This bug was filed from the Socorro interface and is report bp-0ef64fb6-2a4d-4513-bcd9-45b752151103. ============================================================= Crashing Thread Frame Module Signature Source 0 xul.dll AppendUTF8toUTF16(nsACString_internal const&, nsAString_internal&, mozilla::fallible_t const&) xpcom/string/nsReadableUtils.cpp 1 xul.dll NS_ConvertUTF8toUTF16::NS_ConvertUTF8toUTF16(nsACString_internal const&) xpcom/string/nsString.h 2 xul.dll nsPluginElement::EnsurePluginMimeTypes() dom/base/nsPluginArray.cpp 3 xul.dll GetPluginMimeTypes dom/base/nsPluginArray.cpp 4 xul.dll nsPluginArray::GetMimeTypes(nsTArray<nsRefPtr<nsMimeType> >&) dom/base/nsPluginArray.cpp 5 xul.dll nsMimeTypeArray::NamedGetter(nsAString_internal const&, bool&) dom/base/nsMimeTypeArray.cpp 6 @0x56d517 7 @0x1c 8 @0x6c006f 9 xul.dll js::BaseShape::getUnowned(js::ExclusiveContext*, js::StackBaseShape&) js/src/vm/Shape.cpp 10 xul.dll js::Proxy::get(JSContext*, JS::Handle<JSObject*>, JS::Handle<JSObject*>, JS::Handle<jsid>, JS::MutableHandle<JS::Value>) js/src/proxy/Proxy.cpp 11 xul.dll Interpret js/src/vm/Interpreter.cpp this is a new signature in firefox 42 builds and higher. in early data it's currently on rank #10 of the crash score board for 42.0. some of the user comments hint at the issue happening repeatedly on particular sites, likely with plugin content being executed as well. https://crash-stats.mozilla.com/search/?date=%3E2015-01-01&signature=%3DAppendUTF8toUTF16+|+NS_ConvertUTF8toUTF16%3A%3ANS_ConvertUTF8toUTF16+|+nsPluginElement%3A%3AEnsurePluginMimeTypes&_facets=version&_facets=user_comments&_facets=uptime&_facets=adapter_vendor_id&_facets=build_id&_columns=date&_columns=signature&_columns=product&_columns=version&_columns=build_id&_columns=platform#facet-version
Huh. So this is not OOM, right? It claims to be a null-deref; is that correct or is this one of those cases where breakpad claims null while the actual crash is elsewhere? This code is new in 42 as of bug 1178963. Looking at the crash reports, some of them are on type, some on description, and some on extension in nsPluginElement::EnsurePluginMimeTypes, correct? Do we have any correlations with installed plug-ins by any chance?
(In reply to Boris Zbarsky [:bz] from comment #1) > Huh. So this is not OOM, right? It claims to be a null-deref; is that > correct or is this one of those cases where breakpad claims null while the > actual crash is elsewhere? I examined a dump, and given the limited information that is available to me, it looks like the source string's mData == nullptr yet its mLength == 0xf.
That's just weird. :(
i spoke with KaiRo on irc - we don't have general correlation data for plugins (if the plugin process itself crashes though, we do have the information which plugin crashed)