Closed Bug 794648 Opened 12 years ago Closed 12 years ago

Null pointer dereference in fsm.c:147 [@ mozilla::NrIceCtx::GetGlobalAttributes() ]

Categories

(Core :: WebRTC, defect, P2)

Product:
Core
Component:
WebRTC
Platform:
x86
macOS
Type:
defect

Tracking

()

Status:
RESOLVED DUPLICATE of bug 791330

People

(Reporter: ianbicking, Unassigned)

References

Details

(Keywords: crash, Whiteboard: [WebRTC], [blocking-webrtc+])

Crash Data

I've been periodically getting segfaults from Mozilla (Alder branch). It doesn't happen predictably, though I have gotten more as I've been testing calling DOM APIs with invalid arguments. Using a fresh build from today I got: Program received signal EXC_BAD_ACCESS, Could not access memory. Reason: KERN_INVALID_ADDRESS at address: 0x0000000000000000 [Switching to process 21612 thread 0xb803] fsm_init_fcb (fcb=0x0, call_id=0, dcb=0x0, type=FSM_TYPE_MIN) at /Users/ianbicking/src/mozilla-central-alder/media/webrtc/signaling/src/sipcc/core/gsm/fsm.c:147 147 fcb->call_id = call_id; (gdb) back #0 fsm_init_fcb (fcb=0x0, call_id=0, dcb=0x0, type=FSM_TYPE_MIN) at /Users/ianbicking/src/mozilla-central-alder/media/webrtc/signaling/src/sipcc/core/gsm/fsm.c:147 #1 0x0000000102567066 in fim_process_event (data=0x1775b1000, cac_passed=<value temporarily unavailable, due to optimizations>) at /Users/ianbicking/src/mozilla-central-alder/media/webrtc/signaling/src/sipcc/core/gsm/fim.c:162
Whiteboard: [WebRTC], [blocking-webrtc-]
Can you re-test this with a fresh build from today and give a full trace back, and give steps to reproduce? Tough to determine if it blocks with the information we have.
Keywords: stackwanted
Severity: normal → critical
Keywords: crash
I've replicated this on a build from a fresh checkout from today. This test seems to trigger the problem fairly regularly: http://ianb.github.com/webrtc-tests/?test-name=replicate-bug-794648.js Just load the page, reload it a few times, and you should get a crash within a minute or so. I've only attempted to replicate this it on my mac laptop.
I tried loading ,reloading the above page several times .. but wasn't able to reproduce the crash on my Mac and latest m-c. please let me know if i am missing anything ... should i run the tests as well to reproduce the issue ?
This test case was from before WebRTC landed on mozilla-central, and the API changed since then; probably the test is not currently exercising what it used to as a result (the test would pass if it was running correctly for a reproduction). I'll update this bug when I have the test fixed up again.
Priority: -- → P2
Whiteboard: [WebRTC], [blocking-webrtc-] → [WebRTC], [blocking-webrtc+]
I have updated and published the test at the same URL (http://ianb.github.com/webrtc-tests/?test-name=replicate-bug-794648.js) and can reproduce in a build from today.
(In reply to Ian Bicking (:ianb) from comment #5) > I have updated and published the test at the same URL > (http://ianb.github.com/webrtc-tests/?test-name=replicate-bug-794648.js) and > can reproduce in a build from today. Can you give a crash report URL for this from about:crashes?
For some reason now I'm not getting the Mozilla Crash Reporter (only the Apple one). If the Apple report is of any use, it is here: https://gist.github.com/3908920
Keywords: stackwanted
Ian: the test URL goes to a GitHub 404 error page
Apparently the entirety of my github account is borked. While that's being fixed, you could also check out the repository git://github.com/ianb/webrtc-tests.git and go to .../index.html?test-name=replicate-bug-794648.js (ideally not over a file: URL, as that can cause hard-to-predict permission issues).
My account was temporarily marked as spam; fixed, and the page is back up
Strongly suspect this is another instance/Dup of "We need more locks in PeerConnectionImpl" especially around teardown.
Depends on: webrtc-big-lock
So I crashes on the test page with a latest nightly build on OS X: Report: bp-c28655d2-78f8-4bdf-966f-08e8d2121019 Stack: 0 XUL mozilla::NrIceCtx::GetGlobalAttributes nricectx.cpp:394 1 XUL vcmGetIceParams VcmSIPCCBinding.cpp:624 2 XUL fsmdef_ev_createoffer fsmdef.c:2901 3 XUL sm_process_event sm.c:48 4 XUL fim_process_event fim.c:636 5 XUL gsm_process_msg gsm.c:132 6 XUL GSMTask gsm.c:324 7 libsystem_c.dylib libsystem_c.dylib@0x4e8be 8 libsystem_c.dylib libsystem_c.dylib@0x51b74 9 XUL XUL@0x154393f It's exactly the same stack as on bug 791330.
Status: NEW → RESOLVED
Crash Signature: [@ mozilla::NrIceCtx::GetGlobalAttributes() ]
Closed: 12 years ago
Resolution: --- → DUPLICATE
Summary: Null pointer dereference in fsm.c:147 → Null pointer dereference in fsm.c:147 [@ mozilla::NrIceCtx::GetGlobalAttributes() ]
You need to log in before you can comment on or make changes to this bug.