Closed Bug 1503411 Opened 6 years ago Closed 6 years ago

Crash in ProfileBuffer::SetCapacityPow2 with crash reason being "MOZ_RELEASE_ASSERT(Length() <= aNewCapacity) (can't make the capacity smaller than the used size)"

Categories

(Core :: Gecko Profiler, defect)

Product:
Core
Component:
Gecko Profiler
Platform:
Unspecified
Linux
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla65
Tracking Flags:
Tracking Status
firefox-esr60 --- unaffected
firefox63 --- unaffected
firefox64 --- unaffected
firefox65 --- fixed

People

(Reporter: dholbert, Assigned: canova)

References

Details

(Keywords: crash)

Crash Data

I've hit this crash several times today after leaving the profiler running.  Looks like this is a fatal assertion which was added recently in bug 1476757.


The failing assertion (as reported in the crash report) is:
MOZ_RELEASE_ASSERT(Length() <= aNewCapacity) (can't make the capacity smaller than the used size)

I had "buffer size" dialed all the way up in the profiler UI, for what it's worth (to 900MB I think). I've turned it down now to hopefully stop crashing.


This bug was filed from the Socorro interface and is
report bp-a880c0b6-c2c5-4fab-bdaa-fc0530181030.
=============================================================

Top 5 frames of crashing thread:

0 libxul.so ProfileBuffer::SetCapacityPow2 tools/profiler/core/ProfileBuffer.cpp:63
1 libxul.so SamplerThread::Run tools/profiler/core/platform.cpp:2320
2 libxul.so ThreadEntry tools/profiler/core/platform-linux-android.cpp:396
3 libpthread-2.28.so libpthread-2.28.so@0x8163 
4 libc-2.28.so libc-2.28.so@0x11adee 

=============================================================
Here are my crashes from this today:
bp-a880c0b6-c2c5-4fab-bdaa-fc0530181030 	10/30/18, 2:53 PM 	
bp-26758aae-4576-4c02-8f8e-add2e0181030 	10/30/18, 2:46 PM 	
bp-ebaa0eca-19dc-4a8f-bf2c-6e0f20181030 	10/30/18, 11:35 AM
We just decided to not go forward with that approach and backed out the relevant patches. It should be gone when it lands to central.
Great! I saw the backout -- wasn't sure if it was going to re-land (potentially with this same crash) after other issues had been addressed.  Sounds like it won't, though.

I'll just call this FIXED-by-backout then.
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
Assignee: nobody → canaltinova
status-firefox63: --- → unaffected
status-firefox64: --- → unaffected
status-firefox65: affectedfixed
status-firefox-esr60: --- → unaffected
Target Milestone: --- → mozilla65
This assertion failure was caused by integer overflow in this calculation:
uint32_t minDesiredCapacity = usedSize * 100 / 90;

(efaust told me about this bug last Friday and was going to submit a patch, but since the original change has been backed out, he doesn't need to anymore.)
You need to log in before you can comment on or make changes to this bug.