Wait 3 seconds after loading the testcase. File: content/media/AudioSegment.cpp:24 template <class SrcT, class DestT> static void InterleaveAndConvertBuffer(const SrcT** aSourceChannels, int32_t aLength, float aVolume, int32_t aChannels, DestT* aOutput) { DestT* output = aOutput; for (int32_t i = 0; i < aLength; ++i) { for (int32_t channel = 0; channel < aChannels; ++channel) { float v = AudioSampleToFloat(aSourceChannels[channel][i])*aVolume; * *output = FloatToAudioSample<DestT>(v); ++output; } } } Tested with http://hg.mozilla.org/integration/mozilla-inbound/rev/ac7d9177c7ee

This code was added in bug 842243. Shelly, can you please take a look at this?

Sure thing.

Thanks, and let me know if you need help. It seems like the output buffer here is smaller than what we're expecting.

When down-mixing the audio source, should pass the "output channels count" to the downmix function, not the "source channels count". Hi Ehsan, could you review the patch? It's a small fix, I'm running the try-server in the mean while.

Comment on attachment 762487 [details] [diff] [review] Fix patch for the crash in AudioSegment.cpp Review of attachment 762487 [details] [diff] [review]: ----------------------------------------------------------------- Nice! Can you please also include the test case here as a crashtest in <http://mxr.mozilla.org/mozilla-central/source/content/media/test/crashtests/> when landing? Thanks!

Thanks! Re-push the patch to try-server now.

https://tbpl.mozilla.org/?tree=Try&rev=7a6a4055c05d https://tbpl.mozilla.org/?tree=Try&rev=c2a730389ce5