Closed
Bug 1389527
Opened 7 years ago
Closed 7 years ago
panicked at 'attempt to subtract with overflow' [@ mp4parse_capi::create_sample_table]
Categories
(Core :: Audio/Video: Playback, defect, P2)
Core
Audio/Video: Playback
Tracking
()
RESOLVED
FIXED
mozilla58
| Tracking | Status | |
|---|---|---|
| firefox-esr52 | --- | unaffected |
| firefox55 | --- | unaffected |
| firefox56 | --- | wontfix |
| firefox57 | --- | wontfix |
| firefox58 | --- | fixed |
People
(Reporter: tsmith, Assigned: ayang)
References
(Blocks 1 open bug)
Details
(Keywords: crash, testcase, Whiteboard: [fuzzblocker])
Attachments
(2 files)
I can only reproduce this on debug builds.
thread '<unnamed>' panicked at 'attempt to subtract with overflow', /checkout/src/libcore/ops.rs:418
stack backtrace:
0: 0x7f66ff0fae03 - std::sys::imp::backtrace::tracing::imp::unwind_backtrace::hcab99e0793da62c7
at /checkout/src/libstd/sys/unix/backtrace/tracing/gcc_s.rs:49
1: 0x7f66ff0f6126 - std::sys_common::backtrace::_print::hbfe5b0c7e79c0711
at /checkout/src/libstd/sys_common/backtrace.rs:71
2: 0x7f66ff10849a - std::panicking::default_hook::{{closure}}::h9ba2c6973907a2be
at /checkout/src/libstd/sys_common/backtrace.rs:60
at /checkout/src/libstd/panicking.rs:355
3: 0x7f66ff10809b - std::panicking::default_hook::he4d55e2dd21c3cca
at /checkout/src/libstd/panicking.rs:371
4: 0x7f66ff1088ab - std::panicking::rust_panic_with_hook::ha138c05cd33ad44d
at /checkout/src/libstd/panicking.rs:549
5: 0x7f66ff108784 - std::panicking::begin_panic::hcdbfa35c94142fa2
at /checkout/src/libstd/panicking.rs:511
6: 0x7f66ff1086b9 - std::panicking::begin_panic_fmt::hc09fe500d9b7be81
at /checkout/src/libstd/panicking.rs:495
7: 0x7f66ff108647 - rust_begin_unwind
at /checkout/src/libstd/panicking.rs:471
8: 0x7f66ff11d9ed - core::panicking::panic_fmt::h883a028e9f4b4457
at /checkout/src/libcore/panicking.rs:69
9: 0x7f66ff11d924 - core::panicking::panic::hdb3cf3207dda37bb
at /checkout/src/libcore/panicking.rs:49
10: 0x7f66fe8bd5e7 - <u32 as core::ops::Sub>::sub::h455839d6e786c203
at /checkout/src/libcore/ops.rs:418
11: 0x7f66fe8c77d5 - mp4parse_capi::create_sample_table::h92f09543e5d20cc9
at /home/worker/workspace/build/src/media/libstagefright/binding/mp4parse_capi/src/lib.rs:919
12: 0x7f66fe8c70e2 - mp4parse_get_indice_table
at /home/worker/workspace/build/src/media/libstagefright/binding/mp4parse_capi/src/lib.rs:701
13: 0x7f66f471ea2c - _ZN11mp4_demuxer15MP4MetadataRust15ReadTrackIndiceEP18mp4parse_byte_datai
at /home/worker/workspace/build/src/media/libstagefright/binding/MP4Metadata.cpp:1008
14: 0x7f66f471da6f - _ZN11mp4_demuxer11MP4Metadata14GetTrackIndiceEi
at /home/worker/workspace/build/src/media/libstagefright/binding/MP4Metadata.cpp:433
15: 0x7f66f9215ab2 - _ZN7mozilla10MP4Demuxer4InitEv
at /home/worker/workspace/build/src/dom/media/fmp4/MP4Demuxer.cpp:247
16: 0x7f66f8ce7e35 - _ZZN7mozilla17MediaFormatReader12DemuxerProxy4InitEvENK4$_10clEv
at /home/worker/workspace/build/src/dom/media/MediaFormatReader.cpp:1027
17: 0x7f66f8ce7ae6 - _ZN7mozilla6detail21ProxyFunctionRunnableIZNS_17MediaFormatReader12DemuxerProxy4InitEvE4$_10NS_10MozPromiseINS_11MediaResultES6_Lb1EEEE3RunEv
at /home/worker/workspace/build/src/obj-firefox/dist/include/mozilla/MozPromise.h:1510
18: 0x7f66f4948835 - _ZN7mozilla9TaskQueue6Runner3RunEv
at /home/worker/workspace/build/src/xpcom/threads/TaskQueue.cpp:246
19: 0x7f66f49849fe - _ZN12nsThreadPool3RunEv
at /home/worker/workspace/build/src/xpcom/threads/nsThreadPool.cpp:225
20: 0x7f66f4984e7c - _ZThn16_N12nsThreadPool3RunEv
at /home/worker/workspace/build/src/xpcom/threads/nsThreadPool.cpp:154
21: 0x7f66f497c550 - _ZN8nsThread16ProcessNextEventEbPb
at /home/worker/workspace/build/src/xpcom/threads/nsThread.cpp:1446
22: 0x7f66f4982190 - _Z19NS_ProcessNextEventP9nsIThreadb
at /home/worker/workspace/build/src/xpcom/threads/nsThreadUtils.cpp:480
23: 0x7f66f54e7d34 - _ZN7mozilla3ipc28MessagePumpForNonMainThreads3RunEPN4base11MessagePump8DelegateE
at /home/worker/workspace/build/src/ipc/glue/MessagePump.cpp:339
24: 0x7f66f5437c87 - _ZN11MessageLoop11RunInternalEv
at /home/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:326
25: 0x7f66f5437b19 - _ZN11MessageLoop3RunEv
at /home/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:299
26: 0x7f66f49746bb - _ZN8nsThread10ThreadFuncEPv
at /home/worker/workspace/build/src/xpcom/threads/nsThread.cpp:506
27: 0x7f6710e745ed - _pt_root
at /home/worker/workspace/build/src/nsprpub/pr/src/pthreads/ptthread.c:216
28: 0x7f67148026b9 - start_thread
29: 0x7f671388b3dc - clone
30: 0x0 - <unknown>
Flags: in-testsuite?
|
||
Updated•7 years ago
|
Priority: -- → P1
|
Reporter | |
Updated•7 years ago
|
Whiteboard: [fuzzblocker]
|
||
Comment 1•7 years ago
|
||
Mass change P1->P2 to align with new Mozilla triage process
Priority: P1 → P2
|
Assignee | |
Updated•7 years ago
|
Assignee: nobody → ayang
|
|
Assignee | |
Comment 2•7 years ago
|
||
| Comment hidden (mozreview-request) |
|
|
Assignee | |
Comment 4•7 years ago
|
||
Parser already updated at bug 1401071.
|
||
Comment 5•7 years ago
|
||
| mozreview-review | ||
Comment on attachment 8912489 [details]
Bug 1389527 - add testcase for invalid sample table.
https://reviewboard.mozilla.org/r/183810/#review189008
Attachment #8912489 -
Flags: review?(kinetik) → review+
Pushed by ayang@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/b979663a7f4f
add testcase for invalid sample table. r=kinetik
|
||
Comment 7•7 years ago
|
||
| bugherder | ||
Status: NEW → RESOLVED
Closed: 7 years ago
status-firefox58:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla58
|
||
Updated•7 years ago
|
status-firefox55:
--- → unaffected
status-firefox56:
--- → wontfix
status-firefox-esr52:
--- → unaffected
Flags: in-testsuite? → in-testsuite+
|
|
||
Updated•7 years ago
|
You need to log in
before you can comment on or make changes to this bug.
Description
•