crash in std::_Atomic_fetch_add_4

VERIFIED FIXED in Firefox 44, Firefox OS v2.5

Status

()

Core
DOM: Core & HTML
--
critical
VERIFIED FIXED
2 years ago
a year ago

People

(Reporter: adalucinet, Assigned: mrbkap)

Tracking

({crash, reproducible})

Trunk
mozilla45
All
Windows
crash, reproducible
Points:
---

Firefox Tracking Flags

(e10s?, firefox44 fixed, firefox45+ verified, b2g-v2.5 fixed)

Details

(crash signature)

Attachments

(1 attachment)

(Reporter)

Description

2 years ago
This bug was filed from the Socorro interface and is 
report bp-9c0d08e4-43da-4288-a340-0e6842151118.
=============================================================
STR via bug 1169268:
> 1. Open page data:text/html,<div contenteditable style="display:none">
> 2. Paste file from disk (simply press Ctrl+V)

Additional notes:
1. Reproducible *only* with e10s enabled, both latest 44.0a2 and 45.0a1 (from 2015-11-17).
2. Not reproducible under Ubuntu 12.04 32-bit nor Mac OS X 10.8.5
3. More reports:
https://crash-stats.mozilla.com/report/list?product=Firefox&signature=std%3A%3A_Atomic_fetch_add_4
(Reporter)

Comment 1

2 years ago
Regression range (m-c):
Last good: 2015-10-27
First bad: 2015-10-28

Pushlog: https://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=0010c0cb259e28faf764949df54687e3a21a2d0a&tochange=eb3016abd37db2e6a6d923265047e84b12c0af61

Note that the last good build is when the tab crashed - bug 1169268; and starting with 2015-10-28, the browser crashed: bp-de4a2d5b-93ed-44d8-b4c9-032f72151119
Keywords: reproducible

Comment 2

2 years ago
[Tracking Requested - why for this release]:
Reproducible browser crash with e10s.
tracking-e10s: --- → ?
tracking-firefox45: --- → ?
Flags: needinfo?(mrbkap)

Updated

2 years ago
See Also: → bug 1227848
(Assignee)

Updated

2 years ago
Assignee: nobody → mrbkap
Flags: needinfo?(mrbkap)
(Assignee)

Comment 3

2 years ago
Created attachment 8697347 [details] [diff] [review]
Patch v1

I don't think that we can pass strings from IPDL actors via |nsACString&| directly. We need to go through an intermediate.
Attachment #8697347 - Flags: review?(jmathies)

Updated

2 years ago
Attachment #8697347 - Flags: review?(jmathies) → review+
(Assignee)

Comment 4

2 years ago
https://hg.mozilla.org/integration/mozilla-inbound/rev/3b0dafa674775f315268f8f339591115db8c90ec
Bug 1225829 - Use a temporary string to avoid string type confusion via references. r=jimm

Comment 5

2 years ago
bugherder
https://hg.mozilla.org/mozilla-central/rev/3b0dafa67477
Status: NEW → RESOLVED
Last Resolved: 2 years ago
status-firefox45: affected → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla45
(Reporter)

Comment 6

2 years ago
Confirming this fix with latest Developer Edition 45.0a2 (from 2015-12-16) under Windows 7 64-bit and Windows 10 32-bit - no crash encountered.
Status: RESOLVED → VERIFIED
status-firefox45: fixed → verified
tracking-firefox45: ? → +
Blake, can we backport this to 44? It's happening a lot in the beta experiment.
(Assignee)

Comment 8

a year ago
Comment on attachment 8697347 [details] [diff] [review]
Patch v1

Approval Request Comment
[Feature/regressing bug #]: n/a
[User impact if declined]: Crashes on windows when dragging and dropping images.
[Describe test coverage new/current, TreeHerder]: Has been on Nightly (and Aurora) for a couple of weeks.
[Risks and why]: Low risk.
[String/UUID change made/needed]: n/a
Attachment #8697347 - Flags: approval-mozilla-beta?

Updated

a year ago
status-firefox44: --- → affected
Comment on attachment 8697347 [details] [diff] [review]
Patch v1

Crash fix that was verified, Beta44+
Attachment #8697347 - Flags: approval-mozilla-beta? → approval-mozilla-beta+

Comment 10

a year ago
bugherderuplift
https://hg.mozilla.org/releases/mozilla-beta/rev/bac789f5d52c
status-firefox44: affected → fixed

Comment 11

a year ago
bugherderuplift
https://hg.mozilla.org/releases/mozilla-b2g44_v2_5/rev/bac789f5d52c
status-b2g-v2.5: --- → fixed
(Reporter)

Updated

a year ago
See Also: → bug 1241484
(Reporter)

Comment 12

a year ago
Encountered this signature on 44.0RC build 2, under Windows 7 64-bit, while investigating bug 1241484:
> bp-f7a60140-1888-40ea-b5d5-a47f12160122
> bp-d77d3df9-b9ff-4d01-b495-f42302160122

Blake, any ideas? Thanks in advance!
Flags: needinfo?(mrbkap)
(Assignee)

Comment 13

a year ago
Hi Alexandra, this bug and bug 1241484 are unrelated. That appears to be a refcounting error on an IPC object relating to gfx code whereas this was a misuse of strings in drag-and-drop code.
Flags: needinfo?(mrbkap)
You need to log in before you can comment on or make changes to this bug.