Closed
Bug 820072
Opened 12 years ago
Closed 11 years ago
ASSERTION: You can't dereference a NULL nsRefPtr with operator->().: 'mRawPtr != 0' when calling 'remoteStreams.length' on closed peer connection instance [@ mozilla::dom::MediaStreamList::Length()]
Categories
(Core :: WebRTC: Networking, defect, P1)
Tracking
()
RESOLVED
WORKSFORME
Tracking | Status | |
---|---|---|
firefox18 | --- | unaffected |
firefox19 | --- | unaffected |
firefox20 | --- | affected |
People
(Reporter: whimboo, Assigned: jesup)
References
()
Details
(4 keywords, Whiteboard: [WebRTC][blocking-webrtc+])
Crash Data
Attachments
(1 file)
2.16 KB,
text/html
|
Details |
Firefox asserts and crashes when loading the following testcase with: 0:08.50 ###!!! ASSERTION: You can't dereference a NULL nsRefPtr with operator->().: 'mRawPtr != 0', file /Volumes/data/code/firefox/nightly/media/webrtc/signaling//../../../xpcom/base/nsAutoPtr.h, line 1024 0:08.50 WARNING: no real random source present! 0:18.61 mozilla::dom::MediaStreamListBinding::get_length [/Volumes/data/code/firefox/obj/debug/dom/bindings/MediaStreamListBinding.cpp:28] 0:18.61 mozilla::dom::MediaStreamListBinding::genericGetter [/Volumes/data/code/firefox/obj/debug/dom/bindings/MediaStreamListBinding.cpp:59] 0:18.61 js::CallJSNative(JSContext*, int (*)(JSContext*, unsigned int, JS::Value*), JS::CallArgs const&) [js/src/jscntxtinlines.h:364] 0:18.61 js::InvokeKernel(JSContext*, JS::CallArgs, js::MaybeConstruct) [js/src/jsinterp.cpp:362]
Reporter | ||
Updated•12 years ago
|
Crash Signature: [@ mozilla::dom::MediaStreamList::Length()]
Summary: ASSERTION: You can't dereference a NULL nsRefPtr with operator->().: 'mRawPtr != 0' when calling 'remoteStreams.length' on closed peer connection instance → ASSERTION: You can't dereference a NULL nsRefPtr with operator->().: 'mRawPtr != 0' when calling 'remoteStreams.length' on closed peer connection instance [@ mozilla::dom::MediaStreamList::Length()]
Reporter | ||
Comment 1•12 years ago
|
||
Adding the first 10 frames for now. More you can find in the crash report: 0 XUL mozilla::dom::MediaStreamList::Length nsTArray.h:204 1 XUL mozilla::dom::MediaStreamListBinding::get_length MediaStreamListBinding.cpp:28 2 XUL mozilla::dom::MediaStreamListBinding::genericGetter MediaStreamListBinding.cpp:59 3 XUL js::InvokeKernel jscntxtinlines.h:364 4 XUL js::Invoke jsinterp.h:109 5 XUL js::InvokeGetterOrSetter jsinterp.cpp:487 6 XUL js::Shape::get jsscopeinlines.h:295 7 XUL js::baseops::GetProperty jsobj.cpp:4240 8 XUL JS_ForwardGetPropertyTo jsobjinlines.h:172 9 XUL mozilla::dom::GetPropertyOnPrototype BindingUtils.cpp:1081 10 XUL mozilla::dom::MediaStreamListBinding::DOMProxyHandler::get MediaStreamListBinding.cpp:353
Reporter | ||
Updated•12 years ago
|
Whiteboard: [WebRTC] → [WebRTC][automation-blocked]
Assignee | ||
Comment 2•12 years ago
|
||
Caused by a null media() pointer after Closing a PeerConnection.
Group: core-security
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → DUPLICATE
Reporter | ||
Comment 3•12 years ago
|
||
As talked on bug 819513 this crash is not fixed and that given it cannot be a dupe. Reopening.
Status: RESOLVED → REOPENED
Resolution: DUPLICATE → ---
Comment 4•12 years ago
|
||
This new crash as of 12/10 appears to be a lack of implementation of the remoteStreams primitive. Assigning to jesup.
Assignee: nobody → rjesup
Assignee | ||
Updated•12 years ago
|
Priority: -- → P1
Whiteboard: [WebRTC][automation-blocked] → [WebRTC][blocking-webrtc+][automation-blocked]
Updated•12 years ago
|
status-firefox18:
--- → disabled
status-firefox19:
--- → disabled
Comment 5•12 years ago
|
||
using a null ref/comptr is usually not exploitable -- unhide the bug?
status-firefox20:
--- → affected
Keywords: regression
Reporter | ||
Updated•12 years ago
|
Group: core-security
Comment 7•11 years ago
|
||
agreeing w/myself in comment 5 to clear the needinfo? -- if that's not what you were asking please re-add the flag
Flags: needinfo?(dveditz)
Assignee | ||
Comment 8•11 years ago
|
||
re-closing as this appears to be fixed; I tested a bunch of times with no problems. Lots of fixes and refactorings to the PC->media connection and lifetime management has happened since then.
Status: REOPENED → RESOLVED
Closed: 12 years ago → 11 years ago
Resolution: --- → WORKSFORME
Reporter | ||
Updated•11 years ago
|
Whiteboard: [WebRTC][blocking-webrtc+][automation-blocked] → [WebRTC][blocking-webrtc+]
You need to log in
before you can comment on or make changes to this bug.
Description
•