Closed
Bug 801747
Opened 12 years ago
Closed 12 years ago
Crash due to null ice_ctx() in vcmGetIceParams() when reloading test page
Categories
(Core :: WebRTC: Signaling, defect, P1)
Core
WebRTC: Signaling
Tracking
()
RESOLVED
DUPLICATE
of bug 791330
People
(Reporter: jesup, Unassigned)
References
()
Details
(Whiteboard: [WebRTC], [blocking-webrtc+])
Attachments
(1 file)
|
3.80 KB,
text/plain
|
Details |
Loaded up this test page, waited, hit reload, waited, repeat. On the 2nd or 3 reload, I got a null deref due to a null ice_ctx() in vcmGetIceParams()
(gdb) where
#0 0x00007ffff43a14ae in mozilla::NrIceCtx::GetGlobalAttributes (this=0x0) at nricectx.cpp:394
#1 0x00007ffff43cf199 in vcmGetIceParams (peerconnection=0x7fffe07ae614 "7087c0db8322f537",
ufragp=0x7fffe1140c30, pwdp=0x7fffe1140c28)
at ../../../../../media/webrtc/signaling/src/media/VcmSIPCCBinding.cpp:624
#2 0x00007ffff4432935 in fsmdef_ev_createoffer (event=0x7fffe1140da0)
at ../../../../../media/webrtc/signaling/src/sipcc/core/gsm/fsmdef.c:2886
#3 0x00007ffff4457a3c in sm_process_event (tbl=0x7ffff6447cc0, event=0x7fffe1140da0)
at ../../../../../media/webrtc/signaling/src/sipcc/core/gsm/sm.c:48
#4 0x00007ffff442876f in fim_process_event (data=0x7fffcc919000, cac_passed=0 '\000')
at ../../../../../media/webrtc/signaling/src/sipcc/core/gsm/fim.c:636
#5 0x00007ffff4441a2e in gsm_process_msg (cmd=158, msg=0x7fffcc919000)
at ../../../../../media/webrtc/signaling/src/sipcc/core/gsm/gsm.c:132
#6 0x00007ffff4441e19 in GSMTask (arg=0x7fffe0f68510)
at ../../../../../media/webrtc/signaling/src/sipcc/core/gsm/gsm.c:324
(gdb) frame 1
(gdb) p pc->impl()->ice_ctx()
$2 = {ptr = 0x0}
Could be a race condition between teardown of a PeerConnection and the async generation of the offer, if that caused mIceCtx to get nulled out before it was referenced here.
|
Reporter | |
Comment 1•12 years ago
|
||
|
||
Comment 2•12 years ago
|
||
Can you drop a crash report URL from about:crashes here?
|
||
Comment 3•12 years ago
|
||
A link to the test page you are referring to would also be nice.
|
|
Reporter | |
Comment 4•12 years ago
|
||
No crash report - caught directly in GDB Found when investigating bug 801565 I believe we may find there is a class of bugs related to PeerConnection teardown while async calls are active.
|
|
||
Comment 5•12 years ago
|
||
Thanks Randell, would you mind to run again and give us the full bt with gdb? We should put the signature into the summary and the crash signature field.
|
|
||
Updated•12 years ago
|
Severity: major → critical
Priority: -- → P1
Whiteboard: [WebRTC], [blocking-webrtc+]
|
|
Reporter | |
Updated•12 years ago
|
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•