Closed Bug 1814553 Opened 2 years ago Closed 2 years ago

Assertion failure: aIsMetadataDecode || r == 0, at /builds/worker/checkouts/gecko/image/decoders/nsAVIFDecoder.cpp:623

Categories

(Core :: Graphics: ImageLib, defect)

Product:
Core
Component:
Graphics: ImageLib
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
111 Branch
Tracking Flags:
Tracking Status
firefox-esr102 --- unaffected
firefox109 --- unaffected
firefox110 --- unaffected
firefox111 --- fixed

People

(Reporter: tsmith, Assigned: Zaggy1024)

References

(Blocks 1 open bug)

Details

(Keywords: assertion, testcase)

Attachments

(2 files)

testcase.avif
784.50 KB, image/avif
Details
Bug 1814553 - Make sure to always send AVIF decoder error telemetry. r=tnikkel
48 bytes, text/x-phabricator-request
Details | Review
Attached image testcase.avif

Found while fuzzing m-c 20230201-b7f075124503 (--enable-debug --enable-fuzzing)

Requires pref image.avif.sequence.enabled=true

Assertion failure: aIsMetadataDecode || r == 0, at /builds/worker/checkouts/gecko/image/decoders/nsAVIFDecoder.cpp:623

#0 0x7f004893d934 in mozilla::image::Dav1dDecoder::GetPicture(Dav1dContext&, mozilla::MediaRawData const&, Dav1dPicture*, bool) /builds/worker/checkouts/gecko/image/decoders/nsAVIFDecoder.cpp:623:5
#1 0x7f004893ceff in mozilla::image::Dav1dDecoder::Decode(bool, Mp4parseAvifInfo const&, mozilla::image::AVIFImage const&) /builds/worker/checkouts/gecko/image/decoders/nsAVIFDecoder.cpp:524:21
#2 0x7f0048911d69 in mozilla::image::nsAVIFDecoder::Decode(mozilla::image::SourceBufferIterator&, mozilla::image::IResumable*) /builds/worker/checkouts/gecko/image/decoders/nsAVIFDecoder.cpp:1491:17
#3 0x7f0048910f61 in mozilla::image::nsAVIFDecoder::DoDecode(mozilla::image::SourceBufferIterator&, mozilla::image::IResumable*) /builds/worker/checkouts/gecko/image/decoders/nsAVIFDecoder.cpp:1181:25
#4 0x7f0048853057 in mozilla::image::Decoder::Decode(mozilla::image::IResumable*) /builds/worker/checkouts/gecko/image/Decoder.cpp:177:19
#5 0x7f00488529fb in mozilla::image::AnimationSurfaceProvider::Run() /builds/worker/checkouts/gecko/image/AnimationSurfaceProvider.cpp:232:36
#6 0x7f0048875401 in mozilla::image::DecodingTask::Run() /builds/worker/checkouts/gecko/image/DecodePool.cpp:146:12
#7 0x7f00471aee03 in mozilla::TaskController::RunPoolThread() /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:328:33
#8 0x7f005bde0c86 in _pt_root /builds/worker/checkouts/gecko/nsprpub/pr/src/pthreads/ptthread.c:201:5
#9 0x7f005c689b42 in start_thread nptl/pthread_create.c:442:8
#10 0x7f005c71b9ff  misc/../sysdeps/unix/sysv/linux/x86_64/clone3.S:81
Flags: in-testsuite?

This is an odd one, I would've expected this assertion to be hit even before the patch for AVIS landed, since I think this was regressed by Bug 1682662. It's fairly simple to fix, though, I'll submit a patch.

See Also: → 1682662

This fixes an assertion failure due to the assumption before Bug 1682662 that
all metadata decodes will completely decode a sample. That is no longer the case
because telemetry for image sizes can be sent without a full decode.

Assignee: nobody → Zaggy1024
Status: NEW → ASSIGNED
Severity: -- → S3

This reproduces before bug 1788119 landed (and after with both pref values of image.avif.sequence.enabled).

Pushed by tnikkel@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/fae0ee539866 Make sure to always send AVIF decoder error telemetry. r=tnikkel

https://hg.mozilla.org/mozilla-central/rev/fae0ee539866

Status: ASSIGNED → RESOLVED
Closed: 2 years ago
Resolution: --- → FIXED
Target Milestone: --- → 111 Branch
No longer regressions: 1825563
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: