Closed Bug 858176 Opened 11 years ago Closed 11 years ago

WebRTC calls crash in DeleteGlobalRef in release mode builds only

Categories

(Core :: WebRTC, defect)

Product:
Core
Component:
WebRTC
Platform:
ARM
Android
Type:
defect
Priority:
Not set
Severity:
major

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla23

People

(Reporter: gcp, Assigned: gcp)

References

Details

(Keywords: crash, Whiteboard: [native-crash][webrtc][android-webrtc+][blocking-webrtc-][qa-])

Crash Data

Attachments

(1 file)

Patch 1. Delete the ref before detaching from the JVM
1.38 KB, patch
blassey
: review+
Details | Diff | Splinter Review 
So, turns out the code is breaking when you do a release build, specifically compile without --enable-debug:

I don't immediately see anything wrong here.

Program received signal SIGSEGV, Segmentation fault.
Loading libraries and symbols...
[Switching to Thread 31656]
0x72ef9050 in ?? ()
(gdb) bt
#0  0x72ef9050 in ?? ()
#1  0x7a16ddf4 in DeleteGlobalRef (globalRef=0x1d400332, this=<optimized out>)
    at /home/morbo/android-ndk-r8c/platforms/android-9/arch-arm/usr/include/jni.h:566
#2  webrtc::videocapturemodule::DeviceInfoAndroid::CreateCapabilityMap (this=0x78dc9af0, 
    deviceUniqueIdUTF8=0x7dd380f8 "Camera 1, Facing front, Orientation 270")
    at /home/morbo/hg/mozilla-central/media/webrtc/trunk/webrtc/modules/video_capture/android/device_info_android.cc:262
#3  0x7a16c50a in webrtc::videocapturemodule::DeviceInfoImpl::NumberOfCapabilities (
    this=0x78dc9af0, deviceUniqueIdUTF8=0x7dd380f8 "Camera 1, Facing front, Orientation 270")
    at /home/morbo/hg/mozilla-central/media/webrtc/trunk/webrtc/modules/video_capture/device_info_impl.cc:76
#4  0x7a1c12f6 in webrtc::ViEInputManager::NumberOfCaptureCapabilities (this=<optimized out>, 
    device_unique_idUTF8=0x7dd380f8 "Camera 1, Facing front, Orientation 270")
    at /home/morbo/hg/mozilla-central/media/webrtc/trunk/webrtc/video_engine/vie_input_manager.cc:97
#5  0x7a1ab7d2 in webrtc::ViECaptureImpl::NumberOfCapabilities (this=0x78a97900, 
    unique_idUTF8=0x7dd380f8 "Camera 1, Facing front, Orientation 270", 
    unique_idUTF8Length=<optimized out>)
    at /home/morbo/hg/mozilla-central/media/webrtc/trunk/webrtc/video_engine/vie_capture_impl.cc:442
#6  0x79835bd8 in mozilla::MediaEngineWebRTCVideoSource::ChooseCapability (this=0x7dd38000, 
    aPrefs=...)
    at /home/morbo/hg/mozilla-central/content/media/webrtc/MediaEngineWebRTCVideo.cpp:157
#7  0x79835cb8 in mozilla::MediaEngineWebRTCVideoSource::Allocate (this=0x7dd38000, aPrefs=...)
    at /home/morbo/hg/mozilla-central/content/media/webrtc/MediaEngineWebRTCVideo.cpp:224
#8  0x79715574 in ProcessGetUserMedia (aVideoSource=0x7dd38000, aAudioSource=0x0, this=0x786f5fb0)
    at /home/morbo/hg/mozilla-central/dom/media/MediaManager.cpp:697
#9  mozilla::GetUserMediaRunnable::Run (this=0x786f5fb0)
    at /home/morbo/hg/mozilla-central/dom/media/MediaManager.cpp:558
#10 0x79e0368c in nsThread::ProcessNextEvent (this=0x7842d640, mayWait=<optimized out>, 
    result=0x805afea7) at /home/morbo/hg/mozilla-central/xpcom/threads/nsThread.cpp:627
#11 0x79ddc3a2 in NS_ProcessNextEvent (thread=<optimized out>, mayWait=<optimized out>)
    at /home/morbo/hg/mozilla-central/objdir-android/xpcom/build/nsThreadUtils.cpp:238
#12 0x79e037fa in nsThread::ThreadFunc (arg=0x7842d640)
    at /home/morbo/hg/mozilla-central/xpcom/threads/nsThread.cpp:265
#13 0x77033c32 in _pt_root (arg=0x7dd6fa80)
    at /home/morbo/hg/mozilla-central/nsprpub/pr/src/pthreads/ptthread.c:191
#14 0x401353dc in __thread_entry ()
   from /home/morbo/jimdb/moz-gdb/lib/00658c727e962a43/system/lib/libc.so
#15 0x40134ac8 in pthread_create ()
   from /home/morbo/jimdb/moz-gdb/lib/00658c727e962a43/system/lib/libc.so
#16 0x00000000 in ?? ()
(gdb) up
#1  0x7a16ddf4 in DeleteGlobalRef (globalRef=0x1d400332, this=<optimized out>)
    at /home/morbo/android-ndk-r8c/platforms/android-9/arch-arm/usr/include/jni.h:566
566	    { functions->DeleteGlobalRef(this, globalRef); }
(gdb) up
#2  webrtc::videocapturemodule::DeviceInfoAndroid::CreateCapabilityMap (this=0x78dc9af0, 
    deviceUniqueIdUTF8=0x7dd380f8 "Camera 1, Facing front, Orientation 270")
    at /home/morbo/hg/mozilla-central/media/webrtc/trunk/webrtc/modules/video_capture/android/device_info_android.cc:262
262	  env->DeleteGlobalRef(javaCapClass);
Whiteboard: [webrtc][android-webrtc+]
  VideoCaptureAndroid::ReleaseAndroidDeviceInfoObjects(attached);
  WEBRTC_TRACE(webrtc::kTraceInfo, webrtc::kTraceVideoCapture, _id,
               "CreateCapabilityMap %d", _captureCapabilities.Size());

  env->DeleteGlobalRef(javaCapClass);

ReleaseAndroidDeviceInfoObjects does a g_jvm->DetachCurrentThread(), so I'm guessing you can't do env->WhatEverJNICall after that point.
Crash Signature: [@ webrtc::videocapturemodule::DeviceInfoAndroid::CreateCapabilityMap (deviceUniqueIdUTF8)]
Keywords: crash
Whiteboard: [webrtc][android-webrtc+] → [native-crash][webrtc][android-webrtc+]
That seems pretty plausible, and easy enough to test by hoisting that DeleteGlobalRef statement up a few lines too.
Whiteboard: [native-crash][webrtc][android-webrtc+] → [native-crash][webrtc][android-webrtc+][blocking-webrtc-]
Attachment #733833 - Flags: review?(blassey.bugs) → review+
https://hg.mozilla.org/mozilla-central/rev/0ce9544cbb8f
Assignee: nobody → gpascutto
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla23
Whiteboard: [native-crash][webrtc][android-webrtc+][blocking-webrtc-] → [native-crash][webrtc][android-webrtc+][blocking-webrtc-][qa-]
Flags: in-testsuite-
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: