[Bug 789198] Re: Firefox crashes when attempting to play webm video on ARM with Thumb2 enabled
Bug Watch Updater
789198 at bugs.launchpad.net
Fri Jun 24 15:32:01 UTC 2011
Launchpad has imported 1 comments from the remote bug at
https://bugzilla.mozilla.org/show_bug.cgi?id=666931.
If you reply to an imported comment from within Launchpad, your comment
will be sent to the remote bug automatically. Read more about
Launchpad's inter-bugtracker facilities at
https://help.launchpad.net/InterBugTracking.
------------------------------------------------------------------------
On 2011-06-24T14:41:16+00:00 Ricardo Salveti wrote:
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/534.24 (KHTML, like Gecko) Ubuntu/11.04 Chromium/11.0.696.68 Chrome/11.0.696.68 Safari/534.24
Build Identifier: Mozilla/5.0 (X11; Linux armv7l; rv:7.0a1) Gecko/20110624 Firefox/7.0a1
When building firefox (4, 5 and latest daily) for ARM (armv7) with
thumb2 enabled libvpx crashes when decoding webm videos.
Reproducible: Always
Steps to Reproduce:
1. Build firefox for ARM (armv7) enabling thumb2 support
2. Go to youtube.com/html5 and enable trial
3. Try to play a webm video
Actual Results:
Segfault at vp8dx_receive_compressed_data.
Expected Results:
Video should play without crashing the browser.
Build platform:
target arm-unknown-linux-gnueabi
Build tools:
Compiler Version Compiler flags
gcc gcc version 4.5.2 (Ubuntu/Linaro 4.5.2-8ubuntu4) -Wall -W -Wno-unused -Wpointer-arith -Wdeclaration-after-statement -W -pedantic -Wno-long-long -g -fno-strict-aliasing -pthread -mthumb -pipe -DNDEBUG -DTRIMMED -g -Os -freorder-blocks -finline-limit=50 -fomit-frame-pointer
c++ gcc version 4.5.2 (Ubuntu/Linaro 4.5.2-8ubuntu4) -fno-rtti -fno-exceptions -Wall -Wpointer-arith -Woverloaded-virtual -Wsynth -Wno-ctor-dtor-privacy -Wno-non-virtual-dtor -Wno-invalid-offsetof -Wno-variadic-macros -Werror=return-type -pedantic -Wno-long-long -g -fno-strict-aliasing -std=gnu++0x -pthread -mthumb -pipe -DNDEBUG -DTRIMMED -g -Os -freorder-blocks -finline-limit=50 -fomit-frame-pointer
Configure arguments
--host=arm-linux-gnueabi --prefix=/usr --localstatedir=/var
--libexecdir=/usr/lib/firefox-trunk-7.0a1 '--with-l10n-
base=/build/firefox/daily/firefox-
trunk-7.0~a1~hg20110622r71547+nobinonly/build-tree/mozilla/l10n'
--disable-maintainer-mode --disable-dependency-tracking --disable-
silent-rules '--srcdir=/build/firefox/daily/firefox-
trunk-7.0~a1~hg20110622r71547+nobinonly/build-tree/mozilla' --disable-
elf-dynstr-gc --disable-install-strip --disable-strip --disable-updater
--enable-application=browser --enable-default-toolkit=cairo-gtk2
--enable-startup-notification --enable-pango --enable-svg --enable-
mathml --enable-safe-browsing --with-distribution-id=com.ubuntu
--enable-thumb2 --without-system-jpeg --without-system-png --without-
system-zlib --enable-optimize --enable-tests --enable-mochitest
--enable-ipdl-tests --disable-system-cairo --without-system-nspr
--without-system-nss --disable-system-sqlite --disable-system-hunspell
--enable-crashreporter --with-branding=browser/branding/nightly
--disable-gnomevfs --enable-gio --enable-update-channel=nightly
--disable-debug --disable-elf-hack --enable-
extensions=default,globalmenu --with-app-name=firefox-trunk
Crash report: http://crash-stats.mozilla.com/report/index/bp-9bd983ab-
2bd2-45d2-a466-d7a832110624
GDB stack trace:
Breakpoint 1, vp8dx_receive_compressed_data (ptr=0x533dd020, size=637, source=0x531ae400 "pE", time_stamp=0)
at /build/firefox/daily/firefox-trunk-7.0~a1~hg20110622r71547+nobinonly/build-tree/mozilla/media/libvpx/vp8/decoder/onyxd_if.c:318
warning: Source file is more recent than executable.
318 {
(gdb) n
330 if (ptr == 0)
(gdb)
335 pbi->common.error.error_code = VPX_CODEC_OK;
(gdb)
322 VP8D_COMP *pbi = (VP8D_COMP *) ptr;
(gdb)
335 pbi->common.error.error_code = VPX_CODEC_OK;
(gdb)
339 if (cm->rtcd.flags & HAS_NEON)
(gdb)
342 vp8_push_neon(dx_store_reg);
(gdb) bt full
#0 vp8dx_receive_compressed_data (ptr=0x533dd020, size=637, source=0x531ae400 "pE", time_stamp=0) at /build/firefox/daily/firefox-trunk-7.0~a1~hg20110622r71547+nobinonly/build-tree/mozilla/media/libvpx/vp8/decoder/onyxd_if.c:342
dx_store_reg = {139152645440798, 96048353650484, 46291157527873, 32920924327760, 4667030352823325135, 1396564432, 2032, 5998198907190763984}
pbi = 0x533dd020
cm = 0x533de1d0
retcode = 0
timer = {begin = {tv_sec = 0, tv_usec = 1086636637}, end = {tv_sec = 1396559904, tv_usec = 1377364708}}
#1 0x40c4e2aa in vp8_decode (ctx=0x47dd4500, data=0x531ae400 "pE", data_sz=637, user_priv=<value optimized out>, deadline=0)
at /build/firefox/daily/firefox-trunk-7.0~a1~hg20110622r71547+nobinonly/build-tree/mozilla/media/libvpx/vp8/vp8_dx_iface.c:424
ppflag = 0
ppdeblocking = 0
sd = {y_width = 640, y_height = 360, y_stride = 9, uv_width = 0, uv_height = 0, uv_stride = 0, y_buffer = 0x0, u_buffer = 0xfa00 <Address 0xfa00 out of bounds>,
v_buffer = 0x400d49e3 "\373\005\372H\352\001H\302E\006\331\001=\030\353\a\b\002\322\302E\210\277\001=E\352\tJ", buffer_alloc = 0x53165000 "\030\361SA", border = 1086594491, frame_size = 0, clrtype = 1393971200}
time_stamp = 0
time_end_stamp = 0
ppnoise = 0
res = <value optimized out>
#2 0x40c4e6c4 in vpx_codec_decode (ctx=0x531650c0, data=<value optimized out>, data_sz=<value optimized out>, user_priv=<value optimized out>, deadline=0)
at /build/firefox/daily/firefox-trunk-7.0~a1~hg20110622r71547+nobinonly/build-tree/mozilla/media/libvpx/vpx/src/vpx_decoder.c:127
res = <value optimized out>
#3 0x40c41f9a in nsWebMReader::DecodeVideoFrame (this=0x53165000, aKeyframeSkip=@0x5218ec44, aTimeThreshold=0)
at /build/firefox/daily/firefox-trunk-7.0~a1~hg20110622r71547+nobinonly/build-tree/mozilla/content/media/webm/nsWebMReader.cpp:692
data = 0x531ae400 "pE"
length = 637
si = {sz = 16, w = 640, h = 360, is_kf = 1}
iter = 0x2
img = <value optimized out>
i = 0
packet = 0x4cc7cc20
next_tstamp = 42000000
parsed = 0
decoded = 0
track = 0
r = <value optimized out>
count = 0
tstamp_usecs = 0
autoNotify = {mDecoder = 0x52f5ac80, mParsed = @0x5218ec14, mDecoded = @0x5218ec10}
holder = {<nsAutoRefBase<NesteggPacketHolder>> = {<nsSimpleRef<NesteggPacketHolder>> = {<nsAutoRefTraits<NesteggPacketHolder>> = {<nsPointerRefTraits<NesteggPacketHolder>> = {<No data fields>}, <No data fields>},
mRawRef = 0x47f756a0}, <No data fields>}, <No data fields>}
tstamp = 0
#4 0x40c33a2e in nsBuiltinDecoderReader::DecodeVideoFrame (this=<value optimized out>) at /build/firefox/daily/firefox-trunk-7.0~a1~hg20110622r71547+nobinonly/build-tree/mozilla/content/media/nsBuiltinDecoderReader.h:496
f = 0
#5 0x40c33b08 in nsBuiltinDecoderReader::DecodeToFirstData<VideoData> (this=0x53165000, aDecodeFn=(PRBool (nsBuiltinDecoderReader::*)(nsBuiltinDecoderReader *)) 0x40c33a1b <nsBuiltinDecoderReader::DecodeVideoFrame()>, aQueue=...)
at /build/firefox/daily/firefox-trunk-7.0~a1~hg20110622r71547+nobinonly/build-tree/mozilla/content/media/nsBuiltinDecoderReader.cpp:277
eof = <value optimized out>
#6 0x40c3357a in nsBuiltinDecoderReader::FindStartTime (this=0x53165000, aOutStartTime=@0x5218eca0)
at /build/firefox/daily/firefox-trunk-7.0~a1~hg20110622r71547+nobinonly/build-tree/mozilla/content/media/nsBuiltinDecoderReader.cpp:244
videoStartTime = 9223372036854775807
audioStartTime = 9223372036854775807
videoData = 0x0
startTime = 30064771072
#7 0x40c31494 in nsBuiltinDecoderStateMachine::FindStartTime (this=<value optimized out>) at /build/firefox/daily/firefox-trunk-7.0~a1~hg20110622r71547+nobinonly/build-tree/mozilla/content/media/nsBuiltinDecoderStateMachine.cpp:1574
startTime = 4666596270165248304
v = 0x0
#8 0x40c3289e in nsBuiltinDecoderStateMachine::Run (this=0x4cb06a70) at /build/firefox/daily/firefox-trunk-7.0~a1~hg20110622r71547+nobinonly/build-tree/mozilla/content/media/nsBuiltinDecoderStateMachine.cpp:1078
videoData = <value optimized out>
metadataLoadedEvent = {<nsCOMPtr_base> = {mRawPtr = 0x417fa65f}, <No data fields>}
stream = 0x533d4000
#9 0x40f8b426 in nsThread::ProcessNextEvent (this=0x4c72bd30, mayWait=<value optimized out>, result=0x5218eda4) at /build/firefox/daily/firefox-trunk-7.0~a1~hg20110622r71547+nobinonly/build-tree/mozilla/xpcom/threads/nsThread.cpp:618
event = {<nsCOMPtr_base> = {mRawPtr = 0x4cb06a70}, <No data fields>}
notifyGlobalObserver = 1
obs = {<nsCOMPtr_base> = {mRawPtr = 0x0}, <No data fields>}
canary = {static sOutputFD = 0}
rv = 0
#10 0x40f6b1da in NS_ProcessNextEvent_P (thread=<value optimized out>, mayWait=1) at /build/firefox/daily/firefox-trunk-7.0~a1~hg20110622r71547+nobinonly/build-tree/mozilla/obj-arm-linux-gnueabi/xpcom/build/nsThreadUtils.cpp:245
val = <value optimized out>
#11 0x40f8b174 in nsThread::ThreadFunc (arg=0x4c72bd30) at /build/firefox/daily/firefox-trunk-7.0~a1~hg20110622r71547+nobinonly/build-tree/mozilla/xpcom/threads/nsThread.cpp:273
self = 0x4c72bd30
event = {<nsCOMPtr_base> = {mRawPtr = 0x0}, <No data fields>}
#12 0x417fdbec in _pt_root (arg=0x47e995e0) at /build/firefox/daily/firefox-trunk-7.0~a1~hg20110622r71547+nobinonly/build-tree/mozilla/nsprpub/pr/src/pthreads/ptthread.c:187
thred = 0x47e995e0
detached = 0
#13 0x401933be in start_thread () from /lib/arm-linux-gnueabi/libpthread.so.0
No symbol table info available.
#14 0x402dd538 in clone () from /lib/arm-linux-gnueabi/libc.so.6
No symbol table info available.
#15 0x402dd538 in clone () from /lib/arm-linux-gnueabi/libc.so.6
No symbol table info available.
Backtrace stopped: previous frame identical to this frame (corrupt stack?)
(gdb) p cm->rtcd
$1 = {idct = {idct1 = 0x40c5597e <vp8_short_idct4x4llm_1_neon>, idct16 = 0x40c559ce <vp8_short_idct4x4llm_neon>, idct1_scalar_add = 0x40c451b9 <vp8_dc_only_idct_add_c>, iwalsh1 = 0x40c54c7e <vp8_short_inv_walsh4x4_1_neon>,
iwalsh16 = 0x40c54bfa <vp8_short_inv_walsh4x4_neon>}, recon = {copy16x16 = 0x40c54b32 <vp8_copy_mem16x16_neon>, copy8x8 = 0x40c54aee <vp8_copy_mem8x8_neon>, copy8x4 = 0x40c54aca <vp8_copy_mem8x4_neon>,
recon = 0x40c5590e <vp8_recon_b_neon>, recon2 = 0x40c55822 <vp8_recon2b_neon>, recon4 = 0x40c5587a <vp8_recon4b_neon>, recon_mb = 0x40c51b5b <vp8_recon_mb_neon>, recon_mby = 0x40c4789f <vp8_recon_mby_c>,
build_intra_predictors_mby_s = 0x40c5145f <vp8_build_intra_predictors_mby_s_neon>, build_intra_predictors_mby = 0x40c51439 <vp8_build_intra_predictors_mby_neon>}, subpix = {sixtap16x16 = 0x40c56d16 <vp8_sixtap_predict16x16_neon>,
sixtap8x8 = 0x40c56662 <vp8_sixtap_predict8x8_neon>, sixtap8x4 = 0x40c5601e <vp8_sixtap_predict8x4_neon>, sixtap4x4 = 0x40c55aaa <vp8_sixtap_predict_neon>, bilinear16x16 = 0x40c546c6 <vp8_bilinear_predict16x16_neon>,
bilinear8x8 = 0x40c544ba <vp8_bilinear_predict8x8_neon>, bilinear8x4 = 0x40c5435a <vp8_bilinear_predict8x4_neon>, bilinear4x4 = 0x40c5421a <vp8_bilinear_predict4x4_neon>}, loopfilter = {
normal_mb_v = 0x40c51225 <vp8_loop_filter_mbv_neon>, normal_b_v = 0x40c51369 <vp8_loop_filter_bv_neon>, normal_mb_h = 0x40c511c3 <vp8_loop_filter_mbh_neon>, normal_b_h = 0x40c51287 <vp8_loop_filter_bh_neon>,
simple_mb_v = 0x40c51269 <vp8_loop_filter_mbvs_neon>, simple_b_v = 0x40c513eb <vp8_loop_filter_bvs_neon>, simple_mb_h = 0x40c51207 <vp8_loop_filter_mbhs_neon>, simple_b_h = 0x40c51317 <vp8_loop_filter_bhs_neon>}, postproc = {
down = 0, across = 0, downacross = 0, addnoise = 0, blend_mb = 0}, flags = 7}
(gdb) n
Program received signal SIGILL, Illegal instruction.
0x5218ea74 in ?? ()
(gdb) bt full
#0 0x5218ea74 in ?? ()
No symbol table info available.
Cannot access memory at address 0x0
#1 0x515bea48 in ?? ()
No symbol table info available.
Cannot access memory at address 0x0
#2 0x515bea48 in ?? ()
No symbol table info available.
Cannot access memory at address 0x0
Backtrace stopped: previous frame identical to this frame (corrupt stack?)
If I just disable THUMB2 support it works fine.
Reply at: https://bugs.launchpad.net/firefox/+bug/789198/comments/17
** Changed in: firefox
Status: Unknown => New
** Changed in: firefox
Importance: Unknown => Medium
--
You received this bug notification because you are a member of Mozilla
Bugs, which is subscribed to firefox in Ubuntu.
https://bugs.launchpad.net/bugs/789198
Title:
Firefox crashes when attempting to play webm video on ARM with Thumb2
enabled
To manage notifications about this bug go to:
https://bugs.launchpad.net/firefox/+bug/789198/+subscriptions
More information about the Ubuntu-mozillateam-bugs
mailing list