Assert in nricectx.cpp due to invalid subscript
Categories
(Core :: WebRTC: Signaling, defect, P2)
Tracking
()
Tracking | Status | |
---|---|---|
firefox-esr91 | --- | unaffected |
firefox97 | --- | unaffected |
firefox98 | --- | unaffected |
firefox99 | --- | fixed |
People
(Reporter: heftig, Assigned: bwc)
References
(Regression, )
Details
(Keywords: regression)
Attachments
(1 file)
(deleted),
text/x-phabricator-request
|
Details |
Attempting to start a WebRTC peer connection (e.g. via https://webrtc.github.io/samples/src/content/peerconnection/audio/) causes the Socket Process to crash with an assert.
/usr/include/c++/11.1.0/bits/stl_vector.h:1045: std::vector::reference std::vector<nr_ice_stun_server_>::operator[](std::vector::size_type) [_Tp = nr_ice_stun_server_, _Alloc = std::allocator<nr_ice_stun_server_>]: Assertion '__n < this->size()' failed.
Redirecting call to abort() to mozalloc_abort
See e.g. bp-6ccca384-8c51-471b-aeb3-465460220210, which points us at nricectx.cpp:812. servers[0]
is invalid when servers
is empty.
This is only happening because we compile with stdlib assertions enabled (CXXFLAGS
contains -Wp,-D_GLIBCXX_ASSERTIONS
).
Bug 1253706, specifically 3bbb2706fe05 removed the guards that presumably kept this from exploding before.
Reporter | ||
Comment 1•3 years ago
|
||
Some other lines, nricectx.cpp:265 and nricectx.cpp:921 correctly turn an empty vector into a nullptr
instead of trying to subscript it like SetStunServers
and SetTurnServers
do.
Assignee | ||
Updated•3 years ago
|
Assignee | ||
Comment 2•3 years ago
|
||
The right fix here is probably to use servers.data() instead of &servers[0]
Assignee | ||
Comment 3•3 years ago
|
||
Assignee | ||
Comment 4•3 years ago
|
||
Assignee | ||
Comment 5•3 years ago
|
||
Try looks good.
Comment 7•3 years ago
|
||
bugherder |
Updated•3 years ago
|
Comment 8•3 years ago
|
||
Set release status flags based on info from the regressing bug 1253706
Updated•3 years ago
|
Updated•3 years ago
|
Description
•