Closed Bug 1413702 Opened 7 years ago Closed 7 years ago

UBSan: division by zero in [@ mp4_demuxer::Moof::Moof]

Categories

(Core :: Audio/Video: Playback, defect, P2)

Product:
Core
Component:
Audio/Video: Playback
Version:
58 Branch
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla58
Tracking Flags:
Tracking Status
firefox58 --- fixed

People

(Reporter: tsmith, Assigned: ayang)

References

(Blocks 1 open bug)

Details

(Keywords: testcase)

Attachments

(2 files)

test_case.mp4
977.02 KB, video/mp4
Details
Bug 1413702 - avoid dividing by zero.
59 bytes, text/x-review-board-request
kinetik
: review+
Details
Attached video test_case.mp4
This was found with a Firefox build built with -fsanitize=float-divide-by-zero,integer-divide-by-zero /mozilla-central/media/libstagefright/binding/MoofParser.cpp:450:46: runtime error: division by zero #0 mp4_demuxer::Moof::Moof(mp4_demuxer::Box&, mp4_demuxer::Trex&, mp4_demuxer::Mvhd&, mp4_demuxer::Mdhd&, mp4_demuxer::Edts&, mp4_demuxer::Sinf&, unsigned long*, bool) /mozilla-central/media/libstagefright/binding/MoofParser.cpp:450:46 #1 mp4_demuxer::MoofParser::RebuildFragmentedIndex(mp4_demuxer::BoxContext&) /mozilla-central/media/libstagefright/binding/MoofParser.cpp:65:12 #2 RebuildFragmentedIndex /mozilla-central/media/libstagefright/binding/MoofParser.cpp:35:10 #3 mp4_demuxer::MoofParser::RebuildFragmentedIndex(mozilla::media::IntervalSet<long> const&, bool*) /mozilla-central/media/libstagefright/binding/MoofParser.cpp:51 #4 mp4_demuxer::Index::UpdateMoofIndex(mozilla::media::IntervalSet<long> const&, bool) /mozilla-central/media/libstagefright/binding/Index.cpp:439:16 #5 mozilla::MP4TrackDemuxer::EnsureUpToDateIndex() /mozilla-central/dom/media/fmp4/MP4Demuxer.cpp:400:11 #6 mozilla::MP4TrackDemuxer::MP4TrackDemuxer(mozilla::MP4Demuxer*, mozilla::UniquePtr<mozilla::TrackInfo, mozilla::DefaultDelete<mozilla::TrackInfo> >&&, mp4_demuxer::IndiceWrapper const&) /mozilla-central/dom/media/fmp4/MP4Demuxer.cpp:358:3 #7 mozilla::MP4Demuxer::Init() /mozilla-central/dom/media/fmp4/MP4Demuxer.cpp:221:13 #8 operator() /mozilla-central/dom/media/MediaFormatReader.cpp:1115:47 #9 mozilla::detail::ProxyFunctionRunnable<mozilla::MediaFormatReader::DemuxerProxy::Init()::$_10, mozilla::MozPromise<mozilla::MediaResult, mozilla::MediaResult, true> >::Run() /mozilla-central/objdir-ff-ubsan/dist/include/mozilla/MozPromise.h:1511 #10 mozilla::TaskQueue::Runner::Run() /mozilla-central/xpcom/threads/TaskQueue.cpp:246:12 #11 nsThreadPool::Run() /mozilla-central/xpcom/threads/nsThreadPool.cpp:228:14 #12 non-virtual thunk to nsThreadPool::Run() /mozilla-central/xpcom/threads/nsThreadPool.cpp #13 nsThread::ProcessNextEvent(bool, bool*) /mozilla-central/xpcom/threads/nsThread.cpp:1037:14 #14 NS_ProcessNextEvent(nsIThread*, bool) /mozilla-central/xpcom/threads/nsThreadUtils.cpp:513:10 #15 mozilla::ipc::MessagePumpForNonMainThreads::Run(base::MessagePump::Delegate*) /mozilla-central/ipc/glue/MessagePump.cpp:334:20 #16 RunInternal /mozilla-central/ipc/chromium/src/base/message_loop.cc:326:10 #17 RunHandler /mozilla-central/ipc/chromium/src/base/message_loop.cc:319 #18 MessageLoop::Run() /mozilla-central/ipc/chromium/src/base/message_loop.cc:299 #19 nsThread::ThreadFunc(void*) /mozilla-central/xpcom/threads/nsThread.cpp:425:11 #20 _pt_root /mozilla-central/nsprpub/pr/src/pthreads/ptthread.c:216:5 #21 start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x77fb) #22 clone /build/glibc-CxtIbX/glibc-2.26/misc/../sysdeps/unix/sysv/linux/x86_64/clone.S:95
Flags: in-testsuite?
Has Regression Range: --- → irrelevant
Alfredo, Per discussion, please take care of this bug. Thanks!
Assignee: nobody → ayang
Priority: -- → P2
Comment on attachment 8925462 [details] Bug 1413702 - avoid dividing by zero. https://reviewboard.mozilla.org/r/196582/#review202002
Attachment #8925462 - Flags: review?(kinetik) → review+
https://hg.mozilla.org/mozilla-central/rev/c2b1d6f40e47
Status: NEW → RESOLVED
Closed: 7 years ago
status-firefox58: affectedfixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla58
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: