Closed
Bug 889042
Opened 11 years ago
Closed 11 years ago
crash in mozilla::dom::ConvolverNode::SetBuffer(JSContext*, mozilla::dom::AudioBuffer*, mozilla::ErrorResult&)
Categories
(Core :: Web Audio, defect)
Tracking
()
VERIFIED
FIXED
mozilla25
| Tracking | Status | |
|---|---|---|
| firefox23 | --- | unaffected |
| firefox24 | --- | fixed |
| firefox25 | --- | verified |
People
(Reporter: marcia, Assigned: ehsan.akhgari)
References
()
Details
(Keywords: crash, regression, reproducible)
Crash Data
Attachments
(1 file)
|
2.24 KB,
patch
|
padenot
:
review+
|
Details | Diff | Splinter Review |
This bug was filed from the Socorro interface and is report bp-0e11d200-e875-4ece-8821-b629c2130701 . ============================================================= Low volume crash found in crash stats - STR: 1. Load http://webaudiodemos.appspot.com/MIDIDrums/index.html 2. Crash Frame Module Signature Source 0 XUL mozilla::dom::ConvolverNode::SetBuffer(JSContext*, mozilla::dom::AudioBuffer*, mozilla::ErrorResult&) obj-firefox/x86_64/dist/include/nsTArray.h 1 XUL mozilla::dom::ConvolverNodeBinding::set_buffer obj-firefox/x86_64/dom/bindings/ConvolverNodeBinding.cpp 2 XUL mozilla::dom::ConvolverNodeBinding::genericSetter obj-firefox/x86_64/dom/bindings/ConvolverNodeBinding.cpp 3 XUL js::Invoke(JSContext*, JS::CallArgs, js::MaybeConstruct) js/src/jscntxtinlines.h 4 XUL js::Invoke(JSContext*, JS::Value const&, JS::Value const&, unsigned int, JS::Value*, JS::Value*) js/src/vm/Interpreter.cpp 5 XUL js::InvokeGetterOrSetter(JSContext*, JSObject*, JS::Value const&, unsigned int, JS::Value*, JS::Value*) js/src/vm/Interpreter.cpp 6 XUL js::Shape::set(JSContext*, JS::Handle<JSObject*>, JS::Handle<JSObject*>, bool, JS::MutableHandle<JS::Value>) js/src/vm/Shape-inl.h 7 XUL js::baseops::SetPropertyHelper(JSContext*, JS::Handle<JSObject*>, JS::Handle<JSObject*>, JS::Handle<long>, unsigned int, JS::MutableHandle<JS::Value>, int) js/src/jsobj.cpp 8 XUL SetPropertyOperation(JSContext*, JS::Handle<JSScript*>, unsigned char*, JS::Handle<JS::Value>, JS::Handle<JS::Value>) js/src/jsobjinlines.h 9 XUL Interpret js/src/vm/Interpreter.cpp 10 XUL js::RunScript(JSContext*, js::RunState&) js/src/vm/Interpreter.cpp 11 XUL js::Invoke(JSContext*, JS::CallArgs, js::MaybeConstruct) js/src/vm/Interpreter.cpp 12 XUL js::Invoke(JSContext*, JS::Value const&, JS::Value const&, unsigned int, JS::Value*, JS::Value*) js/src/vm/Interpreter.cpp 13 XUL JS_CallFunctionValue(JSContext*, JSObject*, JS::Value, unsigned int, JS::Value*, JS::Value*) js/src/jsapi.cpp 14 XUL mozilla::dom::EventHandlerNonNull::Call(JSContext*, JS::Handle<JSObject*>, nsDOMEvent&, mozilla::ErrorResult&) obj-firefox/x86_64/dom/bindings/EventHandlerBinding.cpp 15 XUL nsJSEventListener::HandleEvent(nsIDOMEvent*) obj-firefox/x86_64/dist/include/mozilla/dom/EventHandlerBinding.h 16 XUL nsEventListenerManager::HandleEventSubType(nsListenerStruct*, mozilla::dom::CallbackObjectHolder<mozilla::dom::EventListener, nsIDOMEventListener> const&, nsIDOMEvent*, mozilla::dom::EventTarget*, nsCxPusher*) content/events/src/nsEventListenerManager.cpp 17 XUL nsEventListenerManager::HandleEventInternal(nsPresContext*, nsEvent*, nsIDOMEvent**, mozilla::dom::EventTarget*, nsEventStatus*, nsCxPusher*) content/events/src/nsEventListenerManager.cpp 18 XUL nsEventTargetChainItem::HandleEvent(nsEventChainPostVisitor&, bool, nsCxPusher*) content/events/src/nsEventListenerManager.h 19 XUL nsEventTargetChainItem::HandleEventTargetChain(nsEventChainPostVisitor&, nsDispatchingCallback*, bool, nsCxPusher*) content/events/src/nsEventDispatcher.cpp 20 XUL nsEventDispatcher::Dispatch(nsISupports*, nsPresContext*, nsEvent*, nsIDOMEvent*, nsEventStatus*, nsDispatchingCallback*, nsCOMArray<mozilla::dom::EventTarget>*) content/events/src/nsEventDispatcher.cpp 21 XUL nsEventDispatcher::DispatchDOMEvent(nsISupports*, nsEvent*, nsIDOMEvent*, nsPresContext*, nsEventStatus*) content/events/src/nsEventDispatcher.cpp 22 XUL nsXMLHttpRequest::DispatchProgressEvent(nsDOMEventTargetHelper*, nsAString_internal const&, bool, unsigned long long, unsigned long long) content/base/src/nsXMLHttpRequest.cpp 23 XUL nsXMLHttpRequest::ChangeStateToDone() content/base/src/nsXMLHttpRequest.cpp 24 XUL nsXMLHttpRequest::OnStopRequest(nsIRequest*, nsISupports*, tag_nsresult) content/base/src/nsXMLHttpRequest.cpp 25 XUL nsCORSListenerProxy::OnStopRequest(nsIRequest*, nsISupports*, tag_nsresult) content/base/src/nsCrossSiteListenerProxy.cpp 26 XUL nsStreamListenerTee::OnStopRequest(nsIRequest*, nsISupports*, tag_nsresult) /builds/slave/m-in-osx64-0000000000000000000/build/obj-firefox/x86_64/netwerk/base/src/../../../../../netwerk/base/src/nsStreamListenerTee.cpp 27 XUL mozilla::net::nsHttpChannel::OnStopRequest(nsIRequest*, nsISupports*, tag_nsresult) netwerk/protocol/http/nsHttpChannel.cpp 28 XUL nsInputStreamPump::OnStateStop() netwerk/base/src/nsInputStreamPump.cpp 29 XUL nsInputStreamPump::OnInputStreamReady(nsIAsyncInputStream*) netwerk/base/src/nsInputStreamPump.cpp 30 XUL nsInputStreamReadyEvent::Run() /builds/slave/m-in-osx64-0000000000000000000/build/obj-firefox/x86_64/xpcom/io/../../../../xpcom/io/nsStreamUtils.cpp 31 XUL nsThread::ProcessNextEvent(bool, bool*) /builds/slave/m-in-osx64-0000000000000000000/build/obj-firefox/x86_64/xpcom/threads/../../../../xpcom/threads/nsThread.cpp 32 XUL NS_ProcessPendingEvents(nsIThread*, unsigned int) /builds/slave/m-in-osx64-0000000000000000000/build/obj-firefox/x86_64/xpcom/build/nsThreadUtils.cpp 33 XUL nsBaseAppShell::NativeEventCallback() /builds/slave/m-in-osx64-0000000000000000000/build/obj-firefox/x86_64/widget/xpwidgets/../../../../widget/xpwidgets/nsBaseAppShell.cpp 34 XUL nsAppShell::ProcessGeckoEvents(void*) widget/cocoa/nsAppShell.mm 35 CoreFoundation CoreFoundation@0x11701 36 CoreFoundation CoreFoundation@0x10fd2 37 CoreFoundation CoreFoundation@0x2e847 38 firefox main browser/app/nsBrowserApp.cpp 39 CoreFoundation CoreFoundation@0x2dfc3
|
Reporter | |
Comment 1•11 years ago
|
||
This crash is from an earlier June build, but it crashes using Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:25.0) Gecko/20130701 Firefox/25.0 as well.
|
||
Comment 2•11 years ago
|
||
On Windows: bp-ccab535e-fb24-48d9-b3b9-1b19c2130701. It might be a regression from bug 815643.
status-firefox23:
--- → unaffected
status-firefox24:
--- → affected
status-firefox25:
--- → affected
Component: DOM → Web Audio
Keywords: regression,
regressionwindow-wanted
OS: Mac OS X → All
Version: 25 Branch → 24 Branch
|
||
Comment 3•11 years ago
|
||
Regression window(m-i) Good: http://hg.mozilla.org/integration/mozilla-inbound/rev/5eb3a09775c9 Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20130610 Firefox/24.0 ID:20130610170913 Bad: http://hg.mozilla.org/integration/mozilla-inbound/rev/63386b71d1b5 Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20130610 Firefox/24.0 ID:20130610171118 Pushlog: http://hg.mozilla.org/integration/mozilla-inbound/pushloghtml?fromchange=5eb3a09775c9&tochange=63386b71d1b5
|
|
||
Updated•11 years ago
|
Blocks: 815643
Keywords: regressionwindow-wanted
|
|
||
Comment 4•11 years ago
|
||
The IDL has:
16 [SetterThrows]
17 attribute AudioBuffer? buffer;
The implementation looks like this:
169 ConvolverNode::SetBuffer(JSContext* aCx, AudioBuffer* aBuffer, ErrorResult& aRv)
170 {
171 switch (aBuffer->NumberOfChannels()) {
So doing |convolver.buffer = null| had better crash with the observed stack...Flags: needinfo?(ehsan)
|
Assignee | |
Comment 5•11 years ago
|
||
Yes, indeed. My bad.
Assignee: nobody → ehsan
Flags: needinfo?(ehsan)
|
|
Assignee | |
Comment 6•11 years ago
|
||
Attachment #770229 -
Flags: review?(paul)
|
||
Updated•11 years ago
|
Attachment #770229 -
Flags: review?(paul) → review+
|
|
Assignee | |
Comment 7•11 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/2319bcd35be7 checkin-needed for Aurora, with a=webaudio.
Keywords: checkin-needed
|
||
Comment 8•11 years ago
|
||
(In reply to :Ehsan Akhgari (needinfo? me!) from comment #7) > with a=webaudio. Why not. https://hg.mozilla.org/releases/mozilla-aurora/rev/da777cbc8020
|
|
||
Comment 9•11 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/2319bcd35be7
Status: NEW → RESOLVED
Closed: 11 years ago
Flags: in-testsuite+
Resolution: --- → FIXED
Target Milestone: --- → mozilla25
|
||
Comment 10•11 years ago
|
||
No crash in FF 25b2 Mac OS X 10.8.4, Win 7. But I also couldn't reproduced the initial crash on nightly 2013-07-01. There are no crashes in the last 4 weeks in the crash stats, so I'm marking this verified.
You need to log in
before you can comment on or make changes to this bug.
Description
•