Open
Bug 1845179
Opened 10 months ago
Updated 10 months ago
Assertion failure: mGotTimecodeScale, at /builds/worker/checkouts/gecko/dom/media/webm/WebMBufferedParser.h:53
Categories
(Core :: Audio/Video: Playback, defect)
Core
Audio/Video: Playback
Tracking
()
NEW
| Tracking | Status | |
|---|---|---|
| firefox117 | --- | affected |
People
(Reporter: tsmith, Unassigned, NeedInfo)
References
(Blocks 1 open bug)
Details
(Keywords: assertion, bugmon, testcase, Whiteboard: [bugmon:bisected,confirmed])
Attachments
(1 file)
|
(deleted),
video/webm
|
Details |
Found while fuzzing m-c 20230722-847b0df134e4 (--enable-debug --enable-fuzzing)
To reproduce via Grizzly Replay:
$ pip install fuzzfetch grizzly-framework
$ python -m fuzzfetch -d --fuzzing -n firefox
$ python -m grizzly.replay ./firefox/firefox testcase.html
Assertion failure: mGotTimecodeScale, at /builds/worker/checkouts/gecko/dom/media/webm/WebMBufferedParser.h:53
#0 0x7fde9622ce6b in GetTimecodeScale /builds/worker/checkouts/gecko/dom/media/webm/WebMBufferedParser.h:53:5
#1 0x7fde9622ce6b in mozilla::WebMBufferedState::NotifyDataArrived(unsigned char const*, unsigned int, long) /builds/worker/checkouts/gecko/dom/media/webm/WebMBufferedParser.cpp:543:30
#2 0x7fde9622d5ab in mozilla::WebMBufferedState::UpdateIndex(mozilla::media::IntervalSet<long> const&, mozilla::MediaResource*) /builds/worker/checkouts/gecko/dom/media/webm/WebMBufferedParser.cpp:622:7
#3 0x7fde962338e2 in mozilla::WebMDemuxer::EnsureUpToDateIndex() /builds/worker/checkouts/gecko/dom/media/webm/WebMDemuxer.cpp:506:19
#4 0x7fde96237f25 in mozilla::WebMDemuxer::GetBuffered() /builds/worker/checkouts/gecko/dom/media/webm/WebMDemuxer.cpp:1025:3
#5 0x7fde9623c566 in mozilla::WebMTrackDemuxer::GetBuffered() /builds/worker/checkouts/gecko/dom/media/webm/WebMDemuxer.cpp:1328:19
#6 0x7fde95c355e7 in mozilla::MediaFormatReader::DemuxerProxy::Wrapper::UpdateBuffered() /builds/worker/checkouts/gecko/dom/media/MediaFormatReader.cpp:772:32
#7 0x7fde95c34186 in operator() /builds/worker/checkouts/gecko/dom/media/MediaFormatReader.cpp:822:26
#8 0x7fde95c34186 in InvokeMethod<(lambda at /builds/worker/checkouts/gecko/dom/media/MediaFormatReader.cpp:792:11), RefPtr<mozilla::MozPromise<mozilla::MediaResult, mozilla::MediaResult, false> > ((lambda at /builds/worker/checkouts/gecko/dom/media/MediaFormatReader.cpp:792:11)::*)() const, const mozilla::MediaResult &> /builds/worker/workspace/obj-build/dist/include/mozilla/MozPromise.h:661:12
#9 0x7fde95c34186 in InvokeCallbackMethod<true, (lambda at /builds/worker/checkouts/gecko/dom/media/MediaFormatReader.cpp:792:11), RefPtr<mozilla::MozPromise<mozilla::MediaResult, mozilla::MediaResult, false> > ((lambda at /builds/worker/checkouts/gecko/dom/media/MediaFormatReader.cpp:792:11)::*)() const, const mozilla::MediaResult &, RefPtr<mozilla::MozPromise<mozilla::MediaResult, mozilla::MediaResult, false>::Private> > /builds/worker/workspace/obj-build/dist/include/mozilla/MozPromise.h:670:14
#10 0x7fde95c34186 in mozilla::MozPromise<mozilla::MediaResult, mozilla::MediaResult, false>::ThenValue<mozilla::MediaFormatReader::DemuxerProxy::Init()::$_0, mozilla::MediaFormatReader::DemuxerProxy::Init()::$_1>::DoResolveOrRejectInternal(mozilla::MozPromise<mozilla::MediaResult, mozilla::MediaResult, false>::ResolveOrRejectValue&) /builds/worker/workspace/obj-build/dist/include/mozilla/MozPromise.h:870:9
#11 0x7fde95a3f245 in mozilla::MozPromise<mozilla::MediaResult, mozilla::MediaResult, false>::ThenValueBase::ResolveOrRejectRunnable::Run() /builds/worker/workspace/obj-build/dist/include/mozilla/MozPromise.h:490:21
#12 0x7fde91cd3d8b in mozilla::TaskQueue::Runner::Run() /builds/worker/checkouts/gecko/xpcom/threads/TaskQueue.cpp:257:20
#13 0x7fde91cfddb5 in nsThreadPool::Run() /builds/worker/checkouts/gecko/xpcom/threads/nsThreadPool.cpp:343:14
#14 0x7fde91cf435d in nsThread::ProcessNextEvent(bool, bool*) /builds/worker/checkouts/gecko/xpcom/threads/nsThread.cpp:1193:16
#15 0x7fde91cfb06d in NS_ProcessNextEvent(nsIThread*, bool) /builds/worker/checkouts/gecko/xpcom/threads/nsThreadUtils.cpp:480:10
#16 0x7fde929a469e in mozilla::ipc::MessagePumpForNonMainThreads::Run(base::MessagePump::Delegate*) /builds/worker/checkouts/gecko/ipc/glue/MessagePump.cpp:300:20
#17 0x7fde928be3d1 in RunHandler /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:363:3
#18 0x7fde928be3d1 in MessageLoop::Run() /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:345:3
#19 0x7fde91cef9e6 in nsThread::ThreadFunc(void*) /builds/worker/checkouts/gecko/xpcom/threads/nsThread.cpp:391:10
#20 0x7fdea5f119ef in _pt_root /builds/worker/checkouts/gecko/nsprpub/pr/src/pthreads/ptthread.c:201:5
#21 0x7fdea5c94b42 in start_thread nptl/pthread_create.c:442:8
#22 0x7fdea5d269ff misc/../sysdeps/unix/sysv/linux/x86_64/clone3.S:81
Flags: in-testsuite?
|
||
Comment 1•10 months ago
|
||
Verified bug as reproducible on mozilla-central 20230724215726-12931a93e28c.
Unable to bisect testcase (Testcase reproduces on start build!):
Start: 9f93a246366f29cbf76c350ab1d5e4bca9b8d630 (20220726041349)
End: 847b0df134e4263ab713396c4dba460df8e0e4eb (20230722212648)
BuildFlags: BuildFlags(asan=False, tsan=False, debug=True, fuzzing=True, coverage=False, valgrind=False, no_opt=False, fuzzilli=False, nyx=False)
Whiteboard: [bugmon:bisected,confirmed]
|
||
Comment 2•10 months ago
|
||
The severity field is not set for this bug.
:jimm, could you have a look please?
For more information, please visit BugBot documentation.
Flags: needinfo?(jmathies)
You need to log in
before you can comment on or make changes to this bug.
Description
•