Closed Bug 795892 Opened 12 years ago Closed 12 years ago

Playing video causes reproducible crash in nsCOMPtr_base::assign_with_AddRef

Categories

(Core :: Audio/Video, defect)

Product:
Core
Component:
Audio/Video
Version:
18 Branch
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla18

People

(Reporter: BenWa, Assigned: kinetik)

References

Details

(Keywords: crash, regression, reproducible)

Crash Data

Attachments

(1 file)

patch v0
1.26 KB, patch
roc
: review+
Details | Diff | Splinter Review
This bug was filed from the Socorro interface and is report bp-691616c5-4123-4688-9f17-41c4f2121001 . ============================================================= I also get at least one other signature: bp-667bdd46-3bc0-430f-8740-a68262121001 STR: 0) On mac at least with the 2012-09-30 nightly. 1) Open page: http://people.mozilla.com/~bgirard/cleopatra/?zippedProfile=profiles/sps-profile-1348512228.12.zip&videoCapture=videos/video-1348512228.11.webm 2) After loading click play on the video element.
Crash Signature: [@ nsCOMPtr_base::assign_with_AddRef | mozilla::net::nsHttpChannel::AsyncOpen] → [@ nsCOMPtr_base::assign_with_AddRef | mozilla::net::nsHttpChannel::AsyncOpen] [@ mozilla::net::HttpBaseChannel::GetNotificationCallbacks ]
Keywords: regression, regressionwindow-wanted, reproducible
Without step 2, I hit bug 789075 on Windows in 15.0.1 and above.
I'm bisecting this now.
Well, that change surfaced the bug, but it's not the cause. The real cause is pretty dumb: 605 nsCORSListenerProxy* crossSiteListener = 606 new nsCORSListenerProxy(mListener, 607 element->NodePrincipal(), 608 false); 609 nsresult rv = crossSiteListener->Init(mChannel); ...it's a shame the compiler can't catch this.
Assignee: nobody → kinetik
Status: NEW → ASSIGNED
Attached patch patch v0Splinter Review
Attachment #666850 - Flags: review?(roc)
Version: unspecified → 18 Branch
Oops! Thanks Matthew for the quick fix.
Thanks :)
I pushed this since I feel pretty bad for making this mistake, and wanted to take some responsibility. :-) https://hg.mozilla.org/integration/mozilla-inbound/rev/9a73d985e5e9
Don't feel bad, it wasn't your mistake. This has been hiding in our code waiting to bite someone for a long time. Thanks for pushing the fix!
https://hg.mozilla.org/mozilla-central/rev/9a73d985e5e9 Should this have a crashtest?
Status: ASSIGNED → RESOLVED
Closed: 12 years ago
Flags: in-testsuite?
Resolution: --- → FIXED
Target Milestone: --- → mozilla18
Pardon my question, but the test link in Cleopatra still crashes the browser. tested using the latest hourly build with this patch. crash-report will not be of use because of no-symbols in hourly builds. If this was supposed to fix the crash it does not seem to be fixed. Isn't this a dupe of bug 789075 ? which still remains un-fixed ?
(In reply to comment #11) > Pardon my question, but the test link in Cleopatra still crashes the browser. > > tested using the latest hourly build with this patch. crash-report will not be > of use because of no-symbols in hourly builds. > > If this was supposed to fix the crash it does not seem to be fixed. > Isn't this a dupe of bug 789075 ? which still remains un-fixed ? You're probably seeing the crash in bug 789075, which is still not fixed.
Blocks: 795750
(In reply to Ryan VanderMeulen from comment #10) > Should this have a crashtest? https://hg.mozilla.org/integration/mozilla-inbound/rev/0efeec87af33
Flags: in-testsuite? → in-testsuite+
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: