Closed Bug 964754 Opened 7 years ago Closed 5 years ago
crash after desktop tab share (double free and/or refcount err in Media
Engine Tab Video Source)
STR: * Save TabShare.xpi from https://github.com/dmose/tabshare to disk * Install XPI from Add-on Manager * Browser to http://talkilla.mozillalabs.com/ * Activate Talkilla * Login with Persona * Start chat with another person * Start video call with another person * Select "share tab" * Complete call * (wait a while) * browser crashes with this message in the console on Mac: > firefox(86196,0x7fff7bb31180) malloc: *** error for object 0x6f6c2f2f00000001: pointer being freed was not allocated > *** set a breakpoint in malloc_error_break to debug Crash report at: https://crash-stats.mozilla.com/report/index/4d41c39c-3a28-49eb-94d5-e658b2140122
Assignee: nobody → blassey.bugs
does this fix the crash for you?
That should be totally irrelevant: free(NULL) is allowed and not an error in the std library. Odd, but true. though a null check doesn't hurt. More relevant: is there an initializer for mData, and is there *anything* else that frees it? I don't see anything initing it in the constructor
Unclear, as I don't currently have a mozilla-central build set up. Would it be easy for you to push-to-try to generate a build?
assuming you're on OSX http://dump.lassey.us/firefox-29-dmose.dmg
Unfortunately, the build has issues; we discussed in detail yesterday. IRC log at <http://logbot.glob.com.au/?c=mozilla%23talkilla&s=4+Feb+2014&e=5+Feb+2014#c44832>. I think the next step was for Brad to try using lldb with the crashreporter disabled. If there's something I can do to help, please let me know...
To be clear: if I remember my look at it, there's absolutely no initializer for mData, so if there are any paths where mData doesn't get set it will go boom. Perhaps make it an AutoPtr and get rid of the manual delete instead of adding an initializer
Any updates on this? I managed to crash FF30.0 with the Tab Share add on as well. Not sure if this is the same crash - https://crash-stats.mozilla.com/report/index/fb18d59a-1c40-439b-a0eb-09cb42140717
Strongly suspect this was fixed on another bug last year
Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.