1507587 - AddressSanitizer: attempting to call malloc_usable_size() for pointer which is not owned: 0x11a796a0aa38 via [@ mozilla::dom::ContentBlockingLog::AddSizeOfExcludingThis]

Status: RESOLVED DUPLICATE of bug 1508527

(Core :: DOM: Core & HTML, defect)

Description

[Christian Holler (:decoder)]

The attached crash information was submitted via the ASan Nightly Reporter on mozilla-central-asan-nightly revision 65.0a1-20181112220107-https://hg.mozilla.org/mozilla-central/rev/05331fb8f5338974b913217bc67815df25a32e86.

For detailed crash information, see attachment.

Comment 1

[Christian Holler (:decoder)]

Attachment: Detailed Crash Information

Comment 2

[Christian Holler (:decoder)]

Randell, this was submitted by your ASan Nightly instance at Thu, 15 Nov 2018 14:53:25 +0000. Any idea what was going on? This looks like a corrupted pointer of some sort.

Comment 3

[Andrew McCreight [:mccr8]]

Ehsan, any ideas? It looked like you worked on this memory reporter recently. I think the most common cause of this is passing stack allocated memory to the mallocSizeOf method.

Comment 4

[Randell Jesup [:jesup] (needinfo me)]

Nothing specific, though it had been under memory pressure earlier (and I may have doing about:memory on it - I had previously done Minimize twice with no problem.)  It was a content process that had been using ~6GB/4.5 resident (thanks, WashingtonPost.com) before I killed that tab at fault.  Resident memory had dropped to ~1.5G; total was still 5G (last time I looked before it crashed; it may have gone lower over time).

mccr8's idea seems plausible

Comment 5

[(no longer active)]

I think my patch in bug 1508527 fixes this.  Another patch of mind ended up hitting this on CI today so I fixed the bug before seeing this ping.  :-)

Comment 6

[Liz Henry (:lizzard) (relman/hg->git project)]

Fixed in 65 in bug 1508527.