Closed Bug 979761 Opened 10 years ago Closed 10 years ago

[RTSP] Crash when playing RTSP streaming with MPEG AAC Audio codec (regression caused by bug 970271)

Categories

(Core :: Networking, defect)

Product:
Core
Component:
Networking
Platform:
ARM
Gonk (Firefox OS)
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla30
Project Flags:
blocking-b2g 1.4+
Tracking Flags:
Tracking Status
firefox28 --- wontfix
firefox29 --- wontfix
firefox30 --- fixed
b2g-v1.4 --- fixed

People

(Reporter: ethan, Assigned: ethan)

Details

(Keywords: crash, Whiteboard: [b2g-crash])

Attachments

(2 files)

crash_at_AMPEG4AudioAssembler.log
3.95 KB, text/x-log
Details
bug-979761-fix.patch
1.07 KB, patch
vchang
: review+
tzimmermann
: feedback+
Details | Diff | Splinter Review 
When we play an RTSP media which uses codec "MPEG AAC Audio (mp4a)", the system crash would crash immediately.
The gdb backtrace log is attached.

This is a regression caused by the changeset b5d404be0b1e from bug 970271.
The changeset fixed GCC warnings by removing some unused variables, and the root cause is the removal of this line of code:
unsigned frameLengthFlag = bits->getBits(1);

ABitReader::getBits() has side effect. It would change the values of its internal data members related to bit positions.
Thus it causes parsing mistake by removing that line of code.
Assignee: nobody → ettseng
Status: NEW → ASSIGNED
Nominate this bug as a 1.4 blocker since the impact is critical.
blocking-b2g: --- → 1.4?

        Attachment #8385939 -
        Flags: review?(vchang)

    
    

    
  
Comment on attachment 8385939 [details] [diff] [review]
bug-979761-fix.patch

Review of attachment 8385939 [details] [diff] [review]:
-----------------------------------------------------------------

This can be done with

#include <mozilla/unused.h>

unused << bits->getBit(1);

like in the patch at  https://bug970271.bugzilla.mozilla.org/attachment.cgi?id=8380729

That should fix the bug, but not produce a warning from gcc.

        Attachment #8385939 -
        Flags: feedback+

    
    

    
  
(In reply to Thomas Zimmermann [:tzimmermann] [:tdz] from comment #3)
> Comment on attachment 8385939 [details] [diff] [review]
> bug-979761-fix.patch
> 
> Review of attachment 8385939 [details] [diff] [review]:
> -----------------------------------------------------------------
> 
> This can be done with
> 
> #include <mozilla/unused.h>
> 
> unused << bits->getBit(1);
> 
> like in the patch at 
> https://bug970271.bugzilla.mozilla.org/attachment.cgi?id=8380729
> 
> That should fix the bug, but not produce a warning from gcc.

Sorry, forget about that comment. I was somehow thinking of a different warning.

    
    

    
  
(In reply to Thomas Zimmermann [:tzimmermann] [:tdz] from comment #4)
> Sorry, forget about that comment. I was somehow thinking of a different
> warning.
Never mind. Thanks for sharing the unused tool.
Actually I tried to fix that warning (ignoring return value) few days ago, but didn't have a good idea.
Glad to learn this trick from your patch. :)

    
    

    
  
The result of try server:
https://tbpl.mozilla.org/?tree=Try&rev=5ccf598ca226
blocking-b2g: 1.4? → 1.4+
Keywords: crash
Whiteboard: [b2g-crash]

    
    

    
  
Comment on attachment 8385939 [details] [diff] [review]
bug-979761-fix.patch

Review of attachment 8385939 [details] [diff] [review]:
-----------------------------------------------------------------

To prevent confusing people on what getBits() is doing, I think we should add more comments to explain in more detail. 
Crash is really critical, so let's clean this file up in the follow up.

        Attachment #8385939 -
        Flags: review?(vchang) → review+

    
  
Keywords: checkin-needed

    
    

    
  
(In reply to Vincent Chang[:vchang] from comment #7)
> Comment on attachment 8385939 [details] [diff] [review]
> bug-979761-fix.patch
> 
> Review of attachment 8385939 [details] [diff] [review]:
> -----------------------------------------------------------------
> 
> To prevent confusing people on what getBits() is doing, I think we should
> add more comments to explain in more detail. 
> Crash is really critical, so let's clean this file up in the follow up.

I totally agree. I suggest to rename |getBits| to indicate that it has side effects.

    
    

    
  
(In reply to Thomas Zimmermann [:tzimmermann] [:tdz] from comment #8)
> I totally agree. I suggest to rename |getBits| to indicate that it has side
> effects.
Yes, we also thought of renaming this function to reflect its side effects in the first place.
Unfortunately, this source file is in AOSP's foundation, not in our repository.
They are in:
  B2G/frameworks/base/media/libstagefright/foundation/ABitReader.cpp
  B2G/frameworks/base/include/media/stagefright/foundation/ABitReader.h

That's why we couldn't simply refine the method name.
I filed bug 980226 to follow up this issue according to Vincent's advice.
We will refactor some codes which invoke getBits() to avoid future misuse.

    
    

    
  
https://hg.mozilla.org/mozilla-central/rev/c057f546b7af
Status: ASSIGNED → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla30

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: