Found with m-c 20231016-f64b858317d1 (--enable-debug --enable-fuzzing)

Attempting to play the test case hangs attempting to load(?). From this point on it is not possible to play HEVC files without relaunching the browser.

This test file seems crashing the whole GPU process, I am still not sure if it should be a security issue. But for safe, making this bug as a sec bug for now.

This is nightly-only and surely it will be fixed before we ship. if we had to rate it we'd call it sec-low if anything, but we don't need to hide it.

The severity field is not set for this bug.
:jimm, could you have a look please?

For more information, please visit BugBot documentation.

The severity field is not set for this bug.
:jimm, could you have a look please?

For more information, please visit BugBot documentation.

This bug prevents fuzzing from making progress; however, it has low severity. It is important for fuzz blocker bugs to be addressed in a timely manner (see here why?).
:alwu, could you consider increasing the severity?

For more information, please visit BugBot documentation.

Still happening in 131b4

Is anyone still be able to reproduce this issue? I couldn’t reproduce it on the latest central build. Below are the testing steps I followed, and the browser did not hang or crash.

python3 -m fuzzfetch --central --asan --fuzzing -n firefox
python3 -m grizzly.replay ./firefox/firefox testcase.mp4

I didn't test the nightly.. but it's not like the whole browser hanged or crashed. Only whatever subsequent attempt of decoding a video got stuck.
Can the fuzzer even access the HEVC MFT plugin?

(In reply to mirh from comment #8)

Can the fuzzer even access the HEVC MFT plugin?

This is a mutation fuzzer and the browser is running the output, so yes.

(In reply to Alastor Wu [:alwu] from comment #7)

Is anyone still be able to reproduce this issue?

Yes, I am able to reproduce the issue. I tested with m-c 20241001-0546d4eb6429. (Windows 11 with HW HEVC support)

and the browser did not hang or crash.

The process of loading the content (?) hung, instead of failing. This means every attempt will need to wait to timeout which greatly reduces the iteration rate.

(In reply to Alastor Wu [:alwu] from comment #7)

Is anyone still be able to reproduce this issue?

Yes, I am able to reproduce the issue. I tested with m-c 20241001-0546d4eb6429. (Windows 11 with HW HEVC support)

The process of loading the content (?) hung, instead of failing. This means every attempt will need to wait to timeout which greatly reduces the iteration rate.

Hmm the latest Nightly is also from 10/01, but when I opened the file, the process (tab) didn't either hang or become non-responsive. As you mention timeout, is fuzzy-test waiting for specific event? In addition, would you mind to follow this instruction to capture a media profile for me when the issue happens? Thank you.

(In reply to Alastor Wu [:alwu] from comment #10)

Hmm the latest Nightly is also from 10/01, but when I opened the file, the process (tab) didn't either hang or become non-responsive. As you mention timeout, is fuzzy-test waiting for specific event?

It should not have anything to do with the fuzzing framework since the test is completely standalone. FWIW this is basically a corrupted mp4 file.

In addition, would you mind to follow this instruction to capture a media profile for me when the issue happens? Thank you.

https://share.firefox.dev/3XKMq6F

I opened the tab dragged the testcase.mp4 file and waited a few seconds then closed the tab. During that time the tab window is black and the loading indicator on the tab is active.

(In reply to Tyson Smith [:tsmith] from comment #11)

It should not have anything to do with the fuzzing framework since the test is completely standalone. FWIW this is basically a corrupted mp4 file.

Oh, sorry I'm not clear enough. What I mean is, what is the test doing exactly? Just play a media file to see if any load or error event? How is a test considered finished?

In addition, would you mind to follow this instruction to capture a media profile for me when the issue happens? Thank you.

https://profiler.firefox.com/from-browser/calltree/?globalTrackOrder=0w9&hiddenGlobalTracks=2w7&hiddenLocalTracksByPid=6668-0w8awc~26064-0w37wa~26220-01~16936-0w2~13068-0w4~28336-0w4~28040-0w4~3068-0w4~19224-013w57wc~2384-0w356&thread=a&v=10

This doesn't seem a valid url, did you upload it?

Fixed.

Also the browser hangs on shutdown:

• open browser
• drag and drop testcase.mp4
• close browser

From the investigation so far, I think this is a driver/graphic card issue. From the profile you uploaded, we can see the CPU usage was very high in the media supervisor thread in the GPU process. The operations were all stuck in the stack of HEVCDECODER_STORE.dll, which didn't happen on my two Windows laptops [1]

[1]
Windows 10 : https://share.firefox.dev/4ePGa4y
Windows 11 : https://share.firefox.dev/4gLY7md

Tyson, would you mind help me do following things?

• Could you provide about:support for the device on which the issue can be reproduced?
• Do you have other devices running fuzzing? Does this issue happen on other devices as well?
• Did you install this HEVC extension on your device?

Thanks!

(In reply to Alastor Wu [:alwu] from comment #14)

• Could you provide about:support for the device on which the issue can be reproduced?

Attached.

• Do you have other devices running fuzzing? Does this issue happen on other devices as well?

Yes.

• Did you install this HEVC extension on your device?

No, but I do have HEVC Video Extensions from Device Manufacturer that I did not explicitly install.