Closed
Bug 964754
Opened 10 years ago
Closed 9 years ago
crash after desktop tab share (double free and/or refcount err in MediaEngineTabVideoSource)
Categories
(Core :: WebRTC, defect)
Core
WebRTC
Tracking
()
RESOLVED
INCOMPLETE
People
(Reporter: dmosedale, Assigned: blassey)
Details
Crash Data
Attachments
(1 file)
899 bytes,
patch
|
Details | Diff | Splinter Review |
STR: * Save TabShare.xpi from https://github.com/dmose/tabshare to disk * Install XPI from Add-on Manager * Browser to http://talkilla.mozillalabs.com/ * Activate Talkilla * Login with Persona * Start chat with another person * Start video call with another person * Select "share tab" * Complete call * (wait a while) * browser crashes with this message in the console on Mac: > firefox(86196,0x7fff7bb31180) malloc: *** error for object 0x6f6c2f2f00000001: pointer being freed was not allocated > *** set a breakpoint in malloc_error_break to debug Crash report at: https://crash-stats.mozilla.com/report/index/4d41c39c-3a28-49eb-94d5-e658b2140122
Assignee | ||
Updated•10 years ago
|
Assignee: nobody → blassey.bugs
Assignee | ||
Comment 1•10 years ago
|
||
does this fix the crash for you?
Attachment #8369769 -
Flags: feedback?(dmose)
Comment 2•10 years ago
|
||
That should be totally irrelevant: free(NULL) is allowed and not an error in the std library. Odd, but true. though a null check doesn't hurt. More relevant: is there an initializer for mData, and is there *anything* else that frees it? I don't see anything initing it in the constructor
Reporter | ||
Comment 3•10 years ago
|
||
Unclear, as I don't currently have a mozilla-central build set up. Would it be easy for you to push-to-try to generate a build?
Reporter | ||
Updated•10 years ago
|
Flags: needinfo?(blassey.bugs)
Assignee | ||
Comment 4•10 years ago
|
||
assuming you're on OSX http://dump.lassey.us/firefox-29-dmose.dmg
Flags: needinfo?(blassey.bugs)
Reporter | ||
Comment 5•10 years ago
|
||
Unfortunately, the build has issues; we discussed in detail yesterday. IRC log at <http://logbot.glob.com.au/?c=mozilla%23talkilla&s=4+Feb+2014&e=5+Feb+2014#c44832>. I think the next step was for Brad to try using lldb with the crashreporter disabled. If there's something I can do to help, please let me know...
Reporter | ||
Updated•10 years ago
|
Attachment #8369769 -
Flags: feedback?(dmose)
Comment 6•10 years ago
|
||
To be clear: if I remember my look at it, there's absolutely no initializer for mData, so if there are any paths where mData doesn't get set it will go boom. Perhaps make it an AutoPtr and get rid of the manual delete instead of adding an initializer
Comment 7•10 years ago
|
||
Any updates on this? I managed to crash FF30.0 with the Tab Share add on as well. Not sure if this is the same crash - https://crash-stats.mozilla.com/report/index/fb18d59a-1c40-439b-a0eb-09cb42140717
Comment 8•9 years ago
|
||
Strongly suspect this was fixed on another bug last year
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → INCOMPLETE
You need to log in
before you can comment on or make changes to this bug.
Description
•