Crash when initializing Pepper video decoder API |
|||||
Issue descriptionhttps://crash.corp.google.com/browse?q=reportid=%27e26438ff00000000%27 there are about 2000 similar crashes. Decode API crashes the renderer process: 0x00007fd4902e95d0 (libstdc++.so.6.0.20 -functexcept.cc:101 ) std::__throw_out_of_range_fmt 0x00007fd49658a9f6 (chrome -stl_vector.h:898 ) content::VideoDecoderShim::AssignPictureBuffers 0x00007fd496581cd9 (chrome -pepper_video_decoder_host.cc:291 ) content::PepperVideoDecoderHost::OnHostMsgAssignTextures 0x00007fd4965821a1 (chrome -dispatch_host_message.h:44 ) content::PepperVideoDecoderHost::OnResourceMessageReceived 0x00007fd494ba16c5 (chrome -resource_message_handler.cc:30 ) ppapi::host::ResourceMessageHandler::RunMessageHandlerAndReply 0x00007fd494ba0acd (chrome -resource_host.cc:38 ) ppapi::host::ResourceHost::HandleMessage 0x00007fd494b9f358 (chrome -ppapi_host.cc:215 ) ppapi::host::PpapiHost::HandleResourceCall 0x00007fd494b9f6d5 (chrome -ppapi_host.cc:178 ) ppapi::host::PpapiHost::OnHostMsgResourceCall 0x00007fd494ba03ce (chrome -tuple.h:144 ) ppapi::host::PpapiHost::OnMessageReceived 0x00007fd494a64335 (chrome -host_dispatcher.cc:194 ) ppapi::proxy::HostDispatcher::OnMessageReceived 0x00007fd4942f7326 (chrome -ipc_channel_proxy.cc:314 ) IPC::ChannelProxy::Context::OnDispatchMessage Looking it the code I think that the bug is in VideoDecoderShim::OnOutputComplete(). It may issue multiple texture requests and then the second AssignPictureBuffers() call is not handled properly. I think it's likely to happen when the first 2 frames have different resolution.
,
Dec 15 2016
Actually I was wrong, this crash happens an previous versions. This is not a regression. 52.0.2743.116 26.48% 520 53.0.2785.103 16.65% 327 53.0.2785.154 12.58% 247 54.0.2840.101 11.00% 216 53.0.2785.144 5.04% 99 54.0.2840.93 4.84% 95 54.0.2840.79 2.19% 43 51.0.2704.106 1.93% 38 52.0.2743.85 1.73% 34 51.0.2704.103 1.53% 30 55.0.2858.0 1.12% 22 54.0.2840.24 1.12% 22 54.0.2837.0 1.12% 22 55.0.2883.42 1.07% 21 55.0.2869.0 0.92% 18
,
Dec 16 2016
Given that the crash happens only on chromeos, it looks more likely that it is caused by the software video decoding fallback. What seems to be happening is that the GPU decoder requests set of textures from the pepper process and then it falls back to software decoder. As result the textures that were requested by the GPU decoder get assigned to the VideoDecoderShim. This should be fixed in PepperVideoDecoderHost
,
Dec 16 2016
Is there a straightforward way to test PepperVideoDecoderHost's handling of this case?
,
Dec 17 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/6f521e723c7536b7656f248273e26a2d4638f6ed commit 6f521e723c7536b7656f248273e26a2d4638f6ed Author: sergeyu <sergeyu@chromium.org> Date: Sat Dec 17 07:09:10 2016 Fix PepperVideoDecoderHost to avoid crash when swithing to SW decoder. Previously PepperVideoDecoderHost could crash when falling back to software decoder. The problem was that it wasn't handling the case when there is an outstanding texture request for the plugin. Fixed it by dismissing outstanding texture requests when switching to SW decoder. BUG= 673452 Review-Url: https://codereview.chromium.org/2584023002 Cr-Commit-Position: refs/heads/master@{#439332} [modify] https://crrev.com/6f521e723c7536b7656f248273e26a2d4638f6ed/content/renderer/pepper/pepper_video_decoder_host.cc [modify] https://crrev.com/6f521e723c7536b7656f248273e26a2d4638f6ed/content/renderer/pepper/pepper_video_decoder_host.h
,
Dec 17 2016
,
Feb 7 2017
Changing the milestone as this fix was checked in after branch point (Nov. 17th) for M56 and was not merged.
,
Aug 1 2017
,
Jan 22 2018
|
|||||
►
Sign in to add a comment |
|||||
Comment 1 by jamiewa...@chromium.org
, Dec 15 2016Owner: sergeyu@chromium.org
Status: Assigned (was: Untriaged)