Bug#799632: iceweasel: SIGSEGV when playing videos via gstreamer

Soeren D. Schulze soeren.d.schulze at gmx.de
Mon Sep 21 01:55:16 UTC 2015


Package: iceweasel
Version: 38.2.1esr-1~deb8u1
Severity: important

Approximately once every 10 hours of use, I experience a crash of 
Iceweasel. It seems to be correlated with playing videos via gstreamer 
with the libav/ffmpeg backend, but I have not yet found any reliable way 
to reproduce it.

I have observed similar crashes like this on other Debian systems with 
earlier versions of Iceweasel, but I cannot tell if it is the same bug 
because I did not have a debugger running.

Please see the full backtrace below.  At a first glance, the problem 
seems to be in the GST_VIDEO_FRAME_COMP_DATA macro which ultimately 
calls GST_VIDEO_FORMAT_INFO_DATA (defined in the gstreamer headers), 
which in turn dereferences frame->info->finfo.  According to #1 in the 
backtrace, finfo is NULL, so I think this is what causes the crash.

(gdb) bt f
#0  0x00007ffff23cbd66 in mozilla::GStreamerReader::ImageDataFromVideoFrame
(this=this at entry=0x7fff849dc800, aFrame=aFrame at entry=0x7fffd57bc840,
aData=aData at entry=0x7fffd57bc7f0) at
/tmp/buildd/iceweasel-38.2.1esr/dom/media/gstreamer/GStreamerReader.cpp:1440
No locals.
#1  0x00007ffff23cc2cf in mozilla::GStreamerReader::GetImageFromBuffer
(this=this at entry=0x7fff849dc800, aBuffer=aBuffer at entry=0x7fff87e803d0) at
/tmp/buildd/iceweasel-38.2.1esr/dom/media/gstreamer/GStreamerReader.cpp:1466
         frame = {info = {finfo = 0x0, interlace_mode =
GST_VIDEO_INTERLACE_MODE_PROGRESSIVE, flags = GST_VIDEO_FLAG_NONE, width 
= 0,
height = 0, size = 0, views = 0, chroma_site = 
GST_VIDEO_CHROMA_SITE_UNKNOWN,
colorimetry = {range = GST_VIDEO_COLOR_RANGE_UNKNOWN, matrix =
GST_VIDEO_COLOR_MATRIX_UNKNOWN, transfer = GST_VIDEO_TRANSFER_UNKNOWN,
primaries = GST_VIDEO_COLOR_PRIMARIES_UNKNOWN}, par_n = 0, par_d = 0, 
fps_n =
0, fps_d = 0, offset = {0, 0, 0, 0}, stride = {0, 0, 0, 0}, _gst_reserved =
{0x0, 0x0, 0x0, 0x0}}, flags = GST_VIDEO_FRAME_FLAG_NONE, buffer = 0x0, 
meta =
0x0, id = 0, data = {0x0, 0x0, 0x0, 0x0}, map = {{memory = 0x0, flags =
(unknown: 0), data = 0x0, size = 0, maxsize = 0, user_data = {0x0, 0x0, 0x0,
0x0}, _gst_reserved = {0x0, 0x0, 0x0, 0x0}}, {memory = 0x0, flags = 
(unknown:
0), data = 0x0, size = 0, maxsize = 0, user_data = {0x0, 0x0, 0x0, 0x0},
_gst_reserved = {0x0, 0x0, 0x0, 0x0}}, {memory = 0x0, flags = (unknown: 0),
data = 0x0, size = 0, maxsize = 0, user_data = {0x0, 0x0, 0x0, 0x0},
_gst_reserved = {0x0, 0x0, 0x0, 0x0}}, {memory = 0x0, flags = (unknown: 0),
data = 0x0, size = 0, maxsize = 0, user_data = {0x0, 0x0, 0x0, 0x0},
_gst_reserved = {0x0, 0x0, 0x0, 0x0}}}, _gst_reserved = {0x0, 0x0, 0x0, 
0x0}}
         data = {mYChannel = 0x0, mYStride = 0, mYSize =
{<mozilla::gfx::BaseSize<int,
mozilla::gfx::IntSizeTyped<mozilla::gfx::UnknownUnits> >> = {width = 0, 
height
= 0}, <mozilla::gfx::UnknownUnits> = {<No data fields>}, <No data fields>},
mYSkip = 0, mCbChannel = 0x0, mCrChannel = 0x0, mCbCrStride = 0, mCbCrSize =
{<mozilla::gfx::BaseSize<int,
mozilla::gfx::IntSizeTyped<mozilla::gfx::UnknownUnits> >> = {width = 0, 
height
= 0}, <mozilla::gfx::UnknownUnits> = {<No data fields>}, <No data fields>},
mCbSkip = 0, mCrSkip = 0, mPicX = 0, mPicY = 0, mPicSize =
{<mozilla::gfx::BaseSize<int,
mozilla::gfx::IntSizeTyped<mozilla::gfx::UnknownUnits> >> = {width = 0, 
height
= 0}, <mozilla::gfx::UnknownUnits> = {<No data fields>}, <No data fields>},
mStereoMode = mozilla::StereoMode::MONO}
         mem = <optimized out>
         image = {mRawPtr = 0x7fffc194f970}
#2  0x00007ffff23cc6c5 in mozilla::GStreamerReader::DecodeVideoFrame
(this=0x7fff849dc800, aKeyFrameSkip=<optimized out>, 
aTimeThreshold=<optimized
out>) at
/tmp/buildd/iceweasel-38.2.1esr/dom/media/gstreamer/GStreamerReader.cpp:824
         buffer = 0x7fff87e803d0
         isKeyframe = true
         duration = 41708
         image = {mRawPtr = 0x7fffc194f970}
         video = {mRawPtr = 0xa8}
         timestamp = 41000
         offset = <optimized out>
#3  0x00007ffff2351778 in mozilla::MediaDecoderReader::RequestVideoData
(this=0x7fff849dc800, aSkipToNextKeyframe=<optimized out>, 
aTimeThreshold=0) at
/tmp/buildd/iceweasel-38.2.1esr/dom/media/MediaDecoderReader.cpp:245
         p = {mRawPtr = 0x7fffad2b4ba0}
         __func__ = "RequestVideoData"
         skip = false
#4  0x00007ffff232d12d in
mozilla::detail::MethodCallWithTwoArgs<mozilla::MediaPromise<nsRefPtr<mozilla::VideoData>,
mozilla::MediaDecoderReader::NotDecodedReason, true>,
mozilla::MediaDecoderReader, bool, long>::Invoke (this=<optimized out>) at
/tmp/buildd/iceweasel-38.2.1esr/dom/media/MediaPromise.h:603
No locals.
#5  0x00007ffff2353aee in
mozilla::detail::ProxyRunnable<mozilla::MediaPromise<nsRefPtr<mozilla::VideoData>,
mozilla::MediaDecoderReader::NotDecodedReason, true> >::Run
(this=0x7fffcb8c37a0) at
/tmp/buildd/iceweasel-38.2.1esr/dom/media/MediaPromise.h:620
         p = {mRawPtr = 0x7fffad2b4ba0}
#6  0x00007ffff23501ca in mozilla::MediaTaskQueue::Runner::Run
(this=0x7fffcb88fea0) at
/tmp/buildd/iceweasel-38.2.1esr/dom/media/MediaTaskQueue.cpp:230
         event = {mPtr = 0x7fffcb8c37a0}
         __func__ = "Run"
#7  0x00007ffff1683e51 in nsThreadPool::Run (this=0x7fffb0183900) at
/tmp/buildd/iceweasel-38.2.1esr/xpcom/threads/nsThreadPool.cpp:225
         event = {<nsCOMPtr_base> = {mRawPtr = 0x7fffcb88fea0}, <No data
fields>}
         current = {<nsCOMPtr_base> = {mRawPtr = 0x7fffb723b3a0}, <No data
fields>}
         exitThread = false
         wasIdle = false
         listener = {<nsCOMPtr_base> = {mRawPtr = 0x0}, <No data fields>}
         shutdownThreadOnExit = false
         idleSince = 901650319
#8  0x00007ffff1681a61 in nsThread::ProcessNextEvent (this=0x7fffb723b3a0,
aMayWait=<optimized out>, aResult=0x7fffd57bcdf7) at
/tmp/buildd/iceweasel-38.2.1esr/xpcom/threads/nsThread.cpp:855
         event = {<nsCOMPtr_base> = {mRawPtr = 0x7fffb0183908}, <No data
fields>}
         reallyWait = <optimized out>
         notifyMainThreadObserver = <optimized out>
         obs = {<nsCOMPtr_base> = {mRawPtr = 0x0}, <No data fields>}
         rv = nsresult::NS_OK
#9  0x00007ffff1696e41 in NS_ProcessNextEvent (aThread=<optimized out>,
aMayWait=aMayWait at entry=false) at
/tmp/buildd/iceweasel-38.2.1esr/xpcom/glue/nsThreadUtils.cpp:265
         val = true
#10 0x00007ffff184e7ea in mozilla::ipc::MessagePumpForNonMainThreads::Run
(this=0x7fffc0434300, aDelegate=0x7fff6fbf2420) at
/tmp/buildd/iceweasel-38.2.1esr/ipc/glue/MessagePump.cpp:339
         didWork = <optimized out>
#11 0x00007ffff1843249 in MessageLoop::RunHandler (this=0x7fff6fbf2420) at
/tmp/buildd/iceweasel-38.2.1esr/ipc/chromium/src/base/message_loop.cc:226
No locals.
#12 MessageLoop::Run (this=this at entry=0x7fff6fbf2420) at
/tmp/buildd/iceweasel-38.2.1esr/ipc/chromium/src/base/message_loop.cc:200
         save_state = {<MessageLoop::RunState> = {run_depth = 1, 
quit_received =
false}, loop_ = 0x7fff6fbf2420, previous_state_ = 0x0}
#13 0x00007ffff16860bb in nsThread::ThreadFunc (aArg=0x7fffb723b3a0) at
/tmp/buildd/iceweasel-38.2.1esr/xpcom/threads/nsThread.cpp:356
         self = 0x7fffb723b3a0
         event = {<nsCOMPtr_base> = {mRawPtr = 0x0}, <No data fields>}
#14 0x00007ffff68e9f68 in _pt_root (arg=0x7fff7599d6a0) at
/tmp/buildd/iceweasel-38.2.1esr/nsprpub/pr/src/pthreads/ptthread.c:212
         rv = <optimized out>
         thred = 0x7fff7599d6a0
         detached = 0
         id = 140736775051008
         tid = 28672
#15 0x00007ffff7bc70a4 in start_thread (arg=0x7fffd57bd700) at
pthread_create.c:309
         __res = <optimized out>
         pd = 0x7fffd57bd700
         now = <optimized out>
         unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140736775051008,
-4317695908176455277, 0, 140737354125408, 140735166404256, 140736775051008,
4317787131666504083, 4317712938009237907}, mask_was_saved = 0}}, priv = 
{pad =
{0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
         not_first_call = <optimized out>
         pagesize_m1 = <optimized out>
         sp = <optimized out>
         freesize = <optimized out>
         __PRETTY_FUNCTION__ = "start_thread"
#16 0x00007ffff707c06d in clone () at
../sysdeps/unix/sysv/linux/x86_64/clone.S:111
No locals.
(gdb)



-- Package-specific info:

-- Extensions information
Name: Adblock Plus
Location: 
/usr/share/mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}/{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
Package: xul-ext-adblock-plus
Status: enabled

Name: British English Dictionary (Updated) dictionary
Location: ${PROFILE_EXTENSIONS}/en-gb at flyingtophat.co.uk
Status: enabled

Name: Default theme
Location: 
/usr/lib/iceweasel/browser/extensions/{972ce4c6-7e08-4474-a285-3208198ce6fd}
Package: iceweasel
Status: enabled

Name: Deutsch (DE) Language Pack locale
Location: 
/usr/lib/iceweasel/browser/extensions/langpack-de at iceweasel.mozilla.org.xpi
Package: iceweasel-l10n-de
Status: enabled

Name: NoScript
Location: 
/usr/share/mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}/{73a6fe31-595d-460b-a920-fcc0f8843232}
Package: xul-ext-noscript
Status: enabled

Name: User Agent Switcher
Location: ${PROFILE_EXTENSIONS}/{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi
Status: enabled

-- Plugins information
Name: Google Talk Plugin
Location: /opt/google/talkplugin/libnpgoogletalk.so
Package: google-talkplugin
Status: enabled

Name: Google Talk Plugin Video Renderer
Location: /opt/google/talkplugin/libnpo1d.so
Package: google-talkplugin
Status: enabled


-- Addons package information
ii  google-talkplu 5.41.0.0-1   amd64        Google Talk Plugin
ii  iceweasel      38.2.1esr-1~ amd64        Web browser based on Firefox
ii  iceweasel-l10n 1:38.2.1esr- all          German language package for 
Icewe
ii  xul-ext-adbloc 2.6.10+dfsg- all          advertisement blocking 
extension
ii  xul-ext-noscri 2.6.9.36-1   all          permissions manager for 
Iceweasel

-- System Information:
Debian Release: stretch/sid
   APT prefers stable-updates
   APT policy: (500, 'stable-updates'), (500, 'testing'), (500, 
'stable'), (450, 'oldstable'), (400, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.1.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages iceweasel depends on:
ii  debianutils               4.5.1
ii  fontconfig                2.11.0-6.3
ii  libasound2                1.0.29-1
ii  libatk1.0-0               2.16.0-2
ii  libc6                     2.19-20
ii  libcairo2                 1.14.2-2
ii  libdbus-1-3               1.10.0-2
ii  libdbus-glib-1-2          0.102-1
ii  libevent-2.0-5            2.0.21-stable-2
ii  libffi6                   3.2.1-3
ii  libfontconfig1            2.11.0-6.3
ii  libfreetype6              2.6-1
ii  libgcc1                   1:5.2.1-17
ii  libgdk-pixbuf2.0-0        2.31.5-1
ii  libglib2.0-0              2.44.1-1.1
ii  libgtk2.0-0               2.24.28-1
ii  libhunspell-1.3-0         1.3.3-3+b1
ii  libpango-1.0-0            1.36.8-3
ii  libsqlite3-0              3.8.11.1-1
ii  libstartup-notification0  0.12-4
ii  libstdc++6                5.2.1-17
ii  libx11-6                  2:1.6.3-1
ii  libxcomposite1            1:0.4.4-1
ii  libxdamage1               1:1.1.4-2+b1
ii  libxext6                  2:1.3.3-1
ii  libxfixes3                1:5.0.1-2+b2
ii  libxrender1               1:0.9.8-1+b1
ii  libxt6                    1:1.1.4-1+b1
ii  procps                    2:3.3.10-2
ii  zlib1g                    1:1.2.8.dfsg-2+b1

Versions of packages iceweasel recommends:
ii  gstreamer1.0-libav         1.4.5-3
ii  gstreamer1.0-plugins-good  1.4.5-2+b2

Versions of packages iceweasel suggests:
ii  fonts-mathjax          2.5.3-1
ii  fonts-oflb-asana-math  000.907-6
ii  fonts-stix [otf-stix]  1.1.1-3
ii  libcanberra0           0.30-2.1
ii  libgnomeui-0           2.24.5-3
ii  libgssapi-krb5-2       1.13.2+dfsg-2
pn  mozplugger             <none>

-- Configuration Files:
/etc/iceweasel/iceweaselrc a7f1bcffd6febdb02e86652a60ebfd16 [Errno 2] 
Datei oder Verzeichnis nicht gefunden: u'/etc/iceweasel/iceweaselrc 
a7f1bcffd6febdb02e86652a60ebfd16'

-- no debconf information



More information about the pkg-mozilla-maintainers mailing list