crash in ToNewUnicode (mozalloc_abort)
Categories
(Thunderbird :: General, defect)
Tracking
(Not tracked)
People
(Reporter: wsmwk, Unassigned)
References
Details
(Keywords: crash)
Crash Data
This bug was filed from the Socorro interface and is report bp-b33a2006-4b19-42f8-b411-6a63f2130403 . ============================================================= 0 mozalloc.dll mozalloc_abort memory/mozalloc/mozalloc_abort.cpp:23 1 mozalloc.dll mozalloc_handle_oom memory/mozalloc/mozalloc_oom.cpp:27 2 mozalloc.dll moz_xmalloc memory/mozalloc/mozalloc.cpp:59 3 xul.dll ToNewUnicode xpcom/string/src/nsReadableUtils.cpp:318 4 xul.dll XPCConvert::NativeData2JS js/xpconnect/src/XPCConvert.cpp:284 5 xul.dll XPCWrappedNative::CallMethod js/xpconnect/src/XPCWrappedNative.cpp:2367 6 xul.dll XPC_WN_GetterSetter js/xpconnect/src/XPCWrappedNativeJSOps.cpp:1526 7 mozjs.dll JaegerTrampoline js/src/methodjit/MethodJIT.cpp:839 8 mozjs.dll js::mjit::EnterMethodJIT js/src/methodjit/MethodJIT.cpp:1016 9 mozjs.dll js::mjit::JaegerShot js/src/methodjit/MethodJIT.cpp:1086 10 mozjs.dll js::RunScript js/src/jsinterp.cpp:306 hg@1 315 PRUnichar* hg@1 316 ToNewUnicode( const nsACString& aSource ) hg@1 317 { hg@1 318 PRUnichar* result = AllocateStringCopy(aSource, (PRUnichar*)0); several signatures containing ToNewUnicode https://crash-stats.mozilla.com/query/query?product=Thunderbird&version=ALL%3AALL&range_value=1&range_unit=weeks&date=04%2F09%2F2013+13%3A06%3A20&query_search=signature&query_type=contains&query=ToNewUnicode&reason=&build_id=&process_type=any&hang_type=any&do_query=1
Is it possible, that the underlying problem can cause *empty replies* to some emails: today, I tried to reply to an email that had a windows registry export attached (which seems to be encoded in UNICODE)?
(In reply to Wolf Peuker from comment #1) > Is it possible, that the underlying problem can cause *empty replies* to > some emails: today, I tried to reply to an email that had a windows registry > export attached (which seems to be encoded in UNICODE)? see Bug 958479 for details
|
||
Updated•9 years ago
|
|
||
Comment 3•7 years ago
|
||
I'm marking this bug as WORKSFORME as bug crashlog signature didn't appear from a long time (over half year).
|
Reporter | |
Comment 4•7 years ago
|
||
I suspect the bug still exists but the signature has changed. OOM | large | mozalloc_abort | mozalloc_handle_oom | moz_xmalloc | ToNewUnicode bp-25d32ccb-d965-4c15-bdc3-d31d32170318 https://crash-stats.mozilla.com/signature/?product=Thunderbird&signature=OOM%20%7C%20large%20%7C%20mozalloc_abort%20%7C%20mozalloc_handle_oom%20%7C%20moz_xmalloc%20%7C%20ToNewUnicode&date=%3E%3D2016-09-19T03%3A24%3A10.000Z&date=%3C2017-03-19T03%3A24%3A10.000Z&_columns=date&_columns=product&_columns=version&_columns=build_id&_columns=platform&_columns=reason&_columns=address&_columns=install_time&_sort=-date&page=1#reports and OOM | large | mozalloc_abort | mozalloc_handle_oom | moz_xmalloc | UTF8ToNewUnicode bp-2e02c639-5e1f-4f32-97ff-4ade52170312 https://crash-stats.mozilla.com/signature/?product=Thunderbird&signature=OOM%20%7C%20large%20%7C%20mozalloc_abort%20%7C%20mozalloc_handle_oom%20%7C%20moz_xmalloc%20%7C%20UTF8ToNewUnicode&date=%3E%3D2016-09-19T03%3A24%3A10.000Z&date=%3C2017-03-19T03%3A24%3A10.000Z&_columns=date&_columns=product&_columns=version&_columns=build_id&_columns=platform&_columns=reason&_columns=address&_columns=install_time&_sort=-date&page=1#reports
|
|
Reporter | |
Comment 6•5 years ago
|
||
Crash rate of 60.x is much lower than 50.x. What's left now is OOM | large | mozalloc_abort | mozalloc_handle_oom | moz_xmalloc | ToNewUnicode
Are steps needed, or is cause evident from the code?
bp-e0b92ea1-e064-4e8d-a7ee-fccce0190214 60.4.0
bp-bfa387f2-271f-4aa7-92a3-997e50190214 60.5.0
0 mozglue.dll mozalloc_abort memory/mozalloc/mozalloc_abort.cpp:31
1 mozglue.dll mozalloc_handle_oom(unsigned int) memory/mozalloc/mozalloc_oom.cpp:51
2 mozglue.dll moz_xmalloc memory/mozalloc/mozalloc.cpp:70
3 xul.dll ToNewUnicode(nsTSubstring<char16_t> const&) xpcom/string/nsReadableUtils.cpp:426
4 xul.dll nsPrimitiveHelpers::CreateDataFromPrimitive(nsTSubstring<char> const&, nsISupports*, void**, unsigned int) widget/nsPrimitiveHelpers.cpp:141
5 xul.dll DataStruct::WriteCache(nsISupports*, unsigned int) widget/nsTransferable.cpp:131
6 xul.dll DataStruct::SetData(nsISupports*, unsigned int, bool) widget/nsTransferable.cpp:74
7 xul.dll nsTransferable::SetTransferData(char const*, nsISupports*, unsigned int) widget/nsTransferable.cpp:361
8 xul.dll AppendString dom/base/nsCopySupport.cpp:509
9 xul.dll SelectionCopyHelper dom/base/nsCopySupport.cpp:248
10 xul.dll nsCopySupport::HTMLCopy(nsISelection*, nsIDocument*, short, bool) dom/base/nsCopySupport.cpp:305
11 xul.dll nsCopySupport::FireClipboardEvent(mozilla::EventMessage, int, nsIPresShell*, nsISelection*, bool*) dom/base/nsCopySupport.cpp:870
12 xul.dll nsClipboardCommand::DoCommand(char const*, nsISupports*) dom/base/nsGlobalWindowCommands.cpp:528
13 xul.dll nsControllerCommandTable::DoCommand(char const*, nsISupports*) dom/commandhandler/nsControllerCommandTable.cpp:137
14 xul.dll nsBaseCommandController::DoCommand(char const*) dom/commandhandler/nsBaseCommandController.cpp:127
15 xul.dll nsXBLPrototypeHandler::DispatchXBLCommand(mozilla::dom::EventTarget*, nsIDOMEvent*) dom/xbl/nsXBLPrototypeHandler.cpp:530
16 xul.dll nsXBLPrototypeHandler::ExecuteHandler(mozilla::dom::EventTarget*, nsIDOMEvent*) dom/xbl/nsXBLPrototypeHandler.cpp:258
17 xul.dll JS::StructGCPolicy<JS::GCVector<jsid, 8, js::TempAllocPolicy> >::trace(JSTracer*, JS::GCVector<jsid, 8, js::TempAllocPolicy>, char const) js/public/GCPolicyAPI.h:74
18 xul.dll nsXBLWindowKeyHandler::WalkHandlersAndExecute(mozilla::dom::KeyboardEvent*, nsAtom*, nsXBLPrototypeHandler*, unsigned int, mozilla::IgnoreModifierState const&, bool, bool*) dom/xbl/nsXBLWindowKeyHandler.cpp:729
19 xul.dll nsXBLWindowKeyHandler::WalkHandlersInternal(mozilla::dom::KeyboardEvent*, nsAtom*, nsXBLPrototypeHandler*, bool, bool*) dom/xbl/nsXBLWindowKeyHandler.cpp:598
20 xul.dll nsXBLWindowKeyHandler::WalkHandlers(mozilla::dom::KeyboardEvent*, nsAtom*) dom/xbl/nsXBLWindowKeyHandler.cpp:268
21 xul.dll nsXBLWindowKeyHandler::HandleEvent(nsIDOMEvent*) dom/xbl/nsXBLWindowKeyHandler.cpp:476
22 xul.dll mozilla::EventListenerManager::HandleEventSubType(mozilla::EventListenerManager::Listener*, nsIDOMEvent*, mozilla::dom::EventTarget*) dom/events/EventListenerManager.cpp:1044
23 xul.dll nsAutoPopupStatePusherInternal::nsAutoPopupStatePusherInternal(PopupControlState, bool) dom/base/nsGlobalWindowOuter.cpp:7209
24 xul.dll nsAutoPopupStatePusherInternal::nsAutoPopupStatePusherInternal(PopupControlState, bool) dom/base/nsGlobalWindowOuter.cpp:7209
25 xul.dll mozilla::EventListenerManager::HandleEventInternal(nsPresContext*, mozilla::WidgetEvent*, nsIDOMEvent**, mozilla::dom::EventTarget*, nsEventStatus*) dom/events/EventListenerManager.cpp:1292
|
||
Comment 7•5 years ago
|
||
Looks like we're just copying something too large -> out of memory. I'm not sure what we can do about that.
|
|
Reporter | |
Comment 8•4 years ago
|
||
Will want to check 78 beta when it comes out, now that bug 1515419 is fixed
|
|
Reporter | |
Comment 9•4 years ago
|
||
oddly, the signature dies out after 68.8.0 https://crash-stats.mozilla.org/signature/?product=Thunderbird&signature=OOM%20%7C%20large%20%7C%20mozalloc_abort%20%7C%20mozalloc_handle_oom%20%7C%20moz_xmalloc%20%7C%20ToNewUnicode&date=%3E%3D2020-01-03T15%3A25%3A00.000Z&date=%3C2020-07-03T15%3A25%3A00.000Z
I think it morphed to this which has crashes for 68.8.1 and 68.9.0 https://crash-stats.mozilla.org/signature/?signature=OOM%20%7C%20large%20%7C%20mozalloc_abort%20%7C%20moz_xmalloc%20%7C%20ToNewUnicode&product=Thunderbird&date=%3E%3D2020-04-03T15%3A27%3A00.000Z&date=%3C2020-07-03T15%3A27%3A00.000Z&_sort=-date
But there are no crashes for either signature for 69 or newer, so => WFM
Description
•