Closed Bug 829461 Opened 11 years ago Closed 11 years ago

WebRTC crash [@nsDOMMediaStream::GetHintContents]

Categories

(Core :: WebRTC, defect, P1)

Product:
Core
Component:
WebRTC
Platform:
x86_64
macOS
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla21

People

(Reporter: posidron, Assigned: abr)

References

Details

(Keywords: crash, Whiteboard: [webrtc][blocking-webrtc+][qa-])

Crash Data

Attachments

(3 files, 1 obsolete file)

callstack
4.43 KB, text/plain
Details
NSPR_LOG
119.04 KB, text/plain
Details
Check for NULL media stream
4.38 KB, patch
abr
: review+
jesup
: checkin+
Details | Diff | Splinter Review
Attached file callstack 
I am seeing this crash only from time to time while trying to fuzz the SDP.

Tested with m-c changeset: 118260:f60b87eed1ac
Attached file NSPR_LOG 
Assignee: nobody → adam
Priority: -- → P1
Whiteboard: [webrtc][blocking-webrtc+]

    
    

    
  
(In reply to Christoph Diehl [:cdiehl] from comment #0)
> Created attachment 700894 [details]
> callstack
> 
> I am seeing this crash only from time to time while trying to fuzz the SDP.

Can you attach the template you're using? Is there any particular seed that triggers this crash?

    
    

    
  
Hi Adam, I am using the same template as in https://bugzilla.mozilla.org/show_bug.cgi?id=828147 there is no particular seed to reproduce this issue, it happens randomly from time to time.

    
    

    
  
Okay, reading the code, it looks like you've managed to trigger some path in which the remote stream pointer (type RemoteSourceStreamInfo) is non-null, but calling its GetMediaStream() method returns a null.  I think the most straightforward fix would be to treat this set of circumstances equivalent to the remote stream being null.

    
    

    
  
Assuming we're not seeing memory corruption, this condition appears to arise from a race wherein RemoteSourceStreamInfo::Detatch() is being called before the REMOTESTREAMADD event comes back from the SIPCC layer. Given that this can only happen if the associated stream is going away, I believe it's safe to simply not process the event under these circumstances.

    
    

    
  

      
      
      
      

        Attached patch
          
          
        Check for NULL media stream (obsolete)
        — Splinter Review
      

    


  

    
  
Status: NEW → ASSIGNED

    
    

    
  
Christoph: can you try applying the attached patch and see if it prevents this crash in your fuzzing?
Flags: needinfo?(cdiehl)

    
    

    
  
Till now I haven't seen that crash again, although it didn't pop up that much before.
Flags: needinfo?(cdiehl)

    
    

    
  
Christoph: Okay, thanks for checking. I'm pretty comfortable with my analysis of what's going on here, so I'm going to go ahead and get this patch landed.

    
  

        Attachment #703050 -
        Flags: review?(ethanhugg)

    
    

    
  
Comment on attachment 703050 [details] [diff] [review]
Check for NULL media stream

Review of attachment 703050 [details] [diff] [review]:
-----------------------------------------------------------------

::: media/webrtc/signaling/src/peerconnection/PeerConnectionImpl.cpp
@@ +176,5 @@
>              stream = mRemoteStream->GetMediaStream();
> +          }
> +
> +          if (!stream) {
> +            CSFLogErrorS(logTag, __FUNCTION__ << " GetMediaStream returned NULL");

Doesn't need changing, but I wanted to remind you than these stream version log functions only work with DEBUG on.  Streams were deemed to be a bad thing for release.  So if you are testing  and looking for this log message you'll need to be an a debug build.

::: media/webrtc/signaling/src/peerconnection/PeerConnectionMedia.h
@@ +161,5 @@
>  class LocalSourceStreamInfo {
>  public:
>    LocalSourceStreamInfo(nsDOMMediaStream* aMediaStream)
> +    : mMediaStream(aMediaStream) {
> +      PR_ASSERT(aMediaStream);

I believe MOZ_ASSERT is the preferred one to use here

@@ +200,5 @@
>   public:
>    RemoteSourceStreamInfo(nsDOMMediaStream* aMediaStream) :
>      mMediaStream(already_AddRefed<nsDOMMediaStream>(aMediaStream)),
> +    mPipelines() {
> +      PR_ASSERT(aMediaStream);

MOZ_ASSERT

        Attachment #703050 -
        Flags: review?(ethanhugg) → review+

    
    

    
  
(In reply to Ethan Hugg [:ehugg] from comment #10)

> Doesn't need changing, but I wanted to remind you than these stream version
> log functions only work with DEBUG on.  Streams were deemed to be a bad
> thing for release.  So if you are testing  and looking for this log message
> you'll need to be an a debug build.

Thanks for the heads-up. I think having these only in debug is fine for now.

    
    

    
  


  

    
  

        Attachment #703050 -
        Attachment is obsolete: true

    
    

    
  
Comment on attachment 703574 [details] [diff] [review]
Check for NULL media stream

Carrying r+ forward from ehugg

        Attachment #703574 -
        Flags: review+

        Attachment #703574 -
        Flags: checkin?(rjesup)

        Attachment #703574 -
        Flags: checkin?(rjesup) → checkin+

    
    

    
  
https://hg.mozilla.org/mozilla-central/rev/ea6b3f0cdd25
Status: ASSIGNED → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Whiteboard: [webrtc][blocking-webrtc+] → [webrtc][blocking-webrtc+][qa-]
Flags: in-testsuite-

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: