This is caused by a `sendQuery` method replying with a very large message sent over JSWindowActors. The specific message which was sent isn't in the report IIRC, but there are only a few `sendQuery` messages in the wild right now. A quick search found only these (outside of test code): * [ContextMenuParent.jsm](https://searchfox.org/mozilla-central/rev/325c1a707819602feff736f129cb36055ba6d94f/browser/actors/ContextMenuParent.jsm#59,76,80,86,92) * [PluginChild.jsm](https://searchfox.org/mozilla-central/rev/325c1a707819602feff736f129cb36055ba6d94f/browser/actors/PluginChild.jsm#940) * [Prompter.jsm](https://searchfox.org/mozilla-central/rev/325c1a707819602feff736f129cb36055ba6d94f/toolkit/components/prompts/src/Prompter.jsm#603) As the reply is being sent from the child to the parent, we know that the message is one of the ones being sent from ContextMenuParent.jsm. There are 5 of them: * ContextMenu:GetFrameTitle - https://searchfox.org/mozilla-central/rev/325c1a707819602feff736f129cb36055ba6d94f/browser/actors/ContextMenuChild.jsm#70 * The title of a document could be long, but probably not >= 256MB long * ContextMenu:Canvas:ToBlobURL - https://searchfox.org/mozilla-central/rev/325c1a707819602feff736f129cb36055ba6d94f/browser/actors/ContextMenuChild.jsm#75 * Blob URL data is sent down in a stream, not directly inside the message, so this should be OK. * ContextMenu:SaveVideoFrameAsImage - https://searchfox.org/mozilla-central/rev/325c1a707819602feff736f129cb36055ba6d94f/browser/actors/ContextMenuChild.jsm#227 * This might be the culprit. It serializes the image as a `data:` URI, and then sends that over IPC. That URI could probably exceed 256MB in some situations, which could cause this crash. * ContextMenu:SetAsDesktopBackground - https://searchfox.org/mozilla-central/rev/325c1a707819602feff736f129cb36055ba6d94f/browser/actors/ContextMenuChild.jsm#251 * Might also be the culprit. Serializes a canvas as a `data:` URI and sends it over IPC. Possibly even more likely, as desktop backgrounds are often made to be very high resolution for fancy 8k displays? * ContextMenu:SearchFieldBookmarkData - https://searchfox.org/mozilla-central/rev/325c1a707819602feff736f129cb36055ba6d94f/browser/actors/ContextMenuChild.jsm#212 * Could be a culprit, but potentially less likely. If a very large amount of form data was present in a form the concatenated `postData` string could theoretically exceed 256MB. ni? :mconley as I think this was likely caused by bug 1505909
Bug 1576565 Comment 1 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
This is caused by a `sendQuery` method replying with a very large message sent over JSWindowActors. The specific message which was sent isn't in the report IIRC, but there are only a few `sendQuery` messages in the wild right now. A quick search found only these (outside of test code): * [ContextMenuParent.jsm](https://searchfox.org/mozilla-central/rev/325c1a707819602feff736f129cb36055ba6d94f/browser/actors/ContextMenuParent.jsm#59,76,80,86,92) * [PluginChild.jsm](https://searchfox.org/mozilla-central/rev/325c1a707819602feff736f129cb36055ba6d94f/browser/actors/PluginChild.jsm#940) * [Prompter.jsm](https://searchfox.org/mozilla-central/rev/325c1a707819602feff736f129cb36055ba6d94f/toolkit/components/prompts/src/Prompter.jsm#603) As the reply is being sent from the child to the parent, we know that the message is one of the ones being sent from ContextMenuParent.jsm. There are 5 of them: * ContextMenu:GetFrameTitle - https://searchfox.org/mozilla-central/rev/325c1a707819602feff736f129cb36055ba6d94f/browser/actors/ContextMenuChild.jsm#70 * The title of a document could be long, but probably not >= 256MB long * ContextMenu:Canvas:ToBlobURL - https://searchfox.org/mozilla-central/rev/325c1a707819602feff736f129cb36055ba6d94f/browser/actors/ContextMenuChild.jsm#75 * Blob URL data is sent down in a stream, not directly inside the message, so this should be OK. * ContextMenu:SaveVideoFrameAsImage - https://searchfox.org/mozilla-central/rev/325c1a707819602feff736f129cb36055ba6d94f/browser/actors/ContextMenuChild.jsm#227 * This might be the culprit. It serializes the image as a `data:` URI, and then sends that over IPC. That URI could probably exceed 256MB in some situations, which could cause this crash. * ContextMenu:SetAsDesktopBackground - https://searchfox.org/mozilla-central/rev/325c1a707819602feff736f129cb36055ba6d94f/browser/actors/ContextMenuChild.jsm#251 * Might also be the culprit. Serializes a canvas as a `data:` URI and sends it over IPC. Possibly even more likely, as desktop backgrounds are often made to be very high resolution for fancy 8k displays? * ContextMenu:SearchFieldBookmarkData - https://searchfox.org/mozilla-central/rev/325c1a707819602feff736f129cb36055ba6d94f/browser/actors/ContextMenuChild.jsm#212 * Could be a culprit, but potentially less likely. If a very large amount of form data was present in a form the concatenated `postData` string could theoretically exceed 256MB. ni? :mconley as I think this was likely caused by bug 1505909