Pixel Phones 8+ consistently reboot on certain DRM enabled media playback [397464791]

Assigned

Bug

[AOSP] assigned

Status Update

No update yet.

Description

ch...@castlabs.corp-partner.google.com

created issue #1

Feb 19, 2025 08:35AM

Playing certain AV1 CMAF-DASH Streams, via Widevine DRM, through EME/MSE in Chrome, on Pixel series (8, 8 Pro, 9, 9 Pro) consistently cause a reboot of these devices, if Android 15 is installed.

Steps:
1) On Phone, use Chrome and navigate to:

https://demo.castlabs.com/?configFile=bla&showConfigurator=true#/player/config?cfg=eyJzb3VyY2UiOnsidXJsIjoiaHR0cHM6Ly9jYXN0bGFicy1kbC5zMy5ldS13ZXN0LTEuYW1hem9uYXdzLmNvbS9wdWJsaWMvU1VQUE9SVC9EQVNIRURFU0stMjIyOS9kYXNoX2F2MS5tcGQiLCJ0eXBlIjoiYXBwbGljYXRpb24vZGFzaCt4bWwiLCJkcm1Qcm90ZWN0ZWQiOnRydWV9LCJhdXRvcGxheSI6dHJ1ZSwiZHJtIjp7ImVudiI6IkRSTXRvZGF5X1NUQUdJTkciLCJjdXN0b21EYXRhIjp7Im1lcmNoYW50Ijoic2l4IiwidXNlcklkIjoicHVyY2hhc2UiLCJzZXNzaW9uSWQiOiJkZWZhdWx0Iiwid2lkZXZpbmVBdWRpb1JvYnVzdG5lc3MiOlsiIl19fSwibWV0YWRhdGEiOnsidGl0bGUiOiJBVjFfU0QgKyBBVjFfSEQiLCJieWxpbmUiOiI8cD5Ob25lPC9wPiIsImRlc2NyaXB0aW9uIjoiIiwidmlkZW9Db2RlY3MiOlsiMiIsIjQiLCI2IiwiaCJdLCJhdWRpb0NvZGVjcyI6WyJBIiwiQyJdLCJob3N0ZXIiOiJDYXN0TGFicyIsInN1YnRpdGxlcyI6ZmFsc2UsIm11bHRpQXVkaW8iOmZhbHNlLCJxYSI6ZmFsc2UsImJyb3dzZXJzIjpbXSwidGVzdENhc2VzIjpbXX0sInRleHRTdHlsZSI6eyJmb250RmFtaWx5IjoiJ1JvYm90bycsIHNhbnMtc2VyaWYiLCJmb250Q29sb3IiOiJ3aGl0ZSIsImJhY2tncm91bmRDb2xvciI6InJnYmEoMCwgMCwgMCwgMC43NSkifSwiaWQiOjIxOTV9&assetId=2195
2) Device restarts

Such unscheduled restarts through media playback are unexpected, should be caught and contained. The example stream may not be fit for production (color-range, etc) but should not cause device crashes, at all.
I am not a researcher or security professional, but see such problems may even open attack vectors.

Post reboot bug report:

https://drive.google.com/file/d/12WLs4UPyq-ATA0J7etNPIG0XZYaakQVx/view

Comments

ch...@castlabs.corp-partner.google.com <ch...@castlabs.corp-partner.google.com> #2Feb 19, 2025 08:42AM

Same CMAF stream, but playback via Shaka-Player shows the same issue: https://shaka-player-demo.appspot.com/demo/#audiolang=de-DE;textlang=de-DE;uilang=de-DE;assetBase64=eyJuYW1lIjoiQ01BRi1EQVNIIEFWMSBjcmFzaGVzIiwic2hvcnROYW1lIjoiIiwiaWNvblVyaSI6IiIsIm1hbmlmZXN0VXJpIjoiaHR0cHM6Ly9jYXN0bGFicy1kbC5zMy5ldS13ZXN0LTEuYW1hem9uYXdzLmNvbS9wdWJsaWMvU1VQUE9SVC9EQVNIRURFU0stMjIyOS9kYXNoX2F2MS5tcGQiLCJzb3VyY2UiOiJDdXN0b20iLCJmb2N1cyI6ZmFsc2UsImRpc2FibGVkIjpmYWxzZSwiZXh0cmFUZXh0IjpbXSwiZXh0cmFUaHVtYm5haWwiOltdLCJleHRyYUNoYXB0ZXIiOltdLCJjZXJ0aWZpY2F0ZVVyaSI6bnVsbCwiZGVzY3JpcHRpb24iOm51bGwsImlzRmVhdHVyZWQiOmZhbHNlLCJkcm0iOlsiTm8gRFJNIHByb3RlY3Rpb24iXSwiZmVhdHVyZXMiOlsiVk9EIl0sImxpY2Vuc2VTZXJ2ZXJzIjp7Il9fdHlwZV9fIjoibWFwIiwiY29tLndpZGV2aW5lLmFscGhhIjoiaHR0cHM6Ly9saWMuc3RhZ2luZy5kcm10b2RheS5jb20vbGljZW5zZS1wcm94eS13aWRldmluZS9jZW5jLz9zcGVjQ29uZm9ybT10cnVlIiwiY29tLm1pY3Jvc29mdC5wbGF5cmVhZHkiOiJodHRwczovL2xpYy5zdGFnaW5nLmRybXRvZGF5LmNvbS9saWNlbnNlLXByb3h5LXdpZGV2aW5lL2NlbmMvP3NwZWNDb25mb3JtPXRydWUiLCJjb20uYXBwbGUuZnBzIjoiaHR0cHM6Ly9saWMuc3RhZ2luZy5kcm10b2RheS5jb20vbGljZW5zZS1wcm94eS13aWRldmluZS9jZW5jLz9zcGVjQ29uZm9ybT10cnVlIiwib3JnLnczLmNsZWFya2V5IjoiaHR0cHM6Ly9saWMuc3RhZ2luZy5kcm10b2RheS5jb20vbGljZW5zZS1wcm94eS13aWRldmluZS9jZW5jLz9zcGVjQ29uZm9ybT10cnVlIn0sIm9mZmxpbmVMaWNlbnNlU2VydmVycyI6eyJfX3R5cGVfXyI6Im1hcCJ9LCJsaWNlbnNlUmVxdWVzdEhlYWRlcnMiOnsiX190eXBlX18iOiJtYXAiLCJ4LWR0LWN1c3RvbS1kYXRhIjoiIGV5SjFjMlZ5U1dRaU9pSndkWEpqYUdGelpTSXNJbk5sYzNOcGIyNUpaQ0k2SW1SbFptRjFiSFFpTENKdFpYSmphR0Z1ZENJNkluTnBlQ0o5In0sInJlcXVlc3RGaWx0ZXIiOm51bGwsInJlc3BvbnNlRmlsdGVyIjpudWxsLCJjbGVhcktleXMiOnsiX190eXBlX18iOiJtYXAifSwiZXh0cmFDb25maWciOm51bGwsImV4dHJhVWlDb25maWciOm51bGwsImFkVGFnVXJpIjpudWxsLCJpbWFWaWRlb0lkIjpudWxsLCJpbWFBc3NldEtleSI6bnVsbCwiaW1hQ29udGVudFNyY0lkIjpudWxsLCJpbWFNYW5pZmVzdFR5cGUiOm51bGwsIm1lZGlhVGFpbG9yVXJsIjpudWxsLCJtZWRpYVRhaWxvckFkc1BhcmFtcyI6bnVsbCwidXNlSU1BIjp0cnVlLCJtaW1lVHlwZSI6bnVsbH0=;panel=CUSTOM%20CONTENT;build=uncompiled

vi...@google.com <vi...@google.com> #3Feb 19, 2025 08:01PM

Assigned to vi...@google.com.

Thanks for your request. We will investigate this issue and see if we can implement the behavior you've requested.

ah...@gmail.com <ah...@gmail.com> #4Feb 21, 2025 11:55PM

As an additional alternative, it should be possible to specify a label in the options for GmailApp.sendEmail().

A work-around is proposed in StackOverflow:

http://stackoverflow.com/a/18727687/1677912

Issue 397464791

Description

Issue summary

Comments

ch...@castlabs.corp-partner.google.com <ch...@castlabs.corp-partner.google.com> #2Feb 19, 2025 08:42AM

vi...@google.com <vi...@google.com> #3Feb 19, 2025 08:01PM

ah...@gmail.com <ah...@gmail.com> #4Feb 21, 2025 11:55PM

Add comment

Issue metadata