Closed Bug 1275253 Opened 9 years ago Closed 6 years ago

Crash in std::deque<T>::_M_push_back_aux<T> when selecting text on GMail

Categories

(Core :: DOM: Editor, defect)

Product:
Core
Component:
DOM: Editor
Version:
45 Branch
Platform:
Unspecified
Linux
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED WONTFIX
Tracking Flags:
Tracking Status
platform-rel --- -
firefox47 --- affected
firefox48 --- affected
firefox49 --- affected

People

(Reporter: padenot, Unassigned)

Details

(Keywords: crash, Whiteboard: [platform-rel-Google] [platform-rel-Gmail])

Crash Data

This bug was filed from the Socorro interface and is report bp-f0ef5753-0eea-4046-a0d9-3d4072160523. ============================================================= I've been able to repro this on current nightly on Linux by selecting text in the gmail "compose" window.
Whiteboard: [platform-rel-Google] [platform-rel-Gmail]
platform-rel: --- → ?
platform-rel: ? → +
Crash volume for signature 'std::deque<T>::_M_push_back_aux<T>': - nightly (version 50): 0 crash from 2016-06-06. - aurora (version 49): 2 crashes from 2016-06-07. - beta (version 48): 1 crash from 2016-06-06. - release (version 47): 138 crashes from 2016-05-31. - esr (version 45): 0 crash from 2016-04-07. Crash volume on the last weeks: Week N-1 Week N-2 Week N-3 Week N-4 Week N-5 Week N-6 Week N-7 - nightly 0 0 0 0 0 0 0 - aurora 0 0 2 0 0 0 0 - beta 0 0 0 0 1 0 0 - release 30 27 17 18 18 17 4 - esr 0 0 0 0 0 0 0 Affected platform: Linux
status-firefox47: --- → affected
status-firefox48: --- → affected
status-firefox49: --- → affected
I just ran into this crash: https://dxr.mozilla.org/mozilla-central/source/dom/base/nsPlainTextSerializer.cpp#375 From a quick look, the crashing code was inlined, but the null deref seems to occur here: https://dxr.mozilla.org/mozilla-central/source/dom/base/nsPlainTextSerializer.cpp#375 how can this result in a null deref ?
Note, I too ran into this crash while using GMail.
Rank: 1
(In reply to Benoit Jacob [:bjacob] (mostly away) from comment #2) > I just ran into this crash: > https://dxr.mozilla.org/mozilla-central/source/dom/base/ > nsPlainTextSerializer.cpp#375 > > From a quick look, the crashing code was inlined, but the null deref seems > to occur here: > https://dxr.mozilla.org/mozilla-central/source/dom/base/ > nsPlainTextSerializer.cpp#375 > how can this result in a null deref ? OOM? Paul: are you still able to repro? What's the value of 'this' when you crash?
Flags: needinfo?(padenot)
I can't repro anymore, but it seems unlikely this is an OOM, this machine has a 64bits OS and has 32GB or RAM.
Flags: needinfo?(padenot)
Low-volume (18 crashes in the last 7 days) Linux-only crash. I don't see any instances in Firefox version 50+ but it's likely that this bug is still in there.
This crash is still happening, though still in extremely low volume. Here's a report from 55: bp-66beb2e8-489d-40a9-8354-f10f30170607.
Closing because no crashes reported for 12 weeks.
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.