Closed Bug 804205 Opened 12 years ago Closed 11 years ago

Crash in LibTheora::huffdec.c (oc_huff_tree_collapse) with VS2012/PGO

Categories

(Core :: Audio/Video, defect)

Product:
Core
Component:
Audio/Video
Version:
16 Branch
Platform:
x86_64
Windows 7
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED DUPLICATE of bug 703135

People

(Reporter: mark, Unassigned)

Details

(Keywords: crash) 

When building Firefox on VS2012 using PGO (x86 build), the resulting binary crashes in gkmedias.dll when trying to play certain videos. The VS debugger pointed at a crash point in huffdec.c in libtheora:

===
static size_t oc_huff_tree_collapse(ogg_int16_t *_tree,
 unsigned char _tokens[][2],int _ntokens){
  ogg_int16_t   node[34];
  unsigned char depth[34];
  unsigned char last[34];
  size_t        ntree;
  int           ti;
  int           l;
  depth[0]=0;
  last[0]=(unsigned char)(_ntokens-1);
  ntree=0;
  ti=0;
  l=0;
  do{
    int nbits;
    nbits=oc_huff_tree_collapse_depth(_tokens+ti,last[l]+1-ti,depth[l]);
    node[l]=(ogg_int16_t)ntree;
    ntree+=oc_huff_node_size(nbits);
>>  if(_tree!=NULL)_tree[node[l]++]=(ogg_int16_t)nbits; << *CRASH*
    do{
      while(ti<=last[l]&&_tokens[ti][1]<=depth[l]+nbits){
        if(_tree!=NULL){
          ogg_int16_t leaf;
          int         nentries;
===

Building from the same tree with the same parameters but without PGO does not cause this crash - Possibly a compiler bug? I've tried several builds with different optimizations flags and they consistently display this behavior in this lib.
Easy to reproduce with some of the W3schools pages, e.g. using the tryit editor from the <video> tag page. The crash doesn't seem to happen on all HTML5 videos through.
Severity: normal → critical
Keywords: crash
Component: Untriaged → Video/Audio
Product: Firefox → Core
Does this issue reproduce when using a clean profile with your build?
http://support.mozilla.org/en-US/kb/profile-manager-create-and-remove-firefox-profiles
Flags: needinfo?(mark)
This sounds an awful lot like bug 703135.
Yes, it occurs on a fresh install with a clean profile.

I've tested a build side-by-side by now excluding huffdec.c from PGO with -GL- (from the makefile) on the same sites/videos and both a blank and populated profile, and the -GL- build has no issues, while the original build will crash with an access violation (c0000005 or whichever amount of 0's it is again)
Flags: needinfo?(mark)
FYI, the makefile addition is (at the bottom of the file):

media/libtheora/lib/Makefile.in

ifdef _MSC_VER
ifeq ($(CPU_ARCH),x86)
# Workaround compiler bug on PGO (Bug 804205)
huffdec.$(OBJ_SUFFIX): CFLAGS += -GL-
endif
endif # _MSC_VER 

I'm not familiar with the method you prefer to submit patches to bugzilla, so if someone can do that properly, that would be nice ;)
I also reproduced this even without PGO with VS2012 x86.
I'm going to assume this is bug 703135. Please reopen if the patch in bug 703135 doesn't fix this for you.
Status: UNCONFIRMED → RESOLVED
Closed: 11 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.