Closed
Bug 923437
Opened 11 years ago
Closed 11 years ago
[flatfish] libtheora ARM asm crash showing ogv files in the video play list (Android 4.2)
Categories
(Firefox OS Graveyard :: Gaia::Video, defect)
Tracking
(Not tracked)
RESOLVED
DUPLICATE
of bug 920992
People
(Reporter: tommy.cvkk, Unassigned)
References
Details
User Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/28.0.1500.52 Chrome/28.0.1500.52 Safari/537.36 Steps to reproduce: 1. adb push gaia/media-samples/Movies/manifesto.ogv /mnt/sdcard/Movies 2. lunch video player Actual results: video just crash ( send report )! And I traced code to the gecko layer and found the assembly function oc_pack_read() will cause this issue. Expected results: It will show one video picture and it's filename in the video play list.
Reporter | ||
Updated•11 years ago
|
Reporter | ||
Comment 1•11 years ago
|
||
Hi, All: Let me explain the issue. After lunching the video player, it will scan the /mnt/scard/Movies/* . If it find the (.ogv) files, it will read it's ogv meta data in the gecko layer. In the function oc_dec_headerin(), it will call the assembly function call "oc_pack_read", and then the video player crash ! The root cause is the assembly function call. I changed the gcc version to 4.4.x (arm-linux-androideabi-4.4.x/bin/arm-linux-androideabi-gcc) and re-build the libtheora folder only. And the video player works fine! Is it a good solution ?
Updated•11 years ago
|
Summary: [flatfish] Can't show ogv files in the video play list (Android 4.2) → [flatfish] libtheora ARM asm crash showing ogv files in the video play list (Android 4.2)
Comment 2•11 years ago
|
||
Can you attach a backtrace of the crash and the contents of the registers?
Reporter | ||
Comment 3•11 years ago
|
||
only following message: ( using /scard/Movies/manifesto.ogv that is from gaia/media-samples/Movies ) I/Gecko ( 1270): I/Gecko ( 1270): ###!!! [Parent][AsyncChannel] Error: Channel error: cannot send/recv I/Gecko ( 1270): I/Gonk ( 1270): Setting nice for pid 1629 to 1 I/Gonk ( 1270): Changed nice for pid 1629 from 18 to 1. I/GeckoDump( 1270): Crash reporter : Can't fetch app.reportCrashes. Exception: [Exception... "Component returned failure code: 0x8000ffff (NS_ERROR_UNEXPECTED) [nsIPrefBranch.getBoolPref]" nsresult: "0x8000ffff (NS_ERROR_UNEXPECTED)" location: "JS frame :: chrome://browser/content/shell.js :: shell_reportCrash :: line 120" data: no]
Comment 4•11 years ago
|
||
Okay, can you tell me how to set up an Android 4.2 build on my peak so I can attempt to reproduce?
Comment 5•11 years ago
|
||
Not sure what security rating to give here. Timothy did you get help reproducing? Still no stack I assume.
Comment 6•11 years ago
|
||
(In reply to David Bolter [:davidb] from comment #5) > Not sure what security rating to give here. Timothy did you get help > reproducing? Still no stack I assume. Not yet, no. oc_pack_read_arm does write some state back to the heap-allocated oc_pack_buf * that is passed in, so it's not immediately clear this is just an unsafe read. My best guess is that whatever compiler Android 4.2 is using (what compiler is it, Tommy? All you said was what compiler worked, not which one was broken) packs the struct differently, though it's hard to see why, since every member should be 32 bits.
Comment 7•11 years ago
|
||
Going to write this off as a compiler bug. Since these are the samples surely we'll remember to use the right compiler
Group: core-security
Reporter | ||
Comment 8•11 years ago
|
||
please refer to this one [Bug 920992]
Comment 9•11 years ago
|
||
cc platform media team to know this bug.
Comment 10•11 years ago
|
||
(In reply to tommy_chiu from comment #8) > please refer to this one [Bug 920992] Hi Tommy, Could Bug 920992 solve this issue or there is another case here? Thanks.
Reporter | ||
Comment 11•11 years ago
|
||
yes, they are the same. And the patch "Specifying alignments explicitly in assembly codes. r=derf" fixed this issue. It is an alignment problem.
Updated•11 years ago
|
Status: UNCONFIRMED → RESOLVED
Closed: 11 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•