Closed
Bug 1396300
Opened 8 years ago
Closed 8 years ago
Crash in OOM | large | NS_ABORT_OOM | CopyUTF16toUTF8 | mozilla::dom::XMLHttpRequestMainThread::SendInternal
Categories
(Core :: DOM: Core & HTML, defect)
Tracking
()
RESOLVED
FIXED
mozilla57
| Tracking | Status | |
|---|---|---|
| firefox-esr52 | --- | unaffected |
| firefox55 | --- | unaffected |
| firefox56 | --- | fixed |
| firefox57 | --- | fixed |
People
(Reporter: philipp, Assigned: shawnjohnjr)
Details
(Keywords: crash, crashreportid, regression)
Crash Data
Attachments
(1 file, 1 obsolete file)
|
1.06 KB,
patch
|
gchang
:
approval-mozilla-beta+
|
Details | Diff | Splinter Review |
This bug was filed from the Socorro interface and is
report bp-2a626d7f-d70c-4c28-9974-214810170902.
=============================================================
Crashing Thread (0)
Frame Module Signature Source
0 xul.dll NS_ABORT_OOM(unsigned int) xpcom/base/nsDebugImpl.cpp:610
1 xul.dll CopyUTF16toUTF8(nsAString const&, nsACString&) xpcom/string/nsReadableUtils.cpp:130
2 xul.dll mozilla::dom::XMLHttpRequestMainThread::SendInternal(mozilla::dom::BodyExtractorBase const*) dom/xhr/XMLHttpRequestMainThread.cpp:2994
3 xul.dll mozilla::dom::XMLHttpRequestMainThread::Send(JSContext*, nsAString const&, mozilla::ErrorResult&) dom/xhr/XMLHttpRequestMainThread.h:379
4 xul.dll mozilla::dom::XMLHttpRequestBinding::send obj-firefox/dom/bindings/XMLHttpRequestBinding.cpp:783
5 xul.dll mozilla::dom::GenericBindingMethod(JSContext*, unsigned int, JS::Value*) dom/bindings/BindingUtils.cpp:3053
6 xul.dll js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) js/src/vm/Interpreter.cpp:469
7 xul.dll js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>) js/src/vm/Interpreter.cpp:533
8 xul.dll js::fun_apply(JSContext*, unsigned int, JS::Value*) js/src/jsfun.cpp:1309
9 xul.dll js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) js/src/vm/Interpreter.cpp:469
10 xul.dll InternalCall js/src/vm/Interpreter.cpp:514
11 xul.dll js::jit::DoCallFallback js/src/jit/BaselineIC.cpp:2589
12 @0x245472a1
13 @0x517841ef
14 @0x2454094e
15 xul.dll js::jit::EnterBaselineMethod(JSContext*, js::RunState&) js/src/jit/BaselineJIT.cpp:200
16 xul.dll Interpret js/src/vm/Interpreter.cpp:3109
17 xul.dll js::RunScript(JSContext*, js::RunState&) js/src/vm/Interpreter.cpp:409
18 xul.dll js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) js/src/vm/Interpreter.cpp:487
19 xul.dll js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>) js/src/vm/Interpreter.cpp:533
20 xul.dll js::fun_apply(JSContext*, unsigned int, JS::Value*) js/src/jsfun.cpp:1309
21 xul.dll js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) js/src/vm/Interpreter.cpp:469
22 xul.dll InternalCall js/src/vm/Interpreter.cpp:514
23 xul.dll js::jit::DoCallFallback js/src/jit/BaselineIC.cpp:2589
24 @0x245472a1
25 @0xc4ac407
26 @0x24564024
27 @0x1a68a0b7
28 @0x2454094e
29 xul.dll js::jit::EnterBaselineMethod(JSContext*, js::RunState&) js/src/jit/BaselineJIT.cpp:200
30 xul.dll js::RunScript(JSContext*, js::RunState&) js/src/vm/Interpreter.cpp:399
31 xul.dll js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) js/src/vm/Interpreter.cpp:487
32 xul.dll js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>) js/src/vm/Interpreter.cpp:533
33 xul.dll JS::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, JS::HandleValueArray const&, JS::MutableHandle<JS::Value>) js/src/jsapi.cpp:2949
34 xul.dll mozilla::dom::AutoJSAPI::ReportException() dom/script/ScriptSettings.cpp:635
this crash signature is newly appearing since firefox 56 - there are no obvious correlations...
|
||
Updated•8 years ago
|
Component: Untriaged → DOM
Keywords: crashreportid
|
||
Comment 1•8 years ago
|
||
Hi Shawn, this seems a new regression in beta 56, could you please take a look at this? Thanks.
Flags: needinfo?(shuang)
|
Assignee | |
Updated•8 years ago
|
Assignee: nobody → shuang
Flags: needinfo?(shuang)
|
|
Assignee | |
Comment 2•8 years ago
|
||
|
|
Assignee | |
Comment 3•8 years ago
|
||
I try to reproduce it on Windows 7, but no luck. I'm still looking into how to reproduce this bug.
|
|
Assignee | |
Comment 4•8 years ago
|
||
https://crash-stats.mozilla.com/report/index/f5e859ac-5930-4a3f-bba2-e99610170906
OOM Allocation Size is quite large 13MB. System Memory Use Percentage is 95%.
|
||
Comment 5•8 years ago
|
||
I think this call is failing:
http://dxr.mozilla.org/mozilla-central/source/dom/fetch/BodyExtractor.cpp#138
That call should be made fallible.
|
|
Assignee | |
Comment 6•8 years ago
|
||
|
|
Assignee | |
Updated•8 years ago
|
Attachment #8905403 -
Flags: review?(bkelly)
|
|
Assignee | |
Comment 7•8 years ago
|
||
(In reply to Nathan Froyd [:froydnj] from comment #5)
> I think this call is failing:
>
> http://dxr.mozilla.org/mozilla-central/source/dom/fetch/BodyExtractor.cpp#138
>
> That call should be made fallible.
Thank you. Yeah, this was introduced in bug 1261841, that explained why we saw it from 56 beta.
|
||
Comment 8•8 years ago
|
||
Comment on attachment 8905403 [details] [diff] [review]
Bug 1396300 - Use fallible allocation in GetAsStream
Review of attachment 8905403 [details] [diff] [review]:
-----------------------------------------------------------------
::: dom/fetch/BodyExtractor.cpp
@@ +134,5 @@
> nsACString& aContentTypeWithCharset,
> nsACString& aCharset) const
> {
> nsCString encoded;
> + if (!CopyUTF16toUTF8(*mBody, encoded, fallible)) {
I wish we had a way to do the UTF16-to-UTF8 conversion as part of the stream reading process. I guess that can be a follow-up bug, though.
Attachment #8905403 -
Flags: review?(bkelly) → review+
|
|
Assignee | |
Comment 9•8 years ago
|
||
Opened Bug 1398003 for follow-up.
|
|
Assignee | |
Updated•8 years ago
|
Attachment #8905403 -
Attachment is obsolete: true
|
|
Assignee | |
Comment 10•8 years ago
|
||
|
||
Comment 11•8 years ago
|
||
Pushed by shuang@mozilla.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/6b1112ce0727
Use fallible allocation in GetAsStream. r=bkelly
|
|
Assignee | |
Comment 12•8 years ago
|
||
Comment on attachment 8905765 [details] [diff] [review]
Bug 1396300 - Use fallible allocation in GetAsStream. r=bkelly
Approval Request Comment
[Feature/Bug causing the regression]:bug 1261841
[User impact if declined]:Crash in OOM
[Is this code covered by automated tests?]:No
[Has the fix been verified in Nightly?]:No STR
[Needs manual test from QE? If yes, steps to reproduce]: No STR
[List of other uplifts needed for the feature/fix]:No
[Is the change risky?]:Very Low
[Why is the change risky/not risky?]:Use fallible allocation
[String changes made/needed]:No
Attachment #8905765 -
Flags: approval-mozilla-beta?
|
|
||
Comment 13•8 years ago
|
||
| bugherder | ||
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla57
|
|
||
Comment 14•8 years ago
|
||
Comment on attachment 8905765 [details] [diff] [review]
Bug 1396300 - Use fallible allocation in GetAsStream. r=bkelly
Fix a crash. Let's see how it goes. Beta56+.
Attachment #8905765 -
Flags: approval-mozilla-beta? → approval-mozilla-beta+
|
||
Comment 15•8 years ago
|
||
| bugherder uplift | ||
|
|
Assignee | |
Comment 16•8 years ago
|
||
Thanks, Ryan.
|
||
Updated•6 years ago
|
Component: DOM → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•