Closed Bug 1239698 Opened 8 years ago Closed 8 years ago

mozilla::ipc::FatalError crash in mozilla::dom::PScreenManagerChild::Read

Categories

(Core :: IPC, defect)

Product:
Core
Component:
IPC
Platform:
Unspecified
Windows NT
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED WORKSFORME
Tracking Flags:
Tracking Status
e10s ? ---

People

(Reporter: kairo, Assigned: billm)

Details

(Keywords: crash)

Crash Data

This bug was filed from the Socorro interface and is 
report bp-060a01c9-1cf4-4a03-978d-090e52160107.
=============================================================

Top Stack Frames:
0 	mozglue.dll 	mozalloc_abort(char const* const) 	memory/mozalloc/mozalloc_abort.cpp
1 	xul.dll 	NS_DebugBreak 	xpcom/base/nsDebugImpl.cpp
2 	xul.dll 	mozilla::ipc::FatalError(char const*, char const*, unsigned long, bool) 	ipc/glue/ProtocolUtils.cpp
3 	xul.dll 	mozilla::dom::PScreenManagerChild::Read(mozilla::dom::ScreenDetails*, IPC::Message const*, void**) 	obj-firefox/ipc/ipdl/PScreenManagerChild.cpp
4 	xul.dll 	mozilla::dom::PScreenManagerChild::SendScreenForBrowser(mozilla::dom::IdType<mozilla::dom::TabParent> const&, mozilla::dom::ScreenDetails*, bool*) 	obj-firefox/ipc/ipdl/PScreenManagerChild.cpp
5 	xul.dll 	nsScreenManagerProxy::ScreenForNativeWidget(void*, nsIScreen**) 	widget/nsScreenManagerProxy.cpp
6 	xul.dll 	nsDeviceContext::FindScreen(nsIScreen**) 	gfx/src/nsDeviceContext.cpp
7 	xul.dll 	nsDeviceContext::ComputeFullAreaUsingScreen(nsRect*) 	gfx/src/nsDeviceContext.cpp
8 	xul.dll 	nsDeviceContext::GetDeviceSurfaceDimensions(int&, int&) 	gfx/src/nsDeviceContext.cpp
[...]

This has been one of the top 5 crashes on Developer Edition for a while, it's a crash in the content process.
Assignee: nobody → gwright
Unfortunately we only record an error string if the fatal error happen in the parent -
 
http://hg.mozilla.org/releases/mozilla-aurora/annotate/7e1284abc473/ipc/glue/ProtocolUtils.cpp#l317

so no additional error info here.
Can we get error strings like that to be sent in client crashes as well?
Needinfoing myself for further investigation
Flags: needinfo?(gwright)
bp-060a01c9-1cf4-4a03-978d-090e52160107 indicates line 557 of PScreenManagerChild.cpp; in my tree:

    556     if ((!(Read((&((v__)->id())), msg__, iter__)))) {
    557         FatalError("Error deserializing 'id' (uint32_t) member of 'ScreenDetails'");
    558         return false;
    559     }

We'd only fail to deserialize a uint32_t if there were an unexpected end of the message.  This might be related to the other sync IPC FatalError bugs?
I'll take this. I've been looking into a bunch of these IPC bugs. I suspect they're all CPOW-related.
Assignee: gwright → wmccloskey
Clearing my needinfo. I was investigating this, but when I asked billm for info he decided to take it as he thinks it's related to the work he's doing :)
Flags: needinfo?(gwright)
This appears to be fixed on nightly. We may need some backports though.
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.