Closed
Bug 1421592
Opened 7 years ago
Closed 6 years ago
Crash in InvalidArrayIndex_CRASH | nsComputedDOMStyle::GetGridTemplateColumnsRows
Categories
(Core :: Layout, defect)
Tracking
()
RESOLVED
WONTFIX
| Tracking | Status | |
|---|---|---|
| firefox57 | - | wontfix |
| firefox58 | --- | wontfix |
| firefox59 | --- | unaffected |
People
(Reporter: calixte, Unassigned)
Details
(Keywords: crash, topcrash)
Crash Data
This bug was filed from the Socorro interface and is report bp-430a6f1b-e237-4f14-b03d-35aeb0171129. ============================================================= Top 10 frames of crashing thread: 0 mozglue.dll MOZ_CrashPrintf mfbt/Assertions.cpp:50 1 xul.dll InvalidArrayIndex_CRASH xpcom/ds/nsTArray.cpp:26 2 xul.dll nsComputedDOMStyle::GetGridTemplateColumnsRows layout/style/nsComputedDOMStyle.cpp:2903 3 xul.dll nsComputedDOMStyle::DoGetGridTemplateRows layout/style/nsComputedDOMStyle.cpp:3154 4 xul.dll nsComputedDOMStyle::GetPropertyCSSValue layout/style/nsComputedDOMStyle.cpp:1046 5 xul.dll nsComputedDOMStyle::GetPropertyValue layout/style/nsComputedDOMStyle.cpp:383 6 xul.dll mozilla::dom::CSSStyleDeclarationBinding::getPropertyValue dom/bindings/CSSStyleDeclarationBinding.cpp:172 7 xul.dll mozilla::dom::GenericBindingMethod dom/bindings/BindingUtils.cpp:3041 8 xul.dll js::InternalCallOrConstruct js/src/vm/Interpreter.cpp:495 9 xul.dll js::Call js/src/vm/Interpreter.cpp:559 ============================================================= There are 1307 crashes in release 57.0. The crash began to spike the 2017-11-26. Most of the user are french and a lot of crashy urls are related to http://www.meteofrance.com/ (confirmed by user comments in crash reports). :xidorn, could you investigate please ?
Flags: needinfo?(xidorn+moz)
|
Reporter | |
Comment 1•7 years ago
|
||
[Tracking Requested - why for this release]: The signature is ranked #11 in top-crashers for content process and is a startup crash.
tracking-firefox57:
--- → ?
Keywords: topcrash
|
||
Comment 2•7 years ago
|
||
51.5% happens on 57.0, and 41.8% on 52esr?! The crash stack of bp-430a6f1b-e237-4f14-b03d-35aeb0171129 is weird: 1. It is in subgrid serialization code: although we accidentally exposed this in stylo (see bug 1421645), given that no browser actually supports it, it is unlikely any website would be using it. 2. The lines immediately above indicates that this shouldn't happen at all. There are several reports with the same signature pointing to https://hg.mozilla.org/releases/mozilla-release/annotate/3702966a64c8/layout/style/nsComputedDOMStyle.cpp#l3037 (e.g. bp-cf5aa99b-611d-4d7a-861b-32ab70171129) which seems to be something makes more sense. Redirect ni? to mats and see whether he has some thought about this.
Flags: needinfo?(xidorn+moz) → needinfo?(mats)
|
|
||
Comment 4•7 years ago
|
||
Also given that it happens in 52esr as well, I don't think this should tracking 57... It could probably just be that some popular website start triggering it somehow in 57 time frame.
|
||
Comment 5•7 years ago
|
||
It looks like this is a safe crash since we fail a runtime assertion: MOZ_CRASH Reason: ElementAt(aIndex = 0, aLength = 0)
|
|
||
Comment 7•7 years ago
|
||
I guess we could just uplift that fix to see if the crashes stop... It's a low risk change IMO.
|
||
Updated•7 years ago
|
Group: core-security → dom-core-security
|
||
Comment 8•7 years ago
|
||
We're hitting a runtime check that is being shipped in all version, so this does not need to be hidden.
Group: dom-core-security
|
||
Comment 9•7 years ago
|
||
(In reply to Mats Palmgren (:mats) from comment #6) > Maybe a dupe of bug 1350780? I can't tell if the patch for Bug 1350780 helps here. I can't replicate the crash in Nightly (which includes the fix for that bug). However, I do get a memory leak in Nightly after navigating to http://www.meteofrance.com/. I'll start trying to reduce a testcase.
|
|
||
Comment 10•7 years ago
|
||
(In reply to Brad Werth [:bradwerth] from comment #9) > (In reply to Mats Palmgren (:mats) from comment #6) > > Maybe a dupe of bug 1350780? > > I can't tell if the patch for Bug 1350780 helps here. I can't replicate the > crash in Nightly (which includes the fix for that bug). However, I do get a > memory leak in Nightly after navigating to http://www.meteofrance.com/. I'll > start trying to reduce a testcase. Hmmm... memory leak isn't reproducible -- not sure what went wrong with my local build. I fear I have no special insight into this bug. I can navigate to and around http://www.meteofrance.com/ without incident.
Flags: needinfo?(bwerth)
|
||
Updated•7 years ago
|
Component: DOM → Layout
|
||
Comment 11•6 years ago
|
||
We shipped 57 with it, while the volume was pretty high, as it fixed in 59, not tracking and marking it as wontfix.
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → WONTFIX
You need to log in
before you can comment on or make changes to this bug.
Description
•