Open
Bug 1493566
Opened 6 years ago
Updated 2 years ago
Crash in nsAtomTable::Atomize
Categories
(Core :: CSS Transitions and Animations, defect, P3)
Tracking
()
NEW
Tracking | Status | |
---|---|---|
firefox64 | --- | affected |
People
(Reporter: baffclan, Unassigned)
Details
(Keywords: crash)
Crash Data
This bug was filed from the Socorro interface and is
report bp-d0e1c50f-755b-43e5-9abc-f34750180924.
=============================================================
Top 10 frames of crashing thread:
0 xul.dll nsAtomTable::Atomize xpcom/ds/nsAtomTable.cpp:728
1 xul.dll Gecko_Atomize layout/style/ServoBindings.cpp:1118
2 xul.dll static union core::result::Result<core::option::Option<selectors::parser::SimpleSelectorParseResult<style::gecko::selector_parser::SelectorImpl>>, cssparser::parser::ParseError<style_traits::StyleParseErrorKind>> selectors::parser::parse_one_simple_selector<style::selector_parser::SelectorParser, style::gecko::selector_parser::SelectorImpl> servo/components/selectors/parser.rs:2009
3 xul.dll static union core::result::Result<selectors::parser::Selector<style::gecko::selector_parser::SelectorImpl>, cssparser::parser::ParseError<style_traits::StyleParseErrorKind>> selectors::parser::parse_selector<style::selector_parser::SelectorParser, style::gecko::selector_parser::SelectorImpl> servo/components/selectors/parser.rs:1343
4 xul.dll static union core::result::Result<selectors::parser::SelectorList<style::gecko::selector_parser::SelectorImpl>, cssparser::parser::ParseError<style_traits::StyleParseErrorKind>> selectors::parser::SelectorList<style::gecko::selector_parser::SelectorImpl>::parse<style::gecko::selector_parser::SelectorImpl, style::selector_parser::SelectorParser> servo/components/selectors/parser.rs:235
5 xul.dll static union core::result::Result<style::stylesheets::CssRule, cssparser::parser::ParseError<style_traits::StyleParseErrorKind>> cssparser::rules_and_declarations::parse_qualified_rule<style::stylesheets::rule_parser::TopLevelRuleParser, style_traits::StyleParseErrorKind> third_party/rust/cssparser/src/rules_and_declarations.rs:510
6 xul.dll static struct style::stylesheets::stylesheet::StylesheetContents style::stylesheets::stylesheet::StylesheetContents::from_str servo/components/style/stylesheets/stylesheet.rs:85
7 xul.dll static void geckoservo::stylesheet_loader::AsyncStylesheetParser::parse servo/ports/geckolib/stylesheet_loader.rs:113
8 xul.dll static void rayon_core::job::{{impl}}::execute<closure> third_party/rust/rayon-core/src/job.rs:156
9 xul.dll static void rayon_core::registry::WorkerThread::wait_until_cold<rayon_core::latch::CountLatch> third_party/rust/rayon-core/src/registry.rs:567
=============================================================
Application Basics:
Name: Firefox
Version: 64.0a1
Build ID: 20180923220427
Update Channel: nightly
User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:64.0) Gecko/20100101 Firefox/64.0
OS: Windows_NT 10.0
Comment 1•6 years ago
|
||
I can't imagine what Stylo is doing here, but it seems more likely to me that bad data is getting passed in somehow, rather than the atom table doing something wrong.
Component: XPCOM → CSS Transitions and Animations
Comment 2•6 years ago
|
||
Looks pretty low volume.
Cameron: Any initial thoughts on this?
Flags: needinfo?(cam)
Priority: -- → P3
Comment 3•6 years ago
|
||
I don't know but there are a number of different signatures mixed up here, with different (non-layout) callers to nsAtomTable::Atomize.
Flags: needinfo?(cam)
Updated•6 years ago
|
Crash Signature: [@ nsAtomTable::Atomize] → [@ nsAtomTable::Atomize] [@ selectors::parser::parse_one_simple_selector]
Updated•6 years ago
|
Crash Signature: [@ nsAtomTable::Atomize] [@ selectors::parser::parse_one_simple_selector] → [@ nsAtomTable::Atomize | selectors::parser::parse_one_simple_selector]
Comment 4•6 years ago
|
||
Marcia, what's the right syntax for the Crash Signature field to limit this to crashes in nsAtomTable::Atomize that are under the selectors::parser::parse_one_simple_selector call, like in https://crash-stats.mozilla.com/report/index/13167fed-9ce8-4aa9-984e-01ed90181016?
Flags: needinfo?(mozillamarcia.knous)
Comment 5•6 years ago
|
||
(In reply to Cameron McCormack (:heycam) from comment #4)
> Marcia, what's the right syntax for the Crash Signature field to limit this
> to crashes in nsAtomTable::Atomize that are under the
> selectors::parser::parse_one_simple_selector call, like in
> https://crash-stats.mozilla.com/report/index/13167fed-9ce8-4aa9-984e-
> 01ed90181016?
Cameron: You can use the proto signature in search to refine - I did a contains search for the proto signature selectors::parser::parse_one_simple_selector call in all versions of Firefox, using the signature nsAtomTable::Atomize: https://bit.ly/2pVrcmW
Flags: needinfo?(mozillamarcia.knous)
Comment 6•6 years ago
|
||
Thanks! I guess that means it's not possible to do that in the Crash Signature field in the bug here?
Crash Signature: [@ nsAtomTable::Atomize | selectors::parser::parse_one_simple_selector] → [@ nsAtomTable::Atomize ]
Comment 7•6 years ago
|
||
(In reply to Cameron McCormack (:heycam) from comment #6)
> Thanks! I guess that means it's not possible to do that in the Crash
> Signature field in the bug here?
No, unfortunately you have to do a separate query to ferret out the proto signature.
Comment 8•2 years ago
|
||
Since the crash volume is low (less than 5 per week), the severity is downgraded to S3
. Feel free to change it back if you think the bug is still critical.
For more information, please visit auto_nag documentation.
Severity: critical → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•