Closed Bug 898962 Opened 7 years ago Closed 7 years ago

WebAudio crash [@mozilla::dom::MediaStreamAudioSourceNode::QueryInterface]

Categories

(Core :: Web Audio, defect)

x86_64
macOS
defect
Not set
critical

Tracking

()

RESOLVED FIXED
Tracking Status
firefox24 --- unaffected
firefox25 --- fixed
firefox-esr17 --- unaffected
firefox-esr24 --- unaffected
b2g18 --- unaffected
b2g-v1.2 --- ?

People

(Reporter: posidron, Assigned: roc)

References

Details

(Keywords: crash, regression, sec-critical)

Attachments

(2 files)

Attached file testcase.html
The testcase requires approx. 10-15 seconds to take affect; the used media file in the testcase is not required.


content/media/webaudio/MediaStreamAudioSourceNode.cpp:19

* NS_INTERFACE_MAP_BEGIN_CYCLE_COLLECTION_INHERITED(MediaStreamAudioSourceNode)


The stack shows from frame 0 to frame 37367 the same call:

#37367 0x0000000106aefcce in mozilla::dom::MediaStreamAudioSourceNode::QueryInterface (this=0x60e00016f840, aIID=@0x10a266580, aInstancePtr=0x7fff5fbfb880) at /Users/cdiehl/dev/repos/mozilla/mozilla-inbound/content/media/webaudio/MediaStreamAudioSourceNode.cpp:20

The rest of the stack is attached.


Tested with http://hg.mozilla.org/integration/mozilla-inbound/rev/3fbe86d67b6a
Attached file callstack
Roc: assigning this to you because it appears to be a regression from your landing for bug 856361 on inbound. That was backed out so I guess this is in some sense "fixed", but presumably you intend to re-land it and we need to make sure that this is handled. It may or may not be fixed as a side-effect of fixing the testsuite failures that caused the backout.

Leaving open for now until you decide how you want to track this.
Assignee: nobody → roc
Blocks: 856361
Keywords: regression
https://hg.mozilla.org/integration/mozilla-inbound/rev/f7496fddb076 fixed this (before it was backed out).

You guys are fast :-).
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
We'd like to get an ESR24 patch for this since it is a sec-critical and people running ESR may change the pref and turn on webaudio.
Ah, Dveditz says this is a 25 and higher only regression so we won't need it for ESR24.
Group: core-security
You need to log in before you can comment on or make changes to this bug.