Closed Bug 1433551 Opened 7 years ago Closed 7 years ago

Crash in OOM | large | mozalloc_abort | mozalloc_handle_oom | moz_xmalloc | mozilla::MakeUnique<T> | mozilla::a11y::Compatibility::OnUIAMessage

Categories

(Core :: Disability Access APIs, defect)

Product:
Core
Component:
Disability Access APIs
Version:
59 Branch
Platform:
All
Windows
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla60
Tracking Flags:
Tracking Status
firefox-esr52 --- unaffected
firefox58 --- unaffected
firefox59 --- fixed
firefox60 --- fixed

People

(Reporter: philipp, Assigned: bugzilla)

References

Details

(Keywords: crash, regression)

Crash Data

Attachments

(1 file)

Use fallible allocation for handleInfoBuf in UIA detection
2.12 KB, patch
davidb
: review+
lizzard
: approval-mozilla-beta+
Details | Diff | Splinter Review
This bug was filed from the Socorro interface and is report bp-9544430a-1203-4edc-b6df-6d8be0180126. ============================================================= Top 10 frames of crashing thread: 0 mozglue.dll mozalloc_abort memory/mozalloc/mozalloc_abort.cpp:33 1 mozglue.dll mozalloc_handle_oom memory/mozalloc/mozalloc_oom.cpp:54 2 mozglue.dll moz_xmalloc memory/mozalloc/mozalloc.cpp:72 3 xul.dll mozilla::MakeUnique<unsigned char [0]> mfbt/UniquePtr.h:688 4 xul.dll mozilla::a11y::Compatibility::OnUIAMessage accessible/windows/msaa/CompatibilityUIA.cpp:190 5 xul.dll CallWindowProcCrashProtected xpcom/base/nsCrashOnException.cpp:32 6 xul.dll nsWindow::WindowProc widget/windows/nsWindow.cpp:4969 7 msctf.dll CThreadInputMgr::PeekMessageW 8 nss3.dll PR_MillisecondsToInterval nsprpub/pr/src/misc/prinrval.c:62 9 xul.dll nsThread::ProcessNextEvent xpcom/threads/nsThread.cpp:952 ============================================================= these out of memeory crashes with a particularly large allocation size are starting to show up in firefox 59.0b in a codepath from bug 1419886.
I don't know why we're seeing some of those reports on 64-bit (!) But in the 32-bit case, these allocations are large enough that I think we should make them fallible.
These allocations are sometimes very large (I see one that's > 800MiB). Let's use fallible allocation in those cases.
Assignee: nobody → aklotz
Status: NEW → ASSIGNED
Attachment #8945895 - Flags: review?(dbolter)
Comment on attachment 8945895 [details] [diff] [review] Use fallible allocation for handleInfoBuf in UIA detection Troubling that so much memory usage happens, but since it does I think this patch is a good change.
Attachment #8945895 - Flags: review?(dbolter) → review+
https://hg.mozilla.org/mozilla-central/rev/ad05b79ebbe5
Status: ASSIGNED → RESOLVED
Closed: 7 years ago
status-firefox60: affectedfixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla60
Comment on attachment 8945895 [details] [diff] [review] Use fallible allocation for handleInfoBuf in UIA detection Approval Request Comment [Feature/Bug causing the regression]: Bug 1419886 [User impact if declined]: Crashes under specific conditions. [Is this code covered by automated tests?]: No [Has the fix been verified in Nightly?]: Yes [Needs manual test from QE? If yes, steps to reproduce]: No [List of other uplifts needed for the feature/fix]: None [Is the change risky?]: No [Why is the change risky/not risky?]: Simple patch - make one memory allocation fallible. [String changes made/needed]: None.
Attachment #8945895 - Flags: approval-mozilla-beta?
Comment on attachment 8945895 [details] [diff] [review] Use fallible allocation for handleInfoBuf in UIA detection Crash fix, let's uplift this for 59 beta 6.
Attachment #8945895 - Flags: approval-mozilla-beta? → approval-mozilla-beta+
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: