Last Comment Bug 688516 - nsBuiltinDecoder::NotifyDownloadEnded uses mElement without null-checking
: nsBuiltinDecoder::NotifyDownloadEnded uses mElement without null-checking
Status: RESOLVED FIXED
[good first bug] [mentor=jdm]
: crash
Product: Core
Classification: Components
Component: Audio/Video (show other bugs)
: unspecified
: ARM Android
: -- critical (vote)
: mozilla9
Assigned To: Matthew Gregan [:kinetik]
:
Mentors:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2011-09-22 10:25 PDT by Josh Matthews [:jdm]
Modified: 2011-09-23 04:38 PDT (History)
1 user (show)
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---


Attachments
patch v0 (3.23 KB, patch)
2011-09-22 21:28 PDT, Matthew Gregan [:kinetik]
cpearce: review+
Details | Diff | Review

Description Josh Matthews [:jdm] 2011-09-22 10:25:57 PDT
This bug was filed from the Socorro interface and is 
report bp-7ecd51f8-7e37-40d0-8f78-ae12d2110918 .
============================================================= 

This is just bug 633332 again, but for a different decoder >:( The rest of the file is filled with null-checks.

0 	libxul.so 	nsCOMPtr_base::assign_assuming_AddRef 	nsCOMPtr.h:464
1 	libxul.so 	nsCOMPtr_base::assign_with_AddRef 	obj-firefox/xpcom/build/nsCOMPtr.cpp:90
2 	libxul.so 	nsHTMLMediaElement::Error 	content/html/content/src/nsHTMLMediaElement.cpp:2051
3 	libxul.so 	nsHTMLMediaElement::LoadAborted 	content/html/content/src/nsHTMLMediaElement.cpp:2042
4 	libxul.so 	nsBuiltinDecoder::NotifyDownloadEnded 	content/media/nsBuiltinDecoder.cpp:668
5 	libxul.so 	DataEnded::Run 	content/media/nsMediaStream.cpp:745
6 	libxul.so 	nsThread::ProcessNextEvent 	xpcom/threads/nsThread.cpp:631
7 	libxul.so 	NS_ProcessNextEvent_P 	obj-firefox/xpcom/build/nsThreadUtils.cpp:245
8 	libxul.so 	mozilla::ipc::MessagePump::Run 	ipc/glue/MessagePump.cpp:111
9 	libxul.so 	mozilla::ipc::MessagePumpForChildProcess::Run 	ipc/glue/MessagePump.cpp:230
10 	libxul.so 	MessageLoop::RunInternal 	ipc/chromium/src/base/message_loop.cc:209
11 	libxul.so 	MessageLoop::Run 	ipc/chromium/src/base/message_loop.cc:487
12 	libxul.so 	nsBaseAppShell::Run 	widget/src/xpwidgets/nsBaseAppShell.cpp:191
13 	libxul.so 	XRE_RunAppShell 	toolkit/xre/nsEmbedFunctions.cpp:677
14 	libxul.so 	mozilla::ipc::MessagePumpForChildProcess::Run 	ipc/glue/MessagePump.cpp:222
15 	libxul.so 	MessageLoop::RunInternal 	ipc/chromium/src/base/message_loop.cc:209
16 	libxul.so 	MessageLoop::Run 	ipc/chromium/src/base/message_loop.cc:487
17 	libxul.so 	XRE_InitChildProcess 	nsAutoPtr.h:155
18 	libmozutils.so 	ChildProcessInit 	other-licenses/android/APKOpen.cpp:778
19 	plugin-container 	main 	ipc/app/MozillaRuntimeMainAndroid.cpp:69
Comment 1 Josh Matthews [:jdm] 2011-09-22 10:39:38 PDT
This is an easy fix to that should make an occasional mobile crash bug disappear.
Comment 2 Matthew Gregan [:kinetik] 2011-09-22 21:28:35 PDT
Created attachment 561965 [details] [diff] [review]
patch v0

Well, this is embarrassing.  I must not have audited every use when I fixed bug 633332.
Comment 3 Matthew Gregan [:kinetik] 2011-09-22 21:52:50 PDT
http://hg.mozilla.org/integration/mozilla-inbound/rev/27cc64182823
Comment 4 Ed Morley [:emorley] 2011-09-23 04:38:38 PDT
https://hg.mozilla.org/mozilla-central/rev/27cc64182823

Note You need to log in before you can comment on or make changes to this bug.