Closed
Bug 1396300
Opened 7 years ago
Closed 7 years ago
Crash in OOM | large | NS_ABORT_OOM | CopyUTF16toUTF8 | mozilla::dom::XMLHttpRequestMainThread::SendInternal
Categories
(Core :: DOM: Core & HTML, defect)
Tracking
()
RESOLVED
FIXED
mozilla57
Tracking | Status | |
---|---|---|
firefox-esr52 | --- | unaffected |
firefox55 | --- | unaffected |
firefox56 | --- | fixed |
firefox57 | --- | fixed |
People
(Reporter: philipp, Assigned: shawnjohnjr)
Details
(Keywords: crash, crashreportid, regression)
Crash Data
Attachments
(1 file, 1 obsolete file)
1.06 KB,
patch
|
gchang
:
approval-mozilla-beta+
|
Details | Diff | Splinter Review |
This bug was filed from the Socorro interface and is report bp-2a626d7f-d70c-4c28-9974-214810170902. ============================================================= Crashing Thread (0) Frame Module Signature Source 0 xul.dll NS_ABORT_OOM(unsigned int) xpcom/base/nsDebugImpl.cpp:610 1 xul.dll CopyUTF16toUTF8(nsAString const&, nsACString&) xpcom/string/nsReadableUtils.cpp:130 2 xul.dll mozilla::dom::XMLHttpRequestMainThread::SendInternal(mozilla::dom::BodyExtractorBase const*) dom/xhr/XMLHttpRequestMainThread.cpp:2994 3 xul.dll mozilla::dom::XMLHttpRequestMainThread::Send(JSContext*, nsAString const&, mozilla::ErrorResult&) dom/xhr/XMLHttpRequestMainThread.h:379 4 xul.dll mozilla::dom::XMLHttpRequestBinding::send obj-firefox/dom/bindings/XMLHttpRequestBinding.cpp:783 5 xul.dll mozilla::dom::GenericBindingMethod(JSContext*, unsigned int, JS::Value*) dom/bindings/BindingUtils.cpp:3053 6 xul.dll js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) js/src/vm/Interpreter.cpp:469 7 xul.dll js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>) js/src/vm/Interpreter.cpp:533 8 xul.dll js::fun_apply(JSContext*, unsigned int, JS::Value*) js/src/jsfun.cpp:1309 9 xul.dll js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) js/src/vm/Interpreter.cpp:469 10 xul.dll InternalCall js/src/vm/Interpreter.cpp:514 11 xul.dll js::jit::DoCallFallback js/src/jit/BaselineIC.cpp:2589 12 @0x245472a1 13 @0x517841ef 14 @0x2454094e 15 xul.dll js::jit::EnterBaselineMethod(JSContext*, js::RunState&) js/src/jit/BaselineJIT.cpp:200 16 xul.dll Interpret js/src/vm/Interpreter.cpp:3109 17 xul.dll js::RunScript(JSContext*, js::RunState&) js/src/vm/Interpreter.cpp:409 18 xul.dll js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) js/src/vm/Interpreter.cpp:487 19 xul.dll js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>) js/src/vm/Interpreter.cpp:533 20 xul.dll js::fun_apply(JSContext*, unsigned int, JS::Value*) js/src/jsfun.cpp:1309 21 xul.dll js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) js/src/vm/Interpreter.cpp:469 22 xul.dll InternalCall js/src/vm/Interpreter.cpp:514 23 xul.dll js::jit::DoCallFallback js/src/jit/BaselineIC.cpp:2589 24 @0x245472a1 25 @0xc4ac407 26 @0x24564024 27 @0x1a68a0b7 28 @0x2454094e 29 xul.dll js::jit::EnterBaselineMethod(JSContext*, js::RunState&) js/src/jit/BaselineJIT.cpp:200 30 xul.dll js::RunScript(JSContext*, js::RunState&) js/src/vm/Interpreter.cpp:399 31 xul.dll js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) js/src/vm/Interpreter.cpp:487 32 xul.dll js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>) js/src/vm/Interpreter.cpp:533 33 xul.dll JS::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, JS::HandleValueArray const&, JS::MutableHandle<JS::Value>) js/src/jsapi.cpp:2949 34 xul.dll mozilla::dom::AutoJSAPI::ReportException() dom/script/ScriptSettings.cpp:635 this crash signature is newly appearing since firefox 56 - there are no obvious correlations...
Updated•7 years ago
|
Component: Untriaged → DOM
Keywords: crashreportid
Comment 1•7 years ago
|
||
Hi Shawn, this seems a new regression in beta 56, could you please take a look at this? Thanks.
Flags: needinfo?(shuang)
Assignee | ||
Updated•7 years ago
|
Assignee: nobody → shuang
Flags: needinfo?(shuang)
Assignee | ||
Comment 2•7 years ago
|
||
https://hg.mozilla.org/releases/mozilla-beta/file/tip/dom/xhr/XMLHttpRequestMainThread.cpp#l2994
Assignee | ||
Comment 3•7 years ago
|
||
I try to reproduce it on Windows 7, but no luck. I'm still looking into how to reproduce this bug.
Assignee | ||
Comment 4•7 years ago
|
||
https://crash-stats.mozilla.com/report/index/f5e859ac-5930-4a3f-bba2-e99610170906 OOM Allocation Size is quite large 13MB. System Memory Use Percentage is 95%.
Comment 5•7 years ago
|
||
I think this call is failing: http://dxr.mozilla.org/mozilla-central/source/dom/fetch/BodyExtractor.cpp#138 That call should be made fallible.
Assignee | ||
Comment 6•7 years ago
|
||
Assignee | ||
Updated•7 years ago
|
Attachment #8905403 -
Flags: review?(bkelly)
Assignee | ||
Comment 7•7 years ago
|
||
(In reply to Nathan Froyd [:froydnj] from comment #5) > I think this call is failing: > > http://dxr.mozilla.org/mozilla-central/source/dom/fetch/BodyExtractor.cpp#138 > > That call should be made fallible. Thank you. Yeah, this was introduced in bug 1261841, that explained why we saw it from 56 beta.
Comment 8•7 years ago
|
||
Comment on attachment 8905403 [details] [diff] [review] Bug 1396300 - Use fallible allocation in GetAsStream Review of attachment 8905403 [details] [diff] [review]: ----------------------------------------------------------------- ::: dom/fetch/BodyExtractor.cpp @@ +134,5 @@ > nsACString& aContentTypeWithCharset, > nsACString& aCharset) const > { > nsCString encoded; > + if (!CopyUTF16toUTF8(*mBody, encoded, fallible)) { I wish we had a way to do the UTF16-to-UTF8 conversion as part of the stream reading process. I guess that can be a follow-up bug, though.
Attachment #8905403 -
Flags: review?(bkelly) → review+
Assignee | ||
Comment 9•7 years ago
|
||
Opened Bug 1398003 for follow-up.
Assignee | ||
Updated•7 years ago
|
Attachment #8905403 -
Attachment is obsolete: true
Assignee | ||
Comment 10•7 years ago
|
||
Comment 11•7 years ago
|
||
Pushed by shuang@mozilla.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/6b1112ce0727 Use fallible allocation in GetAsStream. r=bkelly
Assignee | ||
Comment 12•7 years ago
|
||
Comment on attachment 8905765 [details] [diff] [review] Bug 1396300 - Use fallible allocation in GetAsStream. r=bkelly Approval Request Comment [Feature/Bug causing the regression]:bug 1261841 [User impact if declined]:Crash in OOM [Is this code covered by automated tests?]:No [Has the fix been verified in Nightly?]:No STR [Needs manual test from QE? If yes, steps to reproduce]: No STR [List of other uplifts needed for the feature/fix]:No [Is the change risky?]:Very Low [Why is the change risky/not risky?]:Use fallible allocation [String changes made/needed]:No
Attachment #8905765 -
Flags: approval-mozilla-beta?
Comment 13•7 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/6b1112ce0727
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla57
Comment 14•7 years ago
|
||
Comment on attachment 8905765 [details] [diff] [review] Bug 1396300 - Use fallible allocation in GetAsStream. r=bkelly Fix a crash. Let's see how it goes. Beta56+.
Attachment #8905765 -
Flags: approval-mozilla-beta? → approval-mozilla-beta+
Comment 15•7 years ago
|
||
bugherder uplift |
https://hg.mozilla.org/releases/mozilla-beta/rev/d65474a88a77
Assignee | ||
Comment 16•7 years ago
|
||
Thanks, Ryan.
Updated•5 years ago
|
Component: DOM → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•