Closed Bug 882589 Opened 11 years ago Closed 11 years ago

crash in mozilla::BufferMediaResource::Read

Categories

(Core :: Web Audio, defect)

Product:
Core
Component:
Web Audio
Version:
24 Branch
Platform:
All
Windows 7
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED WORKSFORME
Tracking Flags:
Tracking Status
firefox23 --- unaffected
firefox24 --- unaffected
firefox25 --- unaffected

People

(Reporter: scoobidiver, Assigned: rillian)

References

(
URL
)

Details

(Keywords: crash, regression, reproducible)

Crash Data

Bug 862709 has been back at a high volume in Aurora and Nightly since June 12, 17:30 UTC, likely for an external cause.

Signature 	_VEC_memcpy | mozilla::BufferMediaResource::Read(char*, unsigned int, unsigned int*) More Reports Search
UUID	b49305b7-75c3-42d0-87a6-7cf1e2130613
Date Processed	2013-06-13 03:20:02
Uptime	1290
Last Crash	21.8 minutes before submission
Install Age	21.5 minutes since version was first installed.
Install Time	2013-06-13 02:58:26
Product	Firefox
Version	24.0a1
Build ID	20130612031138
Release Channel	nightly
OS	Windows NT
OS Version	6.1.7601 Service Pack 1
Build Architecture	x86
Build Architecture Info	GenuineIntel family 6 model 42 stepping 7
Crash Reason	EXCEPTION_ACCESS_VIOLATION_READ
Crash Address	0x5c380010
App Notes 	
AdapterVendorID: 0x8086, AdapterDeviceID: 0x0126, AdapterSubsysID: 21da17aa, AdapterDriverVersion: 8.15.10.2778
D2D? D2D+ DWrite? DWrite+ D3D10 Layers? D3D10 Layers+ WebGL? EGL? EGL+ GL Context? GL Context+ WebGL+ 
Processor Notes 	sp-processor03_phx1_mozilla_com_4359:2012
EMCheckCompatibility	True
Adapter Vendor ID	0x8086
Adapter Device ID	0x0126
Total Virtual Memory	2147352576
Available Virtual Memory	324030464
System Memory Use Percentage	69
Available Page File	4722184192
Available Physical Memory	1115496448

Frame 	Module 	Signature 	Source
0 	msvcr100.dll 	_VEC_memcpy 	
1 	xul.dll 	mozilla::BufferMediaResource::Read 	obj-firefox/dist/include/BufferMediaResource.h:63
2 	xul.dll 	mozilla::OggReader::ReadOggPage 	content/media/ogg/OggReader.cpp:882
3 	xul.dll 	mozilla::OggReader::ReadMetadata 	content/media/ogg/OggReader.cpp:187
4 	xul.dll 	mozilla::MediaDecodeTask::Decode 	content/media/webaudio/MediaBufferDecoder.cpp:484
5 	xul.dll 	mozilla::MediaDecodeTask::Run 	content/media/webaudio/MediaBufferDecoder.cpp:381
6 	xul.dll 	nsThreadPool::Run 	xpcom/threads/nsThreadPool.cpp:194
7 	xul.dll 	nsThread::ProcessNextEvent 	xpcom/threads/nsThread.cpp:626
8 	xul.dll 	nsThread::ThreadFunc 	xpcom/threads/nsThread.cpp:264
9 	nss3.dll 	_PR_NativeRunThread 	nsprpub/pr/src/threads/combined/pruthr.c:397
10 	nss3.dll 	pr_root 	nsprpub/pr/src/md/windows/w95thred.c:90
11 	msvcr100.dll 	_callthreadstartex 	f:\dd\vctools\crt_bld\self_x86\crt\src\threadex.c:314
12 	msvcr100.dll 	_threadstartex 	f:\dd\vctools\crt_bld\self_x86\crt\src\threadex.c:292
13 	kernel32.dll 	BaseThreadInitThunk 	
14 	ntdll.dll 	__RtlUserThreadStart 	
15 	ntdll.dll 	_RtlUserThreadStart 	

More reports at:
https://crash-stats.mozilla.com/report/list?signature=_VEC_memcpy+|+mozilla%3A%3ABufferMediaResource%3A%3ARead%28char*%2C+unsigned+int%2C+unsigned+int*%29
https://crash-stats.mozilla.com/report/list?signature=memcpy+|+mozilla%3A%3ABufferMediaResource%3A%3ARead%28char*%2C+unsigned+int%2C+unsigned+int*%29
That's a WebAudio call stack. Ehsan, any ideas?
Component: Video/Audio → Web Audio
Flags: needinfo?(ehsan)
This is easily reproducible in Cubeslam on Windows.  It doesn't happen on Mac...
URL: http://cubeslam.com/
Flags: needinfo?(ehsan)
Ralph, can you please take a look?
Assignee: nobody → giles
Keywords: needURLsreproducible
I can reproduce by visiting cubeslam.com in nightly and aurora on my windows vm. Sometimes it takes a few minutes of clicking, sometimes it's instant.

I can't reproduce on Linux of Mac.
I've now managed to step through the crash in the debugger, using the official nightly build, debug symbols from our symbol server, and source from a local checkout.

OggReader::DecodeAudioData() or ::ReadMetadata() is being called with a null or invalid 'this' pointer. Stepping up there's a MediaDecodeTask on the decode thread with an invalid mDecoderReader.

This is after the OggReader dtor is called for a bunch of objects, but I only see MediaDecodeTask::Cleanup in the call stack when the dtor is called.
Is there some progress on this bug?
Because there is another issue with cubeslam.com not loading (see bug 889270) but it's hard to bisect due to this crash.
Flags: needinfo?(giles)
I haven't made any progress on this bug in the last two weeks.
Flags: needinfo?(giles)
FWIW this crash is hard to reproduce on Linux and Mac; you could try bisecting there?
I think this should be a dupe of bug 891986, which merged to mozilla-central today.  Can you please retest on tonight's Nigthly?
Depends on: 891986
Flags: needinfo?(scoobidiver)
I cannot reproduce on my win7 vm with cubeslam or Lumberjack and 25.0a1 (2013-07-15) or (2013-07-17) or today's Aurora (24.0a2 2013-07-17). I can still reproduce with cubeslam and 24.0a1 (2013-06-13) from comment 6. So I can neither confirm nor deny that bug 891986 fixed this as well.
(In reply to :Ehsan Akhgari (needinfo? me!) from comment #11)
> I think this should be a dupe of bug 891986, which merged to mozilla-central
> today.  Can you please retest on tonight's Nigthly?
Neither Nightly nor Aurora crash for me on Lumberjack so it's not fixed by bug 891986's patch which hasn't landed in Aurora.

Based on mozregression, the working range is:
http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=18467a85acf6&tochange=ff0a372e3170
I think it's fixed by bug 886653's patch.
Flags: needinfo?(scoobidiver)
status-firefox22: unaffected → ---
status-firefox23: affectedunaffected
Version: 23 Branch → 24 Branch
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Without a known patch, it can't be marked as fixed.
status-firefox24: affectedunaffected
status-firefox25: affectedunaffected
Resolution: FIXED → WORKSFORME
You need to log in before you can comment on or make changes to this bug.