AssertedCast error: Cannot cast 18446744073709551613 from uint64_t to int32_t: out of range
Categories
(Core :: Audio/Video: Playback, defect)
Tracking
()
People
(Reporter: tsmith, Assigned: padenot)
References
(Blocks 1 open bug, Regression)
Details
(Keywords: assertion, regression, testcase, Whiteboard: [bugmon:bisected,confirmed])
Attachments
(2 files)
Found while fuzzing m-c 20240820-287e498f8f8c (--enable-debug --enable-fuzzing)
To reproduce via Grizzly Replay:
$ pip install fuzzfetch grizzly-framework --upgrade
$ python -m fuzzfetch -d --fuzzing -n firefox
$ python -m grizzly.replay.bugzilla ./firefox/firefox <bugid>
AssertedCast error: Cannot cast 18446744073709551613 from uint64_t to int32_t: out of range
37|0|xul.dll|mozilla::MediaFormatReader::GetDebugInfo(mozilla::dom::MediaFormatReaderDebugInfo&)|hg:hg.mozilla.org/mozilla-central:dom/media/MediaFormatReader.cpp:8f29f058e4bd8dae6b62919c609ddbfc46cb6692|3390|0x13e9
37|1|xul.dll|mozilla::MediaFormatReader::RequestDebugInfo(mozilla::dom::MediaFormatReaderDebugInfo&)|hg:hg.mozilla.org/mozilla-central:dom/media/MediaFormatReader.cpp:8f29f058e4bd8dae6b62919c609ddbfc46cb6692|3312|0x3c
37|2|xul.dll|mozilla::detail::ProxyFunctionRunnable<`lambda at /builds/worker/checkouts/gecko/dom/media/MediaFormatReader.cpp:3308:24',mozilla::MozPromise<bool,nsresult,1> >::Run()|hg:hg.mozilla.org/mozilla-central:xpcom/threads/MozPromise.h:8f29f058e4bd8dae6b62919c609ddbfc46cb6692|1816|0x44
37|3|xul.dll|mozilla::AutoTaskDispatcher::TaskGroupRunnable::Run()|hg:hg.mozilla.org/mozilla-central:xpcom/threads/TaskDispatcher.h:8f29f058e4bd8dae6b62919c609ddbfc46cb6692|230|0x2bd
37|4|xul.dll|mozilla::TaskQueue::Runner::Run()|hg:hg.mozilla.org/mozilla-central:xpcom/threads/TaskQueue.cpp:8f29f058e4bd8dae6b62919c609ddbfc46cb6692|257|0x373
37|5|xul.dll|nsThreadPool::Run()|hg:hg.mozilla.org/mozilla-central:xpcom/threads/nsThreadPool.cpp:8f29f058e4bd8dae6b62919c609ddbfc46cb6692|456|0x95b
37|6|xul.dll|nsThread::ProcessNextEvent(bool, bool*)|hg:hg.mozilla.org/mozilla-central:xpcom/threads/nsThread.cpp:8f29f058e4bd8dae6b62919c609ddbfc46cb6692|1149|0x968
37|7|xul.dll|NS_ProcessNextEvent(nsIThread*, bool)|hg:hg.mozilla.org/mozilla-central:xpcom/threads/nsThreadUtils.cpp:8f29f058e4bd8dae6b62919c609ddbfc46cb6692|480|0x6c
37|8|xul.dll|mozilla::ipc::MessagePumpForNonMainThreads::Run(base::MessagePump::Delegate*)|hg:hg.mozilla.org/mozilla-central:ipc/glue/MessagePump.cpp:8f29f058e4bd8dae6b62919c609ddbfc46cb6692|299|0xad
37|9|xul.dll|MessageLoop::RunHandler()|hg:hg.mozilla.org/mozilla-central:ipc/chromium/src/base/message_loop.cc:8f29f058e4bd8dae6b62919c609ddbfc46cb6692|362|0x4c
37|10|xul.dll|MessageLoop::Run()|hg:hg.mozilla.org/mozilla-central:ipc/chromium/src/base/message_loop.cc:8f29f058e4bd8dae6b62919c609ddbfc46cb6692|344|0x6e
37|11|xul.dll|nsThread::ThreadFunc(void*)|hg:hg.mozilla.org/mozilla-central:xpcom/threads/nsThread.cpp:8f29f058e4bd8dae6b62919c609ddbfc46cb6692|366|0x15a
37|12|nss3.dll|_PR_NativeRunThread(void*)|hg:hg.mozilla.org/mozilla-central:nsprpub/pr/src/threads/combined/pruthr.c:8f29f058e4bd8dae6b62919c609ddbfc46cb6692|382|0x120
37|13|nss3.dll|pr_root(void*)|hg:hg.mozilla.org/mozilla-central:nsprpub/pr/src/md/windows/w95thred.c:8f29f058e4bd8dae6b62919c609ddbfc46cb6692|129|0x10
|
Assignee | |
Updated•8 months ago
|
|
|
Assignee | |
Updated•8 months ago
|
|
||
Comment 1•7 months ago
|
||
The severity field is not set for this bug.
:jimm, could you have a look please?
For more information, please visit BugBot documentation.
|
||
Comment 2•7 months ago
|
||
Verified bug as reproducible on mozilla-central 20241024094434-7936ca01a900.
The bug appears to have been introduced in the following build range:
Start: b1212fb9438edc5930a3e8228dd52ff3c068031c (20240402165117)
End: bfdc9733f80bab4558cf720975c00e2658b9b8c0 (20240402231401)
Pushlog: https://hg.mozilla.org/integration/autoland/pushloghtml?fromchange=b1212fb9438edc5930a3e8228dd52ff3c068031c&tochange=bfdc9733f80bab4558cf720975c00e2658b9b8c0
Pernosco is only supported for Linux x86_64 bugs.
|
|
Assignee | |
Comment 3•7 months ago
|
||
Simple one in your patch I think.
|
||
Comment 4•7 months ago
|
||
Setting Bug 1888265 as the regressor based on the pushlog from comment 2. Please correct if needed.
|
||
Comment 5•7 months ago
|
||
We should represent those values in real even if the value might be
garbage, no need to perform casting.
|
|
||
Comment 6•7 months ago
|
||
Set release status flags based on info from the regressing bug 1888265
|
|
||
Updated•7 months ago
|
|
||
Comment 8•7 months ago
|
||
| bugherder | ||
|
|
||
Comment 9•7 months ago
|
||
Bug appears to be fixed on mozilla-central 20241031045112-b584d7d6324f but BugMon was unable to find a usable build for 287e498f8f8c.
Removing bugmon keyword as no further action possible. Please review the bug and re-add the keyword for further analysis.
|
|
||
Comment 10•7 months ago
|
||
The patch landed in nightly and beta is affected.
:padenot, is this bug important enough to require an uplift?
- If yes, please nominate the patch for beta approval.
- If no, please set
status-firefox133towontfix.
For more information, please visit BugBot documentation.
|
||
Updated•7 months ago
|
Description
•