Closed
Bug 1079726
Opened 10 years ago
Closed 10 years ago
crash in nsTArray_base<nsTArrayInfallibleAllocator, nsTArray_CopyWithMemutils>::ShrinkCapacity(unsigned long, unsigned long) | nsDocLoader::DoFireOnStateChange(nsIWebProgress*, nsIRequest*, int&, tag_nsresult)
Categories
(Core :: DOM: Navigation, defect)
Tracking
()
RESOLVED
INCOMPLETE
Tracking | Status | |
---|---|---|
firefox33 | --- | affected |
People
(Reporter: cosmin-malutan, Unassigned)
References
()
Details
(Keywords: crash)
Crash Data
This bug was filed from the Socorro interface and is report bp-3992274e-7069-49ba-af25-70bac2141008. =============================================================
Reporter | ||
Comment 1•10 years ago
|
||
It failed during a mozmill testrun, in test remote/testSecurity/testSafeBrowsingNotificationBar.js On Ubuntu 13.10 x64 (mm-ub-1310-64-3) Stack trace: 0 libxul.so nsTArray_base<nsTArrayInfallibleAllocator, nsTArray_CopyWithMemutils>::ShrinkCapacity(unsigned long, unsigned long) xpcom/glue/nsTArray-inl.h 1 libxul.so nsDocLoader::DoFireOnStateChange(nsIWebProgress*, nsIRequest*, int&, tag_nsresult) obj-firefox/dist/include/nsTArray.h 2 libxul.so nsDocLoader::doStopDocumentLoad(nsIRequest*, tag_nsresult) uriloader/base/nsDocLoader.cpp 3 libxul.so nsDocLoader::DocLoaderIsEmpty(bool) uriloader/base/nsDocLoader.cpp 4 libxul.so nsDocLoader::OnStopRequest(nsIRequest*, nsISupports*, tag_nsresult) uriloader/base/nsDocLoader.cpp 5 libxul.so nsLoadGroup::RemoveRequest(nsIRequest*, nsISupports*, tag_nsresult) netwerk/base/src/nsLoadGroup.cpp 6 libxul.so nsDocument::DoUnblockOnload() content/base/src/nsDocument.cpp 7 libxul.so nsDocument::UnblockOnload(bool) content/base/src/nsDocument.cpp 8 libxul.so mozilla::LoadBlockingAsyncEventDispatcher::~LoadBlockingAsyncEventDispatcher() dom/events/AsyncEventDispatcher.cpp 9 libxul.so mozilla::LoadBlockingAsyncEventDispatcher::~LoadBlockingAsyncEventDispatcher() dom/events/AsyncEventDispatcher.cpp 10 libxul.so nsRunnable::Release() xpcom/glue/nsThreadUtils.cpp 11 libxul.so nsThread::ProcessNextEvent(bool, bool*) obj-firefox/dist/include/nsCOMPtr.h 12 libxul.so NS_InvokeByIndex xpcom/reflect/xptcall/md/unix/xptcinvoke_x86_64_unix.cpp 13 libxul.so XPCWrappedNative::CallMethod(XPCCallContext&, XPCWrappedNative::CallMode) js/xpconnect/src/XPCWrappedNative.cpp 14 libxul.so XPC_WN_CallMethod(JSContext*, unsigned int, JS::Value*) js/xpconnect/src/XPCWrappedNativeJSOps.cpp 15 @0x7f16c2b43204
Comment 2•10 years ago
|
||
This crash happened only once so far. But it is at a random memory location: rash Reason SIGSEGV Crash Address 0xb32d3870 Marking as security sensitive for now.
Comment 3•10 years ago
|
||
Olli, is there anything we can do with this?
Component: File Handling → Document Navigation
Comment 4•10 years ago
|
||
Didn't see anything obvious. doStopDocumentLoad keeps child nsDocLoaders alive using WebProgressList and DoFireOnStateChange uses NOTIFY_LISTENERS which should be safe.
Comment 5•10 years ago
|
||
Unfortunately it doesn't seem like this bug is headed anywhere useful. If there is a lurking bug hopefully it'll show up in other tests.
Group: core-security
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → INCOMPLETE
You need to log in
before you can comment on or make changes to this bug.
Description
•