Closed Bug 1594051 Opened 5 years ago Closed 5 years ago

Crash in [@ memcpy | ReadCachedScript]

Categories

(Toolkit :: Startup and Profile System, defect)

Product:
Toolkit
Component:
Startup and Profile System
Version:
71 Branch
Platform:
x86
Windows
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla72
Tracking Flags:
Tracking Status
firefox-esr68 --- unaffected
firefox70 --- unaffected
firefox71 --- fixed
firefox72 --- fixed

People

(Reporter: philipp, Assigned: alexical)

References

(Regression)

Details

(Keywords: crash, regression)

Crash Data

Attachments

(1 file)

Bug 1594051 - Perform fallible alloc when copying buffer from StartupCache r?froydnj
47 bytes, text/x-phabricator-request
pascalc
: approval-mozilla-beta+
Details | Review

This bug is for crash report bp-2b5aa3b1-520c-471a-9cdf-496950191105.

Top 10 frames of crashing thread:

0 vcruntime140.dll memcpy f:\dd\vctools\crt\vcruntime\src\string\i386\memcpy.asm:194
1 xul.dll ReadCachedScript js/xpconnect/loader/mozJSLoaderUtils.cpp:30
2 xul.dll nsresult mozJSComponentLoader::ObjectForLocation js/xpconnect/loader/mozJSComponentLoader.cpp:820
3 xul.dll mozJSComponentLoader::Import js/xpconnect/loader/mozJSComponentLoader.cpp:1340
4 xul.dll static bool mozilla::dom::module_getter::ModuleGetter dom/base/ChromeUtils.cpp:513
5 xul.dll js::InternalCallOrConstruct js/src/vm/Interpreter.cpp:550
6 xul.dll js::CallGetter js/src/vm/Interpreter.cpp:760
7 xul.dll js::NativeGetExistingProperty js/src/vm/NativeObject.cpp:2332
8 xul.dll bool js::FetchName<js::GetNameMode::Normal> js/src/vm/Interpreter-inl.h:202
9 xul.dll bool js::GetEnvironmentName<js::GetNameMode::Normal> js/src/vm/Interpreter-inl.h:253

this crash signature is showing up in fairly low volume in firefox 71 from 32bit windows system. the uptime section of crash reports indicates that the crashes are mostly occurring on startup and usually also under some memory pressure (low available page file).

Flags: needinfo?(dothayer)

This effectively used to be a fallible alloc inside nsZipArchive.

Flags: needinfo?(dothayer)
Pushed by dothayer@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/268bb05a7a9a Perform fallible alloc when copying buffer from StartupCache r=froydnj

https://hg.mozilla.org/mozilla-central/rev/268bb05a7a9a

Status: NEW → RESOLVED
Closed: 5 years ago
status-firefox72: affectedfixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla72
Assignee: nobody → dothayer

Doug, do you want to request an uplift to beta? Thanks

Flags: needinfo?(dothayer)

Comment on attachment 9107255 [details]
Bug 1594051 - Perform fallible alloc when copying buffer from StartupCache r?froydnj

Beta/Release Uplift Approval Request

  • User impact if declined: May crash a user's browser due to OOM during startup if that user is running on low memory. Unclear whether the browser would generally crash anyway (seems likely).
  • Is this code covered by automated tests?: No
  • Has the fix been verified in Nightly?: Yes
  • Needs manual test from QE?: No
  • If yes, steps to reproduce:
  • List of other uplifts needed: None
  • Risk to taking this patch: Low
  • Why is the change risky/not risky? (and alternatives if risky): It just changes an infallible allocation to a fallible allocation.
  • String changes made/needed: None.
Flags: needinfo?(dothayer)
Attachment #9107255 - Flags: approval-mozilla-beta?

Comment on attachment 9107255 [details]
Bug 1594051 - Perform fallible alloc when copying buffer from StartupCache r?froydnj

Crash fix, on nightly for 2 weeks without regression, uplift approved for 71 beta 12, thanks.

Attachment #9107255 - Flags: approval-mozilla-beta? → approval-mozilla-beta+
Has Regression Range: --- → yes
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: