspr4.so _pt_root nsprpub/pr/src/pthreads/ptthread.c:128
2 libxul.so vp8_decode_mb_tokens media/libvpx/vp8/decoder/detokenize.c:225
3 libxul.so vp8_decode_macroblock media/libvpx/vp8/decoder/decodframe.c:190
4 libxul.so vp8_decode_mb_row media/libvpx/vp8/decoder/decodframe.c:395
5 libxul.so vp8_decode_frame media/libvpx/vp8/decoder/decodframe.c:874
6 libxul.so vp8dx_receive_compressed_data media/libvpx/vp8/decoder/onyxd_if.c:374
7 libxul.so vp8_decode media/libvpx/vp8/vp8_dx_iface.c:424
8 libxul.so vpx_codec_decode media/libvpx/vpx/src/vpx_decoder.c:127
9 libxul.so nsWebMReader::DecodeVideoFrame content/media/webm/nsWebMReader.cpp:690
10 libxul.so nsBuiltinDecoderStateMachine::DecodeLoop content/media/nsBuiltinDecoderStateMachine.cpp:297
11 libxul.so nsRunnableMethodImpl<void , true>::Run nsThreadUtils.h:347
12 libxul.so nsThread::ProcessNextEvent xpcom/threads/nsThread.cpp:633
13 libxul.so NS_ProcessNextEvent_P nsThreadUtils.cpp:250
14 libxul.so nsThread::ThreadFunc xpcom/threads/nsThread.h:85
15 libnspr4.so _pt_root nsprpub/pr/src/pthreads/ptthread.c:190
16 libc.so libc.so@0x111b3
17 libc.so libc.so@0x10ca3
|
|
Reporter | |
Comment 2•14 years ago
|
||
Device was a Samsung Galaxy S running Android 2.2.1 (the stock install)
|
|
Reporter | |
Updated•14 years ago
|
Component: General → Video/Audio
Product: Fennec → Core
QA Contact: general → video.audio
|
Assignee | |
Comment 3•14 years ago
|
||
This looks like it's using the ARM asm detokenizer. This has been removed from current versions of libvpx (see https://review.webmproject.org/1741), because it, "hasn't been kept up to date." Perhaps we should just disable it?
|
||
Updated•14 years ago
|
tracking-fennec: --- → ?
|
||
Updated•14 years ago
|
tracking-fennec: ? → 2.0-
Whiteboard: [fennec-4.1?]
|
||
Updated•14 years ago
|
Summary: crash [@ libxul.so@0x5fbfc0] → crash [@ libxul.so@0x5fbfc0] [@ vp8_decode_mb_tokens]
|
|
Assignee | |
Comment 4•14 years ago
|
||
Assignee: nobody → tterribe
Status: NEW → ASSIGNED
|
||
Updated•14 years ago
|
Whiteboard: [fennec-4.1?]
|
||
Updated•14 years ago
|
Crash Signature: [@ libxul.so@0x5fbfc0]
[@ vp8_decode_mb_tokens]
|
||
Comment 5•14 years ago
|
||
having this crash on Nokia Arm
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 6344]
0x3b564820 in SKIP_EOB_CHECK () from /home/user/fennec_instq/libxul.so
(gdb) disa
disable disassemble
(gdb) disassemble
Dump of assembler code for function SKIP_EOB_CHECK:
0x3b564800 <+0>: ldr r7, [sp, #16]
0x3b564804 <+4>: ldr r3, [r9, #32]
0x3b564808 <+8>: add r1, r1, #2
0x3b56480c <+12>: cmp r7, #15
0x3b564810 <+16>: ldr r3, [r3, r7, lsl #2]
0x3b564814 <+20>: add r7, r7, #1
0x3b564818 <+24>: add r3, r11, r3, lsl #1
0x3b56481c <+28>: str r7, [sp, #16]
=> 0x3b564820 <+32>: strh lr, [r3]
0x3b564824 <+36>: blt 0x3b5646bc <COEFF_LOOP>
0x3b564828 <+40>: sub r7, r7, #1
Crash Signature: [@ libxul.so@0x5fbfc0]
[@ vp8_decode_mb_tokens] → [@ libxul.so@0x5fbfc0]
[@ vp8_decode_mb_tokens]
|
|
||
Comment 6•14 years ago
|
||
Comment on attachment 523967 [details] [diff] [review]
Disable arm detokenizer
with this patch problem is not reproducible anymore
Attachment #523967 -
Flags: feedback+
Attachment #523967 -
Flags: review+
|
|
Assignee | |
Comment 7•14 years ago
|
||
Whiteboard: [inbound]
|
||
Comment 8•14 years ago
|
||
Status: ASSIGNED → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
Whiteboard: [inbound]
Target Milestone: --- → mozilla8
|
|
Assignee | |
Updated•14 years ago
|
Attachment #523967 -
Flags: approval-mozilla-aurora?
|
|
Assignee | |
Updated•14 years ago
|
status-firefox7:
--- → affected
tracking-firefox7:
--- → ?
|
|
||
Comment 10•14 years ago
|
||
Comment on attachment 523967 [details] [diff] [review]
Disable arm detokenizer
according to derf the risk here is "basically none" and this is arm only. reward is it fixes webm for arm
Attachment #523967 -
Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
|
|
Assignee | |
Comment 11•14 years ago
|
||
Target Milestone: mozilla8 → mozilla7
|
||
Updated•14 years ago
|
Crash Signature: [@ libxul.so@0x5fbfc0]
[@ vp8_decode_mb_tokens] → [@ libxul.so@0x5fbfc0]
[@ vp8_decode_mb_tokens]
[@ libxul.so@0x61679c ]
[@ libxul.so@0x61647c ]
[@ libxul.so@0x61607c ]
[@ libxul.so@0x61610c ]
[@ vp8_decode_mb_tokens ]
|
|
||
Updated•14 years ago
|
Crash Signature: [@ libxul.so@0x5fbfc0]
[@ vp8_decode_mb_tokens]
[@ libxul.so@0x61679c ]
[@ libxul.so@0x61647c ]
[@ libxul.so@0x61607c ]
[@ libxul.so@0x61610c ]
[@ vp8_decode_mb_tokens ] → [@ libxul.so@0x5fbfc0]
[@ vp8_decode_mb_tokens]
[@ libxul.so@0x61679c ]
[@ libxul.so@0x61647c ]
[@ libxul.so@0x61607c ]
[@ libxul.so@0x61679c]
[@ libxul.so@0x61610c ]
[@ vp8_decode_mb_tokens ]
You need to log in
before you can comment on or make changes to this bug.
Description
•