Closed Bug 870197 Opened 12 years ago Closed 12 years ago

Launching camera causes camera app to segfault

Categories

(Firefox OS Graveyard :: General, defect)

ARM
Gonk (Firefox OS)
defect
Not set
normal

Tracking

(Not tracked)

RESOLVED FIXED

People

(Reporter: dhylands, Assigned: dhylands)

References

Details

(Whiteboard: [fixed-in-birch])

Attachments

(1 file)

Tested using a debug build of gaia/master and an up-to-date birch (i.e. m-c) on my unagi. STR: - Launch Camera. - It starts to show preview frames. Right around the time that prompt to allow location services shows up, the camera app dies. It actually dies before the prompt appears (i.e. the prompt isn't visible if I manage to catch the problem in gdb) Backtrace: (gdb) bt #0 mozilla::CameraPreviewMediaStream::SetCurrentFrame (this=<value optimized out>, aIntrinsicSize=<value optimized out>, aImage=<value optimized out>) at /home/work/B2G-unagi/birch/dom/camera/CameraPreviewMediaStream.cpp:111 #1 0x40d94f88 in mozilla::DOMCameraPreview::ReceiveFrame (this=0x45178500, aBuffer=0x4518bab0, aFormat=<value optimized out>, aBuilder=0x40d9dcf5 <GonkFrameBuilder>) at /home/work/B2G-unagi/birch/dom/camera/DOMCameraPreview.cpp:198 #2 0x40d96fc0 in mozilla::CameraControlImpl::ReceiveFrame (this=<value optimized out>, aBuffer=0x1, aFormat=mozilla::GRALLOC_PLANAR_YCBCR, aBuilder=0x4559d8e0) at /home/work/B2G-unagi/birch/dom/camera/CameraControlImpl.cpp:431 #3 0x40d9b1a0 in mozilla::ReceiveFrame (gc=0xa5a5a5a5, aBuffer=0x1) at /home/work/B2G-unagi/birch/dom/camera/GonkCameraControl.cpp:1464 #4 0x40d9f4ca in android::GonkCameraHardware::OnNewFrame (this=0x45550b20) at /home/work/B2G-unagi/birch/dom/camera/GonkCameraHwMgr.cpp:74 #5 0x40da01c4 in android::GonkNativeWindow::queueBuffer (this=0x45164000, buf=5, timestamp=502845720122, outWidth=0x43c12d64, outHeight=0x43c12d68, outTransform=0x43c12d6c) at /home/work/B2G-unagi/birch/dom/camera/GonkNativeWindow.cpp:475 #6 0x431fa7ea in android::BnSurfaceTexture::onTransact (this=0x45164000, code=<value optimized out>, data=<value optimized out>, reply=0x43c12dc0, flags=16) at frameworks/base/libs/gui/ISurfaceTexture.cpp:283 #7 0x40155e8a in android::BBinder::transact (this=0x45164004, code=4, data=..., reply=0x43c12dc0, flags=16) at frameworks/base/libs/binder/Binder.cpp:107 #8 0x40159194 in android::IPCThreadState::executeCommand (this=0x42e35110, cmd=<value optimized out>) at frameworks/base/libs/binder/IPCThreadState.cpp:1028 #9 0x40159372 in android::IPCThreadState::joinThreadPool (this=0x42e35110, isMain=false) at frameworks/base/libs/binder/IPCThreadState.cpp:468 #10 0x4015e4c0 in android::PoolThread::threadLoop (this=0x42e023a0) at frameworks/base/libs/binder/ProcessState.cpp:67 #11 0x40043e58 in android::Thread::_threadLoop (user=<value optimized out>) at frameworks/base/libs/utils/Threads.cpp:834 #12 0x4004449e in thread_data_t::trampoline (t=<value optimized out>) at frameworks/base/libs/utils/Threads.cpp:127 #13 0x4008be18 in __thread_entry (func=0x40044409 <thread_data_t::trampoline(thread_data_t const*)>, arg=0x42e032f0, tls=<value optimized out>) at bionic/libc/bionic/pthread.c:217 #14 0x4008b96c in pthread_create (thread_out=<value optimized out>, attr=0x100ffcf4, start_routine=0x40044409 <thread_data_t::trampoline(thread_data_t const*)>, arg=0x42e032f0) at bionic/libc/bionic/pthread.c:357 #15 0x00000000 in ?? () logcat reports: Fatal signal 11 (SIGSEGV) at 0xa5a5a5a5 (code=1) [Child 476] WARNING: NS_ENSURE_SUCCESS(rv, rv) failed with result 0x80004005: file /home/work/B2G-unagi/birch/content/base/src/nsContentUtils.cpp, line 3229 *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** Build fingerprint: 'toro/full_unagi/unagi:4.0.4.0.4.0.4/OPENMASTER/eng.dhylands.20130404.111326:eng/test-keys' pid: 476, tid: 488 >>> /system/b2g/plugin-container <<< signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr a5a5a5a5 r0 a5a5a5a5 r1 00000001 r2 00000001 r3 4559d8e0 r4 427bbaf0 r5 00000001 r6 43c12c70 r7 43c12c38 r8 41fab62a r9 42277744 10 41fab640 fp 42efa820 ip 42b072a8 sp 43c12c30 lr 42a397d7 pc 40d9a7ae cpsr 60000030 d0 a5a5a5a5a5a5a5a5 d1 a5a5a5a5a5a5a5a5 d2 a5a5a5a5a5a5a5a5 d3 a5a5a5a5a5a5a5a5 d4 7473206d6f726620 d5 6f74632063697461 d6 203a726f74642f72 d7 ffffffff656c6966 d8 0000007513f8b0c9 d9 0000000000000000 d10 0000000000000000 d11 0000000000000000 d12 0000000000000000 d13 0000000000000000 d14 0000000000000000 d15 0000000000000000 d16 0000007513f0c63a d17 c3e0000000000000 d18 2f68637269622f69 d19 61622f6d6f637078 d20 617254736e2f6573 d21 746e636665526563 d22 7070632e6c706d49 d23 3120656e696c202c d24 0000008000000000 d25 0000100000000000 d26 0000000800000000 d27 0000020000000000 d28 0000000000800000 d29 0000000000400000 d30 0000000000200000 d31 0000000000100000 scr 20000010 #00 pc 008b87ae /system/b2g/libxul.so #01 lr 42a397d7 /system/b2g/libnss3.so code around pc: 40d9a78c f8563501 f3060d08 4630f61d d8c0f74d .5V.......0FM... 40d9a79c 6ad3697a 4295681a 697bd384 0114f8d3 zi.j.h.B..{i.... 40d9a7ac 6803b120 68fa6939 4798681b 0024f107 ..h9i.h.h.G..$. 40d9a7bc de92f78a 0744f107 ecbd46bd e8bd8b02 ......D..F...... 40d9a7cc bf008ff0 014dd0b6 01a21452 0190c0f4 ......M.R....... code around lr: 42a397b4 000d005a 000b9db2 000b9c94 b5104b0f Z............K.. 42a397c4 681b447b b143681b 447b4b0d f72f6958 {D.h.hC..K{DXi/. 42a397d4 4604ed3e 4620b120 f7eebd10 e7f3fe6d >..F . F....m... 42a397e4 ffa2f7ff 4807b940 721ff44f 44784906 ....@..HO..r.IxD 42a397f4 f7f14479 e7eefc81 e7ec4604 000cd7a0 yD.......F...... memory map around addr a5a5a5a5: 46e31000-46f30000 (no map for address) b0001000-b0009000 /system/bin/linker stack: 43c12bf0 43c12c10 43c12bf4 41fab62a /system/b2g/libxul.so 43c12bf8 42277744 /system/b2g/libxul.so 43c12bfc 41fab640 /system/b2g/libxul.so 43c12c00 42efa820 43c12c04 414a0f69 /system/b2g/libxul.so 43c12c08 42277744 /system/b2g/libxul.so 43c12c0c 41fab640 /system/b2g/libxul.so 43c12c10 43c12c70 43c12c14 00000001 43c12c18 43c12c20 43c12c1c 404e7935 /system/b2g/libxul.so 43c12c20 427bbaf0 /system/b2g/libxul.so 43c12c24 00000001 43c12c28 df0027ad 43c12c2c 00000000 #00 43c12c30 13f8b0c9 43c12c34 00000075 43c12c38 00000002 43c12c3c 43c12c70 43c12c40 426a67a0 /system/b2g/libxul.so 43c12c44 4516da80 43c12c48 43c12cb4 43c12c4c 4559d8e0 43c12c50 13f8b0c9 43c12c54 00000075 43c12c58 4518bab0 43c12c5c 4559d9e8 43c12c60 4518ba01 43c12c64 42efa820 43c12c68 42efa820 43c12c6c 42efa820 43c12c70 42efa820 43c12c74 43c12c60
This appears to be being caused by the unintialized raw pointer mFrameCallback.
Blocks: 825110
Attached patch Initialize mFrameCallback (deleted) — Splinter Review
Attachment #747252 - Flags: review?(mhabicher)
Comment on attachment 747252 [details] [diff] [review] Initialize mFrameCallback Review of attachment 747252 [details] [diff] [review]: ----------------------------------------------------------------- Good find. Thanks!
Attachment #747252 - Flags: review?(mhabicher) → review+
Assignee: nobody → dhylands
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: