Closed
Bug 819633
Opened 12 years ago
Closed 11 years ago
crash in nsTArrayInfallibleAllocator::SizeTooBig
Categories
(Core :: Layout, defect)
Tracking
()
People
(Reporter: scoobidiver, Unassigned)
References
Details
(Keywords: crash, regression)
Crash Data
It first showed up in 20.0a1/20121207 and is currently #12 top crasher in this build. The regression range is: http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=3c81e1c0d252&tochange=739f20de3c1e Stack traces are various: Frame Module Signature Source 0 mozalloc.dll mozalloc_abort memory/mozalloc/mozalloc_abort.cpp:23 1 xul.dll nsTArrayInfallibleAllocator::SizeTooBig obj-firefox/dist/include/nsTArray.h:73 2 xul.dll nsTArray_base<nsTArrayDefaultAllocator>::EnsureCapacity obj-firefox/dist/include/nsTArray-inl.h:112 3 xul.dll nsLineLayout::VerticalAlignFrames layout/generic/nsLineLayout.cpp:1570 4 xul.dll nsLineLayout::VerticalAlignLine layout/generic/nsLineLayout.cpp:1400 5 xul.dll nsBlockFrame::PlaceLine layout/generic/nsBlockFrame.cpp:4094 6 xul.dll nsBlockFrame::DoReflowInlineFrames layout/generic/nsBlockFrame.cpp:3655 7 xul.dll nsBlockFrame::ReflowInlineFrames layout/generic/nsBlockFrame.cpp:3377 ... Frame Module Signature Source 0 mozalloc.dll mozalloc_abort memory/mozalloc/mozalloc_abort.cpp:23 1 xul.dll nsTArrayInfallibleAllocator::SizeTooBig obj-firefox/dist/include/nsTArray.h:73 2 xul.dll nsTArray_base<nsTArrayDefaultAllocator>::EnsureCapacity obj-firefox/dist/include/nsTArray-inl.h:112 3 xul.dll nsTArray<gfxFontFeature,nsTArrayDefaultAllocator>::ReplaceElementsAt<gfxFontFeat obj-firefox/dist/include/nsTArray.h:732 4 xul.dll nsFont::nsFont gfx/src/nsFont.cpp:64 5 xul.dll nsStyleFont::nsStyleFont layout/style/nsStyleStruct.cpp:122 6 xul.dll nsRuleNode::CalcLengthWithInitialFont layout/style/nsRuleNode.cpp:429 7 xul.dll nsMediaExpression::Matches layout/style/nsCSSStyleSheet.cpp:194 8 xul.dll nsMediaQuery::Matches layout/style/nsCSSStyleSheet.cpp:501 ... Frame Module Signature Source 0 mozalloc.dll mozalloc_abort memory/mozalloc/mozalloc_abort.cpp:23 1 xul.dll nsTArrayInfallibleAllocator::SizeTooBig obj-firefox/dist/include/nsTArray.h:73 2 xul.dll nsTArray_base<nsTArrayDefaultAllocator>::EnsureCapacity obj-firefox/dist/include/nsTArray-inl.h:112 3 xul.dll AddSelector layout/style/nsCSSRuleProcessor.cpp:2778 4 xul.dll nsCSSRuleProcessor::RefreshRuleCascade layout/style/nsCSSRuleProcessor.cpp:3222 5 xul.dll nsStyleSet::AppendFontFaceRules layout/style/nsStyleSet.cpp:1246 6 xul.dll nsPresContext::FlushUserFontSet layout/base/nsPresContext.cpp:1934 7 xul.dll nsPresContext::HandleRebuildUserFontSet layout/base/nsPresContext.h:1091 ... Frame Module Signature Source 0 mozalloc.dll mozalloc_abort memory/mozalloc/mozalloc_abort.cpp:23 1 xul.dll nsTArrayInfallibleAllocator::SizeTooBig obj-firefox/dist/include/nsTArray.h:73 2 xul.dll nsTArray_base<nsTArrayDefaultAllocator>::EnsureCapacity obj-firefox/dist/include/nsTArray-inl.h:112 3 xul.dll nsTArray<nsHtml5SpeculativeLoad,nsTArrayDefaultAllocator>::MoveElementsFrom<nsHt obj-firefox/dist/include/nsTArray.h:929 4 xul.dll nsHtml5TreeOpExecutor::FlushSpeculativeLoads parser/html/nsHtml5TreeOpExecutor.cpp:403 5 xul.dll nsHtml5TreeOpExecutor::RunFlushLoop parser/html/nsHtml5TreeOpExecutor.cpp:516 6 xul.dll nsHtml5ExecutorReflusher::Run parser/html/nsHtml5TreeOpExecutor.cpp:60 7 xul.dll nsThread::ProcessNextEvent xpcom/threads/nsThread.cpp:627 ... and so on. More reports at: https://crash-stats.mozilla.com/report/list?signature=mozalloc_abort%28char+const*+const%29+|+nsTArrayInfallibleAllocator%3A%3ASizeTooBig%28%29
Reporter | ||
Comment 1•12 years ago
|
||
I found crashes that happened one build earlier: https://crash-stats.mozilla.com/report/list?signature=mozalloc_abort+|+nsTArrayInfallibleAllocator%3A%3ASizeTooBig%28%29 So it might be a regression from bug 801466.
Crash Signature: [@ mozalloc_abort(char const* const) | nsTArrayInfallibleAllocator::SizeTooBig()] → [@ mozalloc_abort(char const* const) | nsTArrayInfallibleAllocator::SizeTooBig()]
[@ mozalloc_abort | nsTArrayInfallibleAllocator::SizeTooBig()]
OS: Windows 7 → All
Reporter | ||
Comment 2•12 years ago
|
||
Crashes have almost completely stopped since 20.0a1/20121208, maybe fixed by the patch of bug 818962.
Reporter | ||
Comment 3•12 years ago
|
||
More reports also at: https://crash-stats.mozilla.com/report/list?signature=mozalloc_abort%28char+const*%29+|+nsTArrayInfallibleAllocator%3A%3ASizeTooBig%28%29
Crash Signature: [@ mozalloc_abort(char const* const) | nsTArrayInfallibleAllocator::SizeTooBig()]
[@ mozalloc_abort | nsTArrayInfallibleAllocator::SizeTooBig()] → [@ mozalloc_abort(char const* const) | nsTArrayInfallibleAllocator::SizeTooBig()]
[@ mozalloc_abort(char const*) | nsTArrayInfallibleAllocator::SizeTooBig()]
[@ mozalloc_abort | nsTArrayInfallibleAllocator::SizeTooBig()]
status-firefox17:
--- → affected
status-firefox18:
--- → affected
Version: 20 Branch → 17 Branch
Reporter | ||
Comment 4•11 years ago
|
||
As it happens rarely after 21.0 and is a generic signature for unrelated crashes, I close it as workforme.
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•