Closed
Bug 882734
Opened 11 years ago
Closed 11 years ago
Video app crash while reading MPEG4 input buffer
Categories
(Firefox OS Graveyard :: General, defect)
Tracking
(Not tracked)
RESOLVED
DUPLICATE
of bug 880902
People
(Reporter: diego, Unassigned)
Details
Attachments
(1 file)
131.05 KB,
text/plain
|
Details |
This started popping up during our stability tests on Inari v1.1 relatively recently. It seems either the input buffer is invalid or it's reading from an invalid offset. Crash stack below: Crash reason: SIGSEGV Crash address: 0x0 Thread 55 (crashed) 0 0x0 r0 = 0x49e59fa0 r1 = 0x00000001 r2 = 0x48db8148 r3 = 0x00000000 r4 = 0x0000000d r5 = 0x48db8140 r6 = 0x49ede160 r7 = 0x49ede160 r8 = 0x48db8148 r9 = 0x0000000d r10 = 0x000ca664 fp = 0x00000000 sp = 0x4dfffb68 lr = 0x4100eb55 pc = 0x00000000 Found by: given as instruction pointer in context 1 libxul.so!android::Vector<android::InputDispatcher::Connection*>::do_copy + 0xf sp = 0x4dfffb84 pc = 0x4100eb29 Found by: stack scanning 2 0x49ede15e r4 = 0x0000000d sp = 0x4dfffb8c pc = 0x49ede160 Found by: call frame info 3 libstagefright.so!android::MPEG4DataSource::readAt [MPEG4Extractor.cpp : 172 + 0xd] sp = 0x4dfffba0 pc = 0x41d054c5 Found by: stack scanning 4 libstagefright.so!android::MPEG4DataSource::readAt [MPEG4Extractor.cpp : 172 + 0xd] r0 = 0x49ede160 r1 = 0x0000000d r2 = 0x000ca664 r4 = 0x48db82a8 r5 = 0x41d0545d r6 = 0x0000000d r7 = 0x49ede160 r8 = 0x000ca664 r9 = 0x00000000 r10 = 0x000ca671 fp = 0x00000000 sp = 0x4dfffbd0 pc = 0x41d054c5 Found by: call frame info 5 libstagefright.so!android::MPEG4Source::read [MPEG4Extractor.cpp : 2343 + 0x1b] r0 = 0x49ede160 r1 = 0x0000000d r2 = 0x000ca664 r4 = 0x48a9ece0 r5 = 0x41d0545d r6 = 0x48db82a0 r7 = 0x41e02b54 r8 = 0x48db8820 r9 = 0x4a093130 r10 = 0x4dfffd60 fp = 0x00000001 sp = 0x4dfffc00 pc = 0x41d05787 Found by: call frame info 6 libstagefright.so!android::OMXCodec::drainInputBuffer [OMXCodec.cpp : 4213 + 0x7] r4 = 0x4507f980 r5 = 0x483bbc90 r6 = 0x00000000 r7 = 0x41e02b54 r8 = 0x48db8820 r9 = 0x4a093130 r10 = 0x4dfffd10 fp = 0x00000001 sp = 0x4dfffcd8 pc = 0x41d14215 Found by: call frame info 7 libstagefright.so!android::OMXCodec::on_message [OMXCodec.cpp : 3122 + 0x5] r4 = 0x4507f980 r5 = 0x00000002 r6 = 0x4dfffd9c r7 = 0x00000001 r8 = 0x4507f9d4 r9 = 0x4a093130 r10 = 0x00100000 fp = 0x00000001 sp = 0x4dfffd98 pc = 0x41d17a91 Found by: call frame info 8 libstagefright.so!android::OMXCodecObserver::onMessage [OMXCodec.cpp : 322 + 0x7] r4 = 0x4507fa34 r5 = 0x4dfffe60 r6 = 0x49ede258 r7 = 0x4dfffe80 r8 = 0x49ede264 r9 = 0x4a093130 r10 = 0x00100000 fp = 0x00000001 sp = 0x4dfffe30 pc = 0x41d18075 Found by: call frame info 9 libstagefright_omx.so!android::OMXNodeInstance::onMessage [OMXNodeInstance.cpp : 682 + 0x7] r0 = 0x48db8800 r1 = 0x4507f980 r2 = 0x41d18045 r4 = 0x4dfffe60 r5 = 0x49ede190 r6 = 0x49ede258 r7 = 0x4dfffe80 r8 = 0x49ede264 r9 = 0x4a093130 r10 = 0x00100000 fp = 0x00000001 sp = 0x4dfffe48 pc = 0x42154c0b Found by: call frame info 10 libstagefright_omx.so!android::OMX::CallbackDispatcher::dispatch [OMX.cpp : 125 + 0x3] r4 = 0x4dfffe60 r5 = 0x49ede250 r6 = 0x49ede258 r7 = 0x4dfffe80 r8 = 0x49ede264 r9 = 0x4a093130 r10 = 0x00100000 fp = 0x00000001 sp = 0x4dfffe58 pc = 0x42153da3 Found by: call frame info 11 libstagefright_omx.so!android::OMX::CallbackDispatcher::loop [OMX.cpp : 146 + 0x7] r4 = 0x4dfffe60 r5 = 0x49ede250 r6 = 0x49ede258 r7 = 0x4dfffe80 r8 = 0x49ede264 r9 = 0x4a093130 r10 = 0x00100000 fp = 0x00000001 sp = 0x4dfffe60 pc = 0x42153e1b Found by: call frame info 12 libstagefright_omx.so!android::OMX::CallbackDispatcherThread::threadLoop [OMX.cpp : 155 + 0x5] r4 = 0x49ede2b0 r5 = 0x00000001 r6 = 0x49ede2bc r7 = 0x4dfffeb4 r8 = 0x4dfffeb0 r9 = 0x4a093130 r10 = 0x00100000 fp = 0x00000001 sp = 0x4dfffea0 pc = 0x42153e25 Found by: call frame info 13 libutils.so!android::Thread::_threadLoop [Threads.cpp : 834 + 0x5] r4 = 0x49ede2b0 r5 = 0x00000001 r6 = 0x49ede2bc r7 = 0x4dfffeb4 r8 = 0x4dfffeb0 r9 = 0x4a093130 r10 = 0x00100000 fp = 0x00000001 sp = 0x4dfffea8 pc = 0x40145e59 Found by: call frame info 14 libutils.so!thread_data_t::trampoline [Threads.cpp : 127 + 0x3] r0 = 0x49ede2b0 r1 = 0x4a093120 r2 = 0x00000000 r3 = 0x49ede2b0 r4 = 0x4a093140 r5 = 0x40145de5 r6 = 0x49ede2b0 r7 = 0xfffffffe r8 = 0x40146409 r9 = 0x4a093130 r10 = 0x00100000 fp = 0x00000001 sp = 0x4dfffed0 pc = 0x4014649f Found by: call frame info 15 libc.so!__thread_entry [pthread.c : 217 + 0x6]
Comment 1•11 years ago
|
||
Do we know what real-world scenarios this could happen in?
Comment 2•11 years ago
|
||
I have no idea about it. Diego, can we have more information about the crash? Like decoded minidump of crash or adb logcat.
Reporter | ||
Comment 3•11 years ago
|
||
This is the full minidump. It happened after several hours of stress testing, so the logcat log is >200MB long!
Updated•11 years ago
|
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•