Crash in arena_run_split | arena_malloc_large | malloc_impl | nsTArray_base<T>::EnsureCapacity<T> | nsTArray_base<T>::InsertSlotsAt<T> | nsTArray_Impl<T>::InsertElementsAt<T> | mozilla::MediaResource::MediaReadAt

NEW
Unassigned

Status

()

P3
critical
a year ago
a year ago

People

(Reporter: kaku, Unassigned)

Tracking

({crash})

Firefox Tracking Flags

(Not tracked)

Details

(crash signature)

(Reporter)

Description

a year ago
This bug was filed from the Socorro interface and is 
report bp-2c1242d1-cafa-4f50-ac35-9229c2170416.
=============================================================

We can trace the call stacks back to media code here:
https://hg.mozilla.org/mozilla-central/annotate/cda24082bff8/dom/media/MediaResource.h#l226

The operation is using a "fallible" MediaByteBuffer::SetLength() to allocate 468613 bytes, which is, generally speaking, considered as a NOT big size.

The MediaByteBuffer::SetLength() uses nsTArrry::SetLength() with a nsTArrayFallibleAllocator, which should return error message while encountering into errors, instead of crashes, right?
(Reporter)

Updated

a year ago
Crash Signature: [@ arena_run_split | arena_malloc_large | malloc_impl | nsTArray_base<T>::EnsureCapacity<T> | nsTArray_base<T>::InsertSlotsAt<T> | nsTArray_Impl<T>::InsertElementsAt<T> | mozilla::MediaResource::MediaReadAt] → [@ arena_run_split | arena_malloc_large | malloc_impl | nsTArray_base<T>::EnsureCapacity<T> | nsTArray_base<T>::InsertSlotsAt<T> | nsTArray_Impl<T>::InsertElementsAt<T> | mozilla::MediaResource::MediaReadAt] [@ moz_abort | arena_run_split | arena_malloc_…
Priority: -- → P3
I don't see a lot of crash reports for this one.
You need to log in before you can comment on or make changes to this bug.