Closed Bug 1225829 Opened 9 years ago Closed 9 years ago

crash in std::_Atomic_fetch_add_4

Categories

(Core :: DOM: Core & HTML, defect)

Product:
Core
Component:
DOM: Core & HTML
Platform:
All
Windows
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
VERIFIED FIXED
Milestone:
mozilla45
Tracking Flags:
Tracking Status
e10s ? ---
firefox44 --- fixed
firefox45 + verified
b2g-v2.5 --- fixed

People

(Reporter: adalucinet, Assigned: mrbkap)

References

Details

(Keywords: crash, reproducible)

Crash Data

Attachments

(1 file)

Patch v1
1.27 KB, patch
jimm
: review+
ritu
: approval-mozilla-beta+
Details | Diff | Splinter Review
This bug was filed from the Socorro interface and is report bp-9c0d08e4-43da-4288-a340-0e6842151118. ============================================================= STR via bug 1169268: > 1. Open page data:text/html,<div contenteditable style="display:none"> > 2. Paste file from disk (simply press Ctrl+V) Additional notes: 1. Reproducible *only* with e10s enabled, both latest 44.0a2 and 45.0a1 (from 2015-11-17). 2. Not reproducible under Ubuntu 12.04 32-bit nor Mac OS X 10.8.5 3. More reports: https://crash-stats.mozilla.com/report/list?product=Firefox&signature=std%3A%3A_Atomic_fetch_add_4
Regression range (m-c): Last good: 2015-10-27 First bad: 2015-10-28 Pushlog: https://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=0010c0cb259e28faf764949df54687e3a21a2d0a&tochange=eb3016abd37db2e6a6d923265047e84b12c0af61 Note that the last good build is when the tab crashed - bug 1169268; and starting with 2015-10-28, the browser crashed: bp-de4a2d5b-93ed-44d8-b4c9-032f72151119
Keywords: reproducible
[Tracking Requested - why for this release]: Reproducible browser crash with e10s.
tracking-e10s: --- → ?
tracking-firefox45: --- → ?
Flags: needinfo?(mrbkap)
See Also: → 1227848
Assignee: nobody → mrbkap
Flags: needinfo?(mrbkap)
Attached patch Patch v1Splinter Review
I don't think that we can pass strings from IPDL actors via |nsACString&| directly. We need to go through an intermediate.
Attachment #8697347 - Flags: review?(jmathies)
Attachment #8697347 - Flags: review?(jmathies) → review+
https://hg.mozilla.org/integration/mozilla-inbound/rev/3b0dafa674775f315268f8f339591115db8c90ec Bug 1225829 - Use a temporary string to avoid string type confusion via references. r=jimm
https://hg.mozilla.org/mozilla-central/rev/3b0dafa67477
Status: NEW → RESOLVED
Closed: 9 years ago
status-firefox45: affectedfixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla45
Confirming this fix with latest Developer Edition 45.0a2 (from 2015-12-16) under Windows 7 64-bit and Windows 10 32-bit - no crash encountered.
Status: RESOLVED → VERIFIED
status-firefox45: fixedverified
Blake, can we backport this to 44? It's happening a lot in the beta experiment.
Comment on attachment 8697347 [details] [diff] [review] Patch v1 Approval Request Comment [Feature/regressing bug #]: n/a [User impact if declined]: Crashes on windows when dragging and dropping images. [Describe test coverage new/current, TreeHerder]: Has been on Nightly (and Aurora) for a couple of weeks. [Risks and why]: Low risk. [String/UUID change made/needed]: n/a
Attachment #8697347 - Flags: approval-mozilla-beta?
Comment on attachment 8697347 [details] [diff] [review] Patch v1 Crash fix that was verified, Beta44+
Attachment #8697347 - Flags: approval-mozilla-beta? → approval-mozilla-beta+
See Also: → 1241484
Encountered this signature on 44.0RC build 2, under Windows 7 64-bit, while investigating bug 1241484: > bp-f7a60140-1888-40ea-b5d5-a47f12160122 > bp-d77d3df9-b9ff-4d01-b495-f42302160122 Blake, any ideas? Thanks in advance!
Flags: needinfo?(mrbkap)
Hi Alexandra, this bug and bug 1241484 are unrelated. That appears to be a refcounting error on an IPC object relating to gfx code whereas this was a misuse of strings in drag-and-drop code.
Flags: needinfo?(mrbkap)
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: