Closed Bug 1427091 Opened 6 years ago Closed 6 years ago

Crash in OOM | large | NS_ABORT_OOM | AppendUTF16toUTF8 | mozilla::dom::MultipartBlobImpl::InitializeBlob

Categories

(Core :: DOM: Core & HTML, defect)

Product:
Core
Component:
DOM: Core & HTML
Version:
58 Branch
Platform:
x86
Windows
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla59
Tracking Flags:
Tracking Status
firefox-esr52 --- unaffected
firefox57 --- unaffected
firefox58 --- fixed
firefox59 --- fixed

People

(Reporter: philipp, Assigned: baku)

Details

(Keywords: crash, regression)

Crash Data

Attachments

(2 files)

blob.patch
941 bytes, patch
smaug
: review+
gchang
: approval-mozilla-beta+
Details | Diff | Splinter Review
m-b
1.07 KB, patch
Details | Diff | Splinter Review 
This bug was filed from the Socorro interface and is
report bp-7d48265e-a530-4d09-82a2-486550171226.
=============================================================

Top 10 frames of crashing thread:

0 xul.dll NS_ABORT_OOM xpcom/base/nsDebugImpl.cpp:620
1 xul.dll AppendUTF16toUTF8 xpcom/string/nsReadableUtils.cpp:251
2 xul.dll mozilla::dom::MultipartBlobImpl::InitializeBlob dom/file/MultipartBlobImpl.cpp:192
3 xul.dll mozilla::dom::Blob::Constructor dom/file/Blob.cpp:254
4 xul.dll mozilla::dom::BlobBinding::_constructor dom/bindings/BlobBinding.cpp:919
5 xul.dll InternalConstruct js/src/vm/Interpreter.cpp:580
6 xul.dll Interpret js/src/vm/Interpreter.cpp:3090
7 xul.dll js::RunScript js/src/vm/Interpreter.cpp:423
8 xul.dll js::InternalCallOrConstruct js/src/vm/Interpreter.cpp:495
9 xul.dll InternalCall js/src/vm/Interpreter.cpp:522

=============================================================

this crash signature started showing up with a ow-to-mid-level in 58.0b3 on win32bit builds.
*low to mid level volume
Attached patch blob.patchSplinter Review 
Assignee: nobody → amarchesini

        Attachment #8939568 -
        Flags: review?(bugs)

    
    

    
  
Comment on attachment 8939568 [details] [diff] [review]
blob.patch

Use nsCString, not nsAutoCString, since the data will be assigned immediately to an nsCString anyhow, so no need to assign first short strings to nsAutoCString's local storage and then copying to stringbuffer. nsCString ends up using string buffer from the beginning.

        Attachment #8939568 -
        Flags: review?(bugs) → review+

    
    

    
  
Pushed by amarchesini@mozilla.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/5360fdf49a84
BlobSet must propagate the OOM error when appending a big string, r=smaug

    
    

    
  
https://hg.mozilla.org/mozilla-central/rev/5360fdf49a84
Status: NEW → RESOLVED
Closed: 6 years ago

          status-firefox59:
          affectedfixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla59

    
    

    
  
Please request Beta approval on this when you get a chance.
Flags: needinfo?(amarchesini)

    
    

    
  
Comment on attachment 8939568 [details] [diff] [review]
blob.patch

Approval Request Comment
[Feature/Bug causing the regression]: Blob
[User impact if declined]: OOM crash
[Is this code covered by automated tests?]: no
[Has the fix been verified in Nightly?]: no. Hard to reproduce.
[Needs manual test from QE? If yes, steps to reproduce]: no
[List of other uplifts needed for the feature/fix]: none
[Is the change risky?]: no
[Why is the change risky/not risky?]: No risk because here it's just about checking the return value of AppendUTF16toUTF8 and propagate it in case of a failure.
[String changes made/needed]: none
Flags: needinfo?(amarchesini)

        Attachment #8939568 -
        Flags: approval-mozilla-beta?

    
    

    
  
Pushed by amarchesini@mozilla.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/bc51fb4054fb
BlobSet must use nsCString instead of nsAutoCString, r=me

    
    

    
  
Comment on attachment 8939568 [details] [diff] [review]
blob.patch

Take this one because the crash starts from 58.0b12. Beta58+.

        Attachment #8939568 -
        Flags: approval-mozilla-beta? → approval-mozilla-beta+

    
    

    
  
Tried to Uplift this bug to Beta and I have encountered conflicts.

:baku could you please take a look?
Flags: needinfo?(amarchesini)

    
    

    
  

      
      
      
      

        Attached patch
          
          
        m-bSplinter Review
      

    


  
Flags: needinfo?(amarchesini)

    
  

        Attachment #8940675 -
        Attachment is patch: true
Component: DOM → DOM: Core & HTML

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: