Closed Bug 1376295 Opened 8 years ago Closed 8 years ago

Stylo: Crash in geckoservo::glue::Servo_StyleSheet_SizeOfIncludingThis

Categories

(Core :: CSS Parsing and Computation, defect)

Product:
Core
Component:
CSS Parsing and Computation
Platform:
Unspecified
Linux
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla56
Tracking Flags:
Tracking Status
firefox-esr52 --- unaffected
firefox54 --- unaffected
firefox55 --- unaffected
firefox56 --- fixed

People

(Reporter: n.nethercote, Assigned: bradwerth)

References

Details

(Keywords: crash)

Crash Data

Attachments

(1 file)

Bug 1376295 Part 1: Allow null raw sheets in ServoStyleSheet memory calculations.
59 bytes, text/x-review-board-request
xidorn
: review+
Details
This bug was filed from the Socorro interface and is report bp-e2c46edb-c096-4387-b995-83a8b0170624. ============================================================= 9 reports of this crash signature from 3 installations, but it looks like all 3 installations are the same user, because the machine/OS fields are all the same. Crash address is always 0x8. Looks like it's happening right at the C++/Rust border. I don't know how or why NonZeroPtrMut is involved. heycam, any ideas?
Flags: needinfo?(cam)
Presumably this is somebody who has enabled Stylo.
Summary: Crash in geckoservo::glue::Servo_StyleSheet_SizeOfIncludingThis → Stylo: Crash in geckoservo::glue::Servo_StyleSheet_SizeOfIncludingThis
The most likely cause would seem to be that mSheet is null here: https://hg.mozilla.org/mozilla-central/annotate/1466b62da7b2/layout/style/ServoStyleSheet.cpp#l71 Brad, can that happen? In general, this is probably a less urgent crash, because it only happens when measuring memory.
Flags: needinfo?(cam) → needinfo?(bwerth)
It could happen today with an @import stylesheet that failed to load due to a bad URL. Bug 1371453 tracks that issue. I'll get a short-term null check and a comment to clean things up when Bug 1371453 is fixed.
Assignee: nobody → bwerth
Depends on: 1371453
(In reply to Bobby Holley (:bholley) (busy with Stylo) from comment #2 > In general, this is probably a less urgent crash, because it only happens > when measuring memory. Keep in mind that we do regularly collect memory reports automatically (for inclusion in crash reports).
(In reply to Brad Werth [:bradwerth] from comment #3) > It could happen today with an @import stylesheet that failed to load due to > a bad URL. Bug 1371453 tracks that issue. I'll get a short-term null check > and a comment to clean things up when Bug 1371453 is fixed. Great, thanks Brad! (In reply to Andrew McCreight [:mccr8] from comment #4) > (In reply to Bobby Holley (:bholley) (busy with Stylo) from comment #2 > > In general, this is probably a less urgent crash, because it only happens > > when measuring memory. > > Keep in mind that we do regularly collect memory reports automatically (for > inclusion in crash reports). Ahah! Ok, good to know.
Attachment #8881418 - Flags: review?(xidorn+moz)
Comment on attachment 8881418 [details] Bug 1376295 Part 1: Allow null raw sheets in ServoStyleSheet memory calculations. https://reviewboard.mozilla.org/r/152574/#review157678 I'm fine with the if block itself, but please revise the comment to mention the valid case. ::: layout/style/ServoStyleSheet.cpp:71 (Diff revision 1) > - n += Servo_StyleSheet_SizeOfIncludingThis(ServoStyleSheetMallocSizeOf, mSheet); > + // There are known cases where mSheet can be null. Bug 1371453 is one such > + // case. When that bug lands, change the if into an assert to flush out > + // other cases. I don't think this comment is correct. Bug 1371453 is a case where an import rule may not have a sheet, rather than a stylesheet with inner which doesn't have raw sheet. And, I don't think we can remove the if here in the future. It seems to me there is always valid case where `mSheet` can be null, because we create stylesheet and inners when we start loading, but we assign `mSheet` only when we parse it, so if the memory measurement happens between that, we would have a null `mSheet`.
Attachment #8881418 - Flags: review?(xidorn+moz) → review+
Pushed by bwerth@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/3e1f88e3e239 Part 1: Allow null raw sheets in ServoStyleSheet memory calculations. r=xidorn
https://hg.mozilla.org/mozilla-central/rev/3e1f88e3e239
Status: NEW → RESOLVED
Closed: 8 years ago
status-firefox56: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla56
Flags: needinfo?(bwerth)
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: