Closed
Bug 1257699
Opened 9 years ago
Closed 9 years ago
Crash [@ ne_read_block_duration] with WebM/VP9 test
Categories
(Core :: Audio/Video: Playback, defect, P2)
Tracking
()
RESOLVED
FIXED
mozilla48
Tracking | Status | |
---|---|---|
firefox48 | --- | fixed |
People
(Reporter: decoder, Assigned: kinetik)
References
Details
(Keywords: crash, testcase)
Crash Data
Attachments
(3 files, 1 obsolete file)
The attached testcase crashes on mozilla-inbound revision f30fc906416f (build with --enable-optimize --disable-debug --enable-address-sanitizer).
For detailed crash information, see attachment.
To reproduce the issue, you can run the testcase through the "MediaDataDecoder.VP9" gtest. Example STR:
1. Change into objdir/dist/bin of your Firefox build
2. Place attached testcase into objdir, keep the name "vp9cake.webm"
3. Run: GTEST_FILTER=MediaDataDecoder.VP9 MOZ_RUN_GTEST=1 ./firefox -unittest
Reporter | ||
Comment 1•9 years ago
|
||
Reporter | ||
Comment 2•9 years ago
|
||
Assignee | ||
Updated•9 years ago
|
Assignee: nobody → kinetik
Status: NEW → ASSIGNED
Assignee | ||
Comment 3•9 years ago
|
||
This is a temporary patch so you can keep fuzzing without hitting these particular issues.
It fixes this bug and bug 1257700 by adding a simple null check. That'll probably be the final fix for them, but I want to spend more time analyzing the issue first.
It works around bug 1257701 by disabling the BlockAdditional parsing code since we don't use that in Gecko right now (it's for WebM alpha support, primarily). There are a bunch of allocation sizing issues here that need investigating. I'll take a look next week.
Assignee | ||
Comment 4•9 years ago
|
||
Fix for this bug and bug 1257700.
ne_parse hits EOS after skipping a bunch of trash elements, which clears ctx->ancestor. We then try to use ctx->ancestor->node and hit a NULL deref.
Attachment #8732002 -
Attachment is obsolete: true
Attachment #8733167 -
Flags: review?(giles)
Comment 5•9 years ago
|
||
Comment on attachment 8733167 [details] [diff] [review]
v0
Review of attachment 8733167 [details] [diff] [review]:
-----------------------------------------------------------------
Are you adding this upstream too?
Attachment #8733167 -
Flags: review?(giles) → review+
Assignee | ||
Comment 6•9 years ago
|
||
(In reply to Ralph Giles (:rillian) from comment #5)
> Are you adding this upstream too?
Yep (b513227a4314999b9a1a70c0fdb207cd2b79d01b). The actual check-in will be completed using update.sh on an upstream tree.
Assignee | ||
Comment 7•9 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/dd12327c3e0c9f21326236ab8843f6f934579490
Bug 1257699 - Update in-tree libnestegg. r=giles
Updated•9 years ago
|
Priority: -- → P2
Comment 8•9 years ago
|
||
bugherder |
Status: ASSIGNED → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla48
You need to log in
before you can comment on or make changes to this bug.
Description
•