Closed Bug 1433551 Opened 2 years ago Closed 2 years ago

Crash in OOM | large | mozalloc_abort | mozalloc_handle_oom | moz_xmalloc | mozilla::MakeUnique<T> | mozilla::a11y::Compatibility::OnUIAMessage

Categories

(Core :: Disability Access APIs, defect, critical)

59 Branch
All
Windows
defect
Not set
critical

Tracking

()

RESOLVED FIXED
mozilla60
Tracking Status
firefox-esr52 --- unaffected
firefox58 --- unaffected
firefox59 --- fixed
firefox60 --- fixed

People

(Reporter: philipp, Assigned: aklotz)

References

Details

(Keywords: crash, regression)

Crash Data

Attachments

(1 file)

This bug was filed from the Socorro interface and is
report bp-9544430a-1203-4edc-b6df-6d8be0180126.
=============================================================

Top 10 frames of crashing thread:

0 mozglue.dll mozalloc_abort memory/mozalloc/mozalloc_abort.cpp:33
1 mozglue.dll mozalloc_handle_oom memory/mozalloc/mozalloc_oom.cpp:54
2 mozglue.dll moz_xmalloc memory/mozalloc/mozalloc.cpp:72
3 xul.dll mozilla::MakeUnique<unsigned char [0]> mfbt/UniquePtr.h:688
4 xul.dll mozilla::a11y::Compatibility::OnUIAMessage accessible/windows/msaa/CompatibilityUIA.cpp:190
5 xul.dll CallWindowProcCrashProtected xpcom/base/nsCrashOnException.cpp:32
6 xul.dll nsWindow::WindowProc widget/windows/nsWindow.cpp:4969
7 msctf.dll CThreadInputMgr::PeekMessageW 
8 nss3.dll PR_MillisecondsToInterval nsprpub/pr/src/misc/prinrval.c:62
9 xul.dll nsThread::ProcessNextEvent xpcom/threads/nsThread.cpp:952

=============================================================

these out of memeory crashes with a particularly large allocation size are starting to show up in firefox 59.0b in a codepath from bug 1419886.
I don't know why we're seeing some of those reports on 64-bit (!)

But in the 32-bit case, these allocations are large enough that I think we should make them fallible.
These allocations are sometimes very large (I see one that's > 800MiB).

Let's use fallible allocation in those cases.
Assignee: nobody → aklotz
Status: NEW → ASSIGNED
Attachment #8945895 - Flags: review?(dbolter)
Comment on attachment 8945895 [details] [diff] [review]
Use fallible allocation for handleInfoBuf in UIA detection

Troubling that so much memory usage happens, but since it does I think this patch is a good change.
Attachment #8945895 - Flags: review?(dbolter) → review+
https://hg.mozilla.org/integration/mozilla-inbound/rev/ad05b79ebbe5cabb4d7ca0198b02987fe7de44d1
Bug 1433551: Use fallible allocation for handleInfoBuf inside UIA detection; r=davidb
https://hg.mozilla.org/mozilla-central/rev/ad05b79ebbe5
Status: ASSIGNED → RESOLVED
Closed: 2 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla60
Comment on attachment 8945895 [details] [diff] [review]
Use fallible allocation for handleInfoBuf in UIA detection

Approval Request Comment
[Feature/Bug causing the regression]: Bug 1419886
[User impact if declined]: Crashes under specific conditions.
[Is this code covered by automated tests?]: No
[Has the fix been verified in Nightly?]: Yes
[Needs manual test from QE? If yes, steps to reproduce]: No
[List of other uplifts needed for the feature/fix]: None
[Is the change risky?]: No
[Why is the change risky/not risky?]: Simple patch - make one memory allocation fallible.
[String changes made/needed]: None.
Attachment #8945895 - Flags: approval-mozilla-beta?
Comment on attachment 8945895 [details] [diff] [review]
Use fallible allocation for handleInfoBuf in UIA detection

Crash fix, let's uplift this for 59 beta 6.
Attachment #8945895 - Flags: approval-mozilla-beta? → approval-mozilla-beta+
You need to log in before you can comment on or make changes to this bug.