WebAudio crash [@mozilla::dom::MediaStreamAudioSourceNode::QueryInterface]

RESOLVED FIXED

Status

()

Core
Web Audio
--
critical
RESOLVED FIXED
5 years ago
4 years ago

People

(Reporter: posidron, Assigned: roc)

Tracking

(Blocks: 1 bug, {crash, regression, sec-critical})

Trunk
x86_64
Mac OS X
crash, regression, sec-critical
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(firefox24 unaffected, firefox25 fixed, firefox-esr17 unaffected, firefox-esr24 unaffected, b2g18 unaffected, b2g-v1.2 ?)

Details

Attachments

(2 attachments)

(Reporter)

Description

5 years ago
Created attachment 782409 [details]
testcase.html

The testcase requires approx. 10-15 seconds to take affect; the used media file in the testcase is not required.


content/media/webaudio/MediaStreamAudioSourceNode.cpp:19

* NS_INTERFACE_MAP_BEGIN_CYCLE_COLLECTION_INHERITED(MediaStreamAudioSourceNode)


The stack shows from frame 0 to frame 37367 the same call:

#37367 0x0000000106aefcce in mozilla::dom::MediaStreamAudioSourceNode::QueryInterface (this=0x60e00016f840, aIID=@0x10a266580, aInstancePtr=0x7fff5fbfb880) at /Users/cdiehl/dev/repos/mozilla/mozilla-inbound/content/media/webaudio/MediaStreamAudioSourceNode.cpp:20

The rest of the stack is attached.


Tested with http://hg.mozilla.org/integration/mozilla-inbound/rev/3fbe86d67b6a
(Reporter)

Comment 1

5 years ago
Created attachment 782410 [details]
callstack
Roc: assigning this to you because it appears to be a regression from your landing for bug 856361 on inbound. That was backed out so I guess this is in some sense "fixed", but presumably you intend to re-land it and we need to make sure that this is handled. It may or may not be fixed as a side-effect of fixing the testsuite failures that caused the backout.

Leaving open for now until you decide how you want to track this.
Assignee: nobody → roc
Blocks: 856361
Keywords: regression
https://hg.mozilla.org/integration/mozilla-inbound/rev/f7496fddb076 fixed this (before it was backed out).

You guys are fast :-).
Status: NEW → RESOLVED
Last Resolved: 5 years ago
Resolution: --- → FIXED
We'd like to get an ESR24 patch for this since it is a sec-critical and people running ESR may change the pref and turn on webaudio.
status-firefox-esr24: --- → affected
tracking-firefox-esr24: --- → ?
status-b2g18: --- → unaffected
status-b2g-v1.2: --- → ?
status-firefox25: --- → fixed
status-firefox-esr17: --- → affected
status-firefox-esr24: affected → unaffected
tracking-firefox-esr24: ? → ---
Ah, Dveditz says this is a 25 and higher only regression so we won't need it for ESR24.
status-firefox-esr17: affected → unaffected
status-firefox24: --- → unaffected
Group: core-security
You need to log in before you can comment on or make changes to this bug.