Closed Bug 1225829 Opened 4 years ago Closed 4 years ago

crash in std::_Atomic_fetch_add_4

Categories

(Core :: DOM: Core & HTML, defect, critical)

All
Windows
defect
Not set
critical

Tracking

()

VERIFIED FIXED
mozilla45
Tracking Status
e10s ? ---
firefox44 --- fixed
firefox45 + verified
b2g-v2.5 --- fixed

People

(Reporter: adalucinet, Assigned: mrbkap)

References

Details

(Keywords: crash, reproducible)

Crash Data

Attachments

(1 file)

This bug was filed from the Socorro interface and is 
report bp-9c0d08e4-43da-4288-a340-0e6842151118.
=============================================================
STR via bug 1169268:
> 1. Open page data:text/html,<div contenteditable style="display:none">
> 2. Paste file from disk (simply press Ctrl+V)

Additional notes:
1. Reproducible *only* with e10s enabled, both latest 44.0a2 and 45.0a1 (from 2015-11-17).
2. Not reproducible under Ubuntu 12.04 32-bit nor Mac OS X 10.8.5
3. More reports:
https://crash-stats.mozilla.com/report/list?product=Firefox&signature=std%3A%3A_Atomic_fetch_add_4
Regression range (m-c):
Last good: 2015-10-27
First bad: 2015-10-28

Pushlog: https://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=0010c0cb259e28faf764949df54687e3a21a2d0a&tochange=eb3016abd37db2e6a6d923265047e84b12c0af61

Note that the last good build is when the tab crashed - bug 1169268; and starting with 2015-10-28, the browser crashed: bp-de4a2d5b-93ed-44d8-b4c9-032f72151119
Keywords: reproducible
[Tracking Requested - why for this release]:
Reproducible browser crash with e10s.
tracking-e10s: --- → ?
Flags: needinfo?(mrbkap)
See Also: → 1227848
Assignee: nobody → mrbkap
Flags: needinfo?(mrbkap)
Attached patch Patch v1Splinter Review
I don't think that we can pass strings from IPDL actors via |nsACString&| directly. We need to go through an intermediate.
Attachment #8697347 - Flags: review?(jmathies)
Attachment #8697347 - Flags: review?(jmathies) → review+
https://hg.mozilla.org/mozilla-central/rev/3b0dafa67477
Status: NEW → RESOLVED
Closed: 4 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla45
Confirming this fix with latest Developer Edition 45.0a2 (from 2015-12-16) under Windows 7 64-bit and Windows 10 32-bit - no crash encountered.
Status: RESOLVED → VERIFIED
Blake, can we backport this to 44? It's happening a lot in the beta experiment.
Comment on attachment 8697347 [details] [diff] [review]
Patch v1

Approval Request Comment
[Feature/regressing bug #]: n/a
[User impact if declined]: Crashes on windows when dragging and dropping images.
[Describe test coverage new/current, TreeHerder]: Has been on Nightly (and Aurora) for a couple of weeks.
[Risks and why]: Low risk.
[String/UUID change made/needed]: n/a
Attachment #8697347 - Flags: approval-mozilla-beta?
Comment on attachment 8697347 [details] [diff] [review]
Patch v1

Crash fix that was verified, Beta44+
Attachment #8697347 - Flags: approval-mozilla-beta? → approval-mozilla-beta+
See Also: → 1241484
Encountered this signature on 44.0RC build 2, under Windows 7 64-bit, while investigating bug 1241484:
> bp-f7a60140-1888-40ea-b5d5-a47f12160122
> bp-d77d3df9-b9ff-4d01-b495-f42302160122

Blake, any ideas? Thanks in advance!
Flags: needinfo?(mrbkap)
Hi Alexandra, this bug and bug 1241484 are unrelated. That appears to be a refcounting error on an IPC object relating to gfx code whereas this was a misuse of strings in drag-and-drop code.
Flags: needinfo?(mrbkap)
You need to log in before you can comment on or make changes to this bug.