Closed
Bug 819513
Opened 12 years ago
Closed 12 years ago
Crashes due to null media() during PeerCOnnection shutdown
Categories
(Core :: WebRTC, defect)
Core
WebRTC
Tracking
()
RESOLVED
DUPLICATE
of bug 820671
Tracking | Status | |
---|---|---|
firefox20 | --- | affected |
People
(Reporter: jesup, Assigned: posidron)
References
Details
(Keywords: crash, csectype-nullptr, testcase, Whiteboard: [WebRTC][blocking-webrtc+])
Christoph Diehl [:cdiehl] It does crash at random locations: #0 0x108aee15c in mozilla::RefPtr<mozilla::NrIceCtx>::RefPtr RefPtr.h:102 #1 0x108b3d3d4 in sipcc::PeerConnectionMedia::ice_ctx const PeerConnectionMedia.h:259 #0 0x10501398c in nsTArray_base<nsTArrayDefaultAllocator>::Length const nsTArray.h:204 #1 0x108b8497b in sipcc::PeerConnectionMedia::AddRemoteStream PeerConnectionMedia.cpp:304 These are null derefs due to pc->impl()->media() is NULL; the PeerConnectionImpl is being shutdown and has nulled the media pointer. There might be a worse hole if the pointer has been grabbed before it was nulled, and then used after the PeerConnectionMedia object is freed. We don't have a strong ref to it. Likely this will be resolved by bug 792175; if it's not then we'll need to look closer.
Updated•12 years ago
|
Flags: in-testsuite-
Comment 1•12 years ago
|
||
Not enough information at this point to warrant a crashtest.
Comment 3•12 years ago
|
||
Adding automation-blocked here given that my bug is a dupe of that one.
Whiteboard: [automation-blocked]
Comment 4•12 years ago
|
||
My duped bug 820072 has a testcase attached. It's attachment 690492 [details]. So everything we need is available.
Flags: in-testsuite- → in-testsuite?
Keywords: testcase
Comment 5•12 years ago
|
||
bug 792175 is now fixed, is this bug also resolved as comment 0 guessed it would be?
status-firefox20:
--- → affected
Keywords: csec-nullptr
Updated•12 years ago
|
Whiteboard: [automation-blocked] → [WebRTC][automation-blocked][blocking-webrtc+]
Updated•12 years ago
|
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → DUPLICATE
Comment 7•12 years ago
|
||
Bug 820671 is not a specific crash so we shouldn't dupe but mark it on the dependency list. That way it's also easier to proof if known crashes are really fixed by the implementation or not.
Reporter | ||
Comment 8•12 years ago
|
||
Please retest or weigh in on whether this is still an issue, now that the Lock/dispatch and media() fixes have landed. -> cdiehl for re-evaluation
Assignee: nobody → cdiehl
Keywords: qawanted
Comment 9•12 years ago
|
||
It's still crashing with the latest nightly build from today. So it's not fixed yet and the patch on bug 820671 was not that effective as we probably thought. :/ Report: bp-59063487-25ad-418f-a444-826682121214
Status: REOPENED → NEW
Assignee | ||
Comment 10•12 years ago
|
||
(In reply to Henrik Skupin (:whimboo) from comment #9) > So it's not fixed yet and the patch on bug 820671 was not that effective as we probably thought. :/ Ack.
Comment 11•12 years ago
|
||
The crash shown in c9 doesn't appear to be in this section of code and in fact appears to be I suggest we close this bug and create a new one for the crash in c9.
Comment 12•12 years ago
|
||
In this case I will reopen my bug 820072 which has been duped against this one. Feel free to close this bug or whatever is appropriate.
Reporter | ||
Comment 13•12 years ago
|
||
re-duping
Status: NEW → RESOLVED
Closed: 12 years ago → 12 years ago
Resolution: --- → DUPLICATE
Updated•11 years ago
|
Whiteboard: [WebRTC][automation-blocked][blocking-webrtc+] → [WebRTC][blocking-webrtc+]
Updated•9 years ago
|
Group: core-security
You need to log in
before you can comment on or make changes to this bug.
Description
•