740350 - Memory crash in sipcc - VcmSIPCCBinding::~VcmSIPCCBinding ()

Status: RESOLVED WORKSFORME

(Core :: WebRTC: Signaling, defect)

Description

[Randell Jesup [:jesup] (needinfo me)]

Took an assertion in jemalloc that leads back to VcmSIPCBinding():
media/webrtc/signaling/src/media/VcmSIPCCBinding.cpp


../../../memory/jemalloc/jemalloc.c:3291: Failed assertion: "diff == regind * size"

Program received signal SIGABRT, Aborted.
0x0000003151635215 in __GI_raise (sig=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
64	  return INLINE_SYSCALL (tgkill, 3, pid, selftid, sig);
(gdb) up
#1  0x0000003151636b2b in __GI_abort () at abort.c:93
93	      raise (SIGABRT);
(gdb) 
#2  0x000000000041280f in arena_run_reg_dalloc (run=0x7fffe3d20000, bin=0x7ffff7ed7838, ptr=0x7fffe3d23570, size=256)
    at ../../../memory/jemalloc/jemalloc.c:3291
3291		assert(diff == regind * size);
(gdb) p diff
$31 = 13424
(gdb) p regind
$32 = 52
(gdb) p size
$33 = 256
(gdb) p regind*size
$34 = 13312

The code does something very funky in the allocator:

VcmSIPCCBinding * VcmSIPCCBinding::_pSelf = NULL;

// The media provider passsed in here will be owned by VcmSIPCCBinding, and so it destroys
// it later.
VcmSIPCCBinding::VcmSIPCCBinding (MediaProvider *mp)
  : pMediaProvider(mp),
    streamObserver(NULL)
{
    delete _pSelf;//delete is NULL safe, so I don't need to check if it's NULL
    _pSelf = this;
}

Comment 1

[Randell Jesup [:jesup] (needinfo me)]

This still randomly crashes me (not too often) when leaving pages using WebrtcContext.   At minimum it probably needs mutexes around the _pSelf games, and probably it needs to be recoded/redesigned. A doesn't-crash fix would be good enough for now.

Comment 2

[Henrik Skupin [:whimboo][⌚️UTC+2]]

There is no link to a check-in so we should call it WFM.