Closed Bug 1027585 Opened 10 years ago Closed 8 years ago

Large OOM in nsHtml5TreeBuilder::characters

Categories

(Core :: DOM: HTML Parser, defect)

Product:
Core
Component:
DOM: HTML Parser
Version:
32 Branch
Platform:
x86
Windows NT
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED WORKSFORME
Tracking Flags:
Tracking Status
firefox34 --- affected

People

(Reporter: kairo, Unassigned)

References

Details

(Keywords: crash)

Crash Data

This bug was filed from the Socorro interface and is report bp-df783497-62c6-420e-a36f-f07332140616. ============================================================= Top frames: 0 mozalloc.dll mozalloc_abort(char const * const) memory/mozalloc/mozalloc_abort.cpp 1 mozalloc.dll mozalloc_handle_oom(unsigned int) memory/mozalloc/mozalloc_oom.cpp 2 mozalloc.dll moz_xmalloc memory/mozalloc/mozalloc.cpp 3 xul.dll nsHtml5TreeBuilder::characters(wchar_t const *,int,int) parser/html/nsHtml5TreeBuilder.cpp 4 xul.dll nsHtml5Tokenizer::stateLoop<nsHtml5SilentPolicy>(int,wchar_t,int,wchar_t *,bool,int,int) parser/html/nsHtml5Tokenizer.cpp 5 xul.dll nsHtml5Tokenizer::tokenizeBuffer(nsHtml5UTF16Buffer *) parser/html/nsHtml5Tokenizer.cpp The stacks diverge after that. Many of those OOM are with 2M allocations, but some like the one linked at the top of the comment or bp-8231cb77-f40a-4415-823c-1f34c2140616 are way over 10M. See https://crash-stats.mozilla.com/report/list?signature=OOM%20%7C%20large%20%7C%20mozalloc_abort%28char%20const%2A%20const%29%20%7C%20mozalloc_handle_oom%28unsigned%20int%29%20%7C%20moz_xmalloc%20%7C%20nsHtml5TreeBuilder%3A%3Acharacters%28wchar_t%20const%2A%2C%20int%2C%20int%29 for more reports. We should use fallible instead of infallible allocations here.
My SO's Firefox beta 32.0 crashed like this: bp-549c0cc3-1a63-42a0-8b6c-a8b5d2140801 01/08/2014 12:40 p.m. Let me know if there's anything worth collecting from the crashing profile.
Version: 26 Branch → 32 Branch
Theres' little chance of fixing this before implementing the change proposed in bug 489820. Since this is an OOM, gathering anything from the profile is not worthwhile. Until my other duties permit focusing on bug 489820, the best workaround is to run a 64-bit build. :-(
Depends on: 489820
(In reply to Henri Sivonen (:hsivonen) (Not reading bugmail or doing reviews until 2014-08-18) from comment #2) > the best workaround is to run a 64-bit build. :-( Which is not officially supported or tested (or even built for anything but Nightly). So you put users between a rock and a hard place here, which is very unfortunate.
Report ID Date Submitted bp-cd11f170-7012-42c9-88c8-2818e2141201 01/12/2014 12:33 p.m.
status-firefox34: --- → affected
Crash Signature: [@ OOM | large | mozalloc_abort(char const* const) | mozalloc_handle_oom(unsigned int) | moz_xmalloc | nsHtml5TreeBuilder::characters(wchar_t const*, int, int)] → [@ OOM | large | mozalloc_abort(char const* const) | mozalloc_handle_oom(unsigned int) | moz_xmalloc | nsHtml5TreeBuilder::characters(wchar_t const*, int, int)] [@ OOM | large | mozalloc_abort | mozalloc_handle_oom | moz_xmalloc | nsHtml5TreeBuilder::cha…
no crashes with this signature since version 35 bp-553a1793-4f49-445e-8aa2-82f902160527
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.