Closed
Bug 1027585
Opened 10 years ago
Closed 8 years ago
Large OOM in nsHtml5TreeBuilder::characters
Categories
(Core :: DOM: HTML Parser, defect)
Tracking
()
RESOLVED
WORKSFORME
Tracking | Status | |
---|---|---|
firefox34 | --- | affected |
People
(Reporter: kairo, Unassigned)
References
Details
(Keywords: crash)
Crash Data
This bug was filed from the Socorro interface and is
report bp-df783497-62c6-420e-a36f-f07332140616.
=============================================================
Top frames:
0 mozalloc.dll mozalloc_abort(char const * const) memory/mozalloc/mozalloc_abort.cpp
1 mozalloc.dll mozalloc_handle_oom(unsigned int) memory/mozalloc/mozalloc_oom.cpp
2 mozalloc.dll moz_xmalloc memory/mozalloc/mozalloc.cpp
3 xul.dll nsHtml5TreeBuilder::characters(wchar_t const *,int,int) parser/html/nsHtml5TreeBuilder.cpp
4 xul.dll nsHtml5Tokenizer::stateLoop<nsHtml5SilentPolicy>(int,wchar_t,int,wchar_t *,bool,int,int) parser/html/nsHtml5Tokenizer.cpp
5 xul.dll nsHtml5Tokenizer::tokenizeBuffer(nsHtml5UTF16Buffer *) parser/html/nsHtml5Tokenizer.cpp
The stacks diverge after that. Many of those OOM are with 2M allocations, but some like the one linked at the top of the comment or bp-8231cb77-f40a-4415-823c-1f34c2140616 are way over 10M.
See https://crash-stats.mozilla.com/report/list?signature=OOM%20%7C%20large%20%7C%20mozalloc_abort%28char%20const%2A%20const%29%20%7C%20mozalloc_handle_oom%28unsigned%20int%29%20%7C%20moz_xmalloc%20%7C%20nsHtml5TreeBuilder%3A%3Acharacters%28wchar_t%20const%2A%2C%20int%2C%20int%29 for more reports.
We should use fallible instead of infallible allocations here.
Comment 1•10 years ago
|
||
My SO's Firefox beta 32.0 crashed like this:
bp-549c0cc3-1a63-42a0-8b6c-a8b5d2140801 01/08/2014 12:40 p.m.
Let me know if there's anything worth collecting from the crashing profile.
Version: 26 Branch → 32 Branch
Theres' little chance of fixing this before implementing the change proposed in bug 489820.
Since this is an OOM, gathering anything from the profile is not worthwhile. Until my other duties permit focusing on bug 489820, the best workaround is to run a 64-bit build. :-(
Depends on: 489820
Reporter | ||
Comment 3•10 years ago
|
||
(In reply to Henri Sivonen (:hsivonen) (Not reading bugmail or doing reviews until 2014-08-18) from comment #2)
> the best workaround is to run a 64-bit build. :-(
Which is not officially supported or tested (or even built for anything but Nightly). So you put users between a rock and a hard place here, which is very unfortunate.
Comment 4•10 years ago
|
||
Report ID Date Submitted
bp-cd11f170-7012-42c9-88c8-2818e2141201 01/12/2014 12:33 p.m.
status-firefox34:
--- → affected
Updated•9 years ago
|
Crash Signature: [@ OOM | large | mozalloc_abort(char const* const) | mozalloc_handle_oom(unsigned int) | moz_xmalloc | nsHtml5TreeBuilder::characters(wchar_t const*, int, int)] → [@ OOM | large | mozalloc_abort(char const* const) | mozalloc_handle_oom(unsigned int) | moz_xmalloc | nsHtml5TreeBuilder::characters(wchar_t const*, int, int)]
[@ OOM | large | mozalloc_abort | mozalloc_handle_oom | moz_xmalloc | nsHtml5TreeBuilder::cha…
Comment 5•8 years ago
|
||
no crashes with this signature since version 35 bp-553a1793-4f49-445e-8aa2-82f902160527
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•