Closed Bug 1225829 Opened 4 years ago Closed 4 years ago
crash in std::_Atomic
_fetch _add _4
This bug was filed from the Socorro interface and is report bp-9c0d08e4-43da-4288-a340-0e6842151118. ============================================================= STR via bug 1169268: > 1. Open page data:text/html,<div contenteditable style="display:none"> > 2. Paste file from disk (simply press Ctrl+V) Additional notes: 1. Reproducible *only* with e10s enabled, both latest 44.0a2 and 45.0a1 (from 2015-11-17). 2. Not reproducible under Ubuntu 12.04 32-bit nor Mac OS X 10.8.5 3. More reports: https://crash-stats.mozilla.com/report/list?product=Firefox&signature=std%3A%3A_Atomic_fetch_add_4
Regression range (m-c): Last good: 2015-10-27 First bad: 2015-10-28 Pushlog: https://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=0010c0cb259e28faf764949df54687e3a21a2d0a&tochange=eb3016abd37db2e6a6d923265047e84b12c0af61 Note that the last good build is when the tab crashed - bug 1169268; and starting with 2015-10-28, the browser crashed: bp-de4a2d5b-93ed-44d8-b4c9-032f72151119
[Tracking Requested - why for this release]: Reproducible browser crash with e10s.
Assignee: nobody → mrbkap
I don't think that we can pass strings from IPDL actors via |nsACString&| directly. We need to go through an intermediate.
Attachment #8697347 - Flags: review?(jmathies)
https://hg.mozilla.org/integration/mozilla-inbound/rev/3b0dafa674775f315268f8f339591115db8c90ec Bug 1225829 - Use a temporary string to avoid string type confusion via references. r=jimm
Confirming this fix with latest Developer Edition 45.0a2 (from 2015-12-16) under Windows 7 64-bit and Windows 10 32-bit - no crash encountered.
Blake, can we backport this to 44? It's happening a lot in the beta experiment.
Comment on attachment 8697347 [details] [diff] [review] Patch v1 Approval Request Comment [Feature/regressing bug #]: n/a [User impact if declined]: Crashes on windows when dragging and dropping images. [Describe test coverage new/current, TreeHerder]: Has been on Nightly (and Aurora) for a couple of weeks. [Risks and why]: Low risk. [String/UUID change made/needed]: n/a
Attachment #8697347 - Flags: approval-mozilla-beta?
Comment on attachment 8697347 [details] [diff] [review] Patch v1 Crash fix that was verified, Beta44+
Attachment #8697347 - Flags: approval-mozilla-beta? → approval-mozilla-beta+
Encountered this signature on 44.0RC build 2, under Windows 7 64-bit, while investigating bug 1241484: > bp-f7a60140-1888-40ea-b5d5-a47f12160122 > bp-d77d3df9-b9ff-4d01-b495-f42302160122 Blake, any ideas? Thanks in advance!
Hi Alexandra, this bug and bug 1241484 are unrelated. That appears to be a refcounting error on an IPC object relating to gfx code whereas this was a misuse of strings in drag-and-drop code.
You need to log in before you can comment on or make changes to this bug.