Closed
Bug 645284
Opened 12 years ago
Closed 12 years ago
crash [@ libxul.so@0x5fbfc0] [@ vp8_decode_mb_tokens]
Categories
(Core :: Audio/Video, defect)
Tracking
()
RESOLVED
FIXED
mozilla7
People
(Reporter: cajbir, Assigned: derf)
References
()
Details
(Keywords: crash, Whiteboard: [fixed by disabling feature])
Crash Data
Attachments
(1 file)
|
1.60 KB,
patch
|
khuey
:
review+
romaxa
:
feedback+
blassey
:
approval-mozilla-aurora+
|
Details | Diff | Splinter Review |
This bug was filed from the Socorro interface and is report bp-8dd16848-0a73-4cca-b4a6-82d9c2110325 . =============================================================
|
Reporter | |
Comment 1•12 years ago
|
||
This was during playback of a WebM video in the URL. Stack trace is in the VP8 decoder. Should this be raised under the Video/Audio component instead? 0 libxul.so libxul.so@0x5fbfc0 1 libnspr4.so _pt_root nsprpub/pr/src/pthreads/ptthread.c:128 2 libxul.so vp8_decode_mb_tokens media/libvpx/vp8/decoder/detokenize.c:225 3 libxul.so vp8_decode_macroblock media/libvpx/vp8/decoder/decodframe.c:190 4 libxul.so vp8_decode_mb_row media/libvpx/vp8/decoder/decodframe.c:395 5 libxul.so vp8_decode_frame media/libvpx/vp8/decoder/decodframe.c:874 6 libxul.so vp8dx_receive_compressed_data media/libvpx/vp8/decoder/onyxd_if.c:374 7 libxul.so vp8_decode media/libvpx/vp8/vp8_dx_iface.c:424 8 libxul.so vpx_codec_decode media/libvpx/vpx/src/vpx_decoder.c:127 9 libxul.so nsWebMReader::DecodeVideoFrame content/media/webm/nsWebMReader.cpp:690 10 libxul.so nsBuiltinDecoderStateMachine::DecodeLoop content/media/nsBuiltinDecoderStateMachine.cpp:297 11 libxul.so nsRunnableMethodImpl<void , true>::Run nsThreadUtils.h:347 12 libxul.so nsThread::ProcessNextEvent xpcom/threads/nsThread.cpp:633 13 libxul.so NS_ProcessNextEvent_P nsThreadUtils.cpp:250 14 libxul.so nsThread::ThreadFunc xpcom/threads/nsThread.h:85 15 libnspr4.so _pt_root nsprpub/pr/src/pthreads/ptthread.c:190 16 libc.so libc.so@0x111b3 17 libc.so libc.so@0x10ca3
|
|
Reporter | |
Comment 2•12 years ago
|
||
Device was a Samsung Galaxy S running Android 2.2.1 (the stock install)
|
|
Reporter | |
Updated•12 years ago
|
Component: General → Video/Audio
Product: Fennec → Core
QA Contact: general → video.audio
|
Assignee | |
Comment 3•12 years ago
|
||
This looks like it's using the ARM asm detokenizer. This has been removed from current versions of libvpx (see https://review.webmproject.org/1741), because it, "hasn't been kept up to date." Perhaps we should just disable it?
|
||
Updated•12 years ago
|
tracking-fennec: --- → ?
|
||
Updated•12 years ago
|
tracking-fennec: ? → 2.0-
Whiteboard: [fennec-4.1?]
|
||
Updated•12 years ago
|
Summary: crash [@ libxul.so@0x5fbfc0] → crash [@ libxul.so@0x5fbfc0] [@ vp8_decode_mb_tokens]
|
|
Assignee | |
Comment 4•12 years ago
|
||
Assignee: nobody → tterribe
Status: NEW → ASSIGNED
|
||
Updated•12 years ago
|
Whiteboard: [fennec-4.1?]
|
||
Updated•12 years ago
|
Crash Signature: [@ libxul.so@0x5fbfc0]
[@ vp8_decode_mb_tokens]
|
||
Comment 5•12 years ago
|
||
having this crash on Nokia Arm Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 6344] 0x3b564820 in SKIP_EOB_CHECK () from /home/user/fennec_instq/libxul.so (gdb) disa disable disassemble (gdb) disassemble Dump of assembler code for function SKIP_EOB_CHECK: 0x3b564800 <+0>: ldr r7, [sp, #16] 0x3b564804 <+4>: ldr r3, [r9, #32] 0x3b564808 <+8>: add r1, r1, #2 0x3b56480c <+12>: cmp r7, #15 0x3b564810 <+16>: ldr r3, [r3, r7, lsl #2] 0x3b564814 <+20>: add r7, r7, #1 0x3b564818 <+24>: add r3, r11, r3, lsl #1 0x3b56481c <+28>: str r7, [sp, #16] => 0x3b564820 <+32>: strh lr, [r3] 0x3b564824 <+36>: blt 0x3b5646bc <COEFF_LOOP> 0x3b564828 <+40>: sub r7, r7, #1
Crash Signature: [@ libxul.so@0x5fbfc0]
[@ vp8_decode_mb_tokens] → [@ libxul.so@0x5fbfc0]
[@ vp8_decode_mb_tokens]
|
|
||
Comment 6•12 years ago
|
||
Comment on attachment 523967 [details] [diff] [review] Disable arm detokenizer with this patch problem is not reproducible anymore
Attachment #523967 -
Flags: feedback+
Attachment #523967 -
Flags: review+
|
|
Assignee | |
Comment 7•12 years ago
|
||
http://hg.mozilla.org/integration/mozilla-inbound/rev/93d400457dc0
Whiteboard: [inbound]
|
||
Comment 8•12 years ago
|
||
http://hg.mozilla.org/mozilla-central/rev/93d400457dc0
Status: ASSIGNED → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Whiteboard: [inbound]
Target Milestone: --- → mozilla8
|
|
Assignee | |
Updated•12 years ago
|
Attachment #523967 -
Flags: approval-mozilla-aurora?
|
|
Assignee | |
Updated•12 years ago
|
status-firefox7:
--- → affected
tracking-firefox7:
--- → ?
|
|
||
Comment 10•12 years ago
|
||
Comment on attachment 523967 [details] [diff] [review] Disable arm detokenizer according to derf the risk here is "basically none" and this is arm only. reward is it fixes webm for arm
Attachment #523967 -
Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
|
|
Assignee | |
Comment 11•12 years ago
|
||
http://hg.mozilla.org/releases/mozilla-aurora/rev/b8f899c4dd9e
Target Milestone: mozilla8 → mozilla7
|
||
Updated•12 years ago
|
Crash Signature: [@ libxul.so@0x5fbfc0]
[@ vp8_decode_mb_tokens] → [@ libxul.so@0x5fbfc0]
[@ vp8_decode_mb_tokens]
[@ libxul.so@0x61679c ]
[@ libxul.so@0x61647c ]
[@ libxul.so@0x61607c ]
[@ libxul.so@0x61610c ]
[@ vp8_decode_mb_tokens ]
|
|
||
Updated•12 years ago
|
Crash Signature: [@ libxul.so@0x5fbfc0]
[@ vp8_decode_mb_tokens]
[@ libxul.so@0x61679c ]
[@ libxul.so@0x61647c ]
[@ libxul.so@0x61607c ]
[@ libxul.so@0x61610c ]
[@ vp8_decode_mb_tokens ] → [@ libxul.so@0x5fbfc0]
[@ vp8_decode_mb_tokens]
[@ libxul.so@0x61679c ]
[@ libxul.so@0x61647c ]
[@ libxul.so@0x61607c ]
[@ libxul.so@0x61679c]
[@ libxul.so@0x61610c ]
[@ vp8_decode_mb_tokens ]
You need to log in
before you can comment on or make changes to this bug.
Description
•