1293978 - Crash in memcpy | nsHtml5TreeBuilder::accumulateCharacters

Status: RESOLVED DUPLICATE of bug 1286911

(Core :: DOM: HTML Parser, defect)

Description

[[:philipp]]

This bug was filed from the Socorro interface and is 
report bp-160256e1-f215-4c88-ba83-471dc2160810.
=============================================================
Crashing Thread (34)
Frame 	Module 	Signature 	Source
0 	vcruntime140.dll 	memcpy 	f:\dd\vctools\crt\vcruntime\src\string\i386\memcpy.asm:194
1 	xul.dll 	nsHtml5TreeBuilder::accumulateCharacters(char16_t const*, int, int) 	parser/html/nsHtml5TreeBuilderCppSupplement.h:960
2 	xul.dll 	nsHtml5TreeBuilder::characters(char16_t const*, int, int) 	parser/html/nsHtml5TreeBuilder.cpp:454
3 	xul.dll 	nsHtml5Tokenizer::flushChars(char16_t*, int) 	parser/html/nsHtml5Tokenizer.cpp:273
4 	xul.dll 	nsHtml5Tokenizer::emitCarriageReturn(char16_t*, int) 	parser/html/nsHtml5Tokenizer.cpp:3473
5 	xul.dll 	nsHtml5Tokenizer::stateLoop<nsHtml5SilentPolicy>(int, char16_t, int, char16_t*, bool, int, int) 	parser/html/nsHtml5Tokenizer.cpp:1831
6 	xul.dll 	nsHtml5Tokenizer::tokenizeBuffer(nsHtml5UTF16Buffer*) 	parser/html/nsHtml5Tokenizer.cpp:405
7 	xul.dll 	nsHtml5StreamParser::ParseAvailableData() 	parser/html/nsHtml5StreamParser.cpp:1414
8 	xul.dll 	nsHtml5StreamParser::DoDataAvailable(unsigned char const*, unsigned int) 	parser/html/nsHtml5StreamParser.cpp:1111

this crash on windows seems to be regressing since firefox 48 nightly builds and in numbers since firefox 49 beta (msvc switch?). this is currently the #40 browser crash in 49.0b1 making up 0.26% of all crashes.