Closed Bug 1685778 Opened 4 years ago Closed 4 years ago

Mozilla Firefox crashes in [@ style::bloom::StyleBloom<T>::push<T> ]

Categories

(Core :: CSS Parsing and Computation, defect)

Product:
Core
Component:
CSS Parsing and Computation
Version:
Firefox 86
Platform:
x86_64
Windows 7
Type:
defect

Tracking

()

Status:
VERIFIED INVALID

People

(Reporter: Virtual, Unassigned)

Details

(Keywords: crash, nightly-community)

Crash Data

Severity: -- → S3
Flags: needinfo?(emilio)

So chkimg claims that the binary is alright... David, this is a Windows crash, do you know how can I check for other signs of corruption? I don't know how we'd crash in that function... It might be that we have a dead element or something in the DOM (unlikely though), and the crash points to line 166 which is a closing brace, so not clear to me what code it corresponds to.

Flags: needinfo?(emilio) → needinfo?(dmajor)

The crash address doesn't seem like a UAF or other stuff like that which is odd. The filter itself is stored in TLS and never deleted... The stack also isn't very deep so it doesn't seem like it'd be a stack overflow of any sort.

The execution somehow jumped into the middle of an instruction. The code should have looked like:

000007fe`ea1b3585 0f8419020000    je      xul!style::bloom::StyleBloom<style::gecko::wrapper::GeckoElement>::push<style::gecko::wrapper::GeckoElement>+0x504 (000007fe`ea1b37a4)

But rip is on the latter 0000 there:

000007fe`ea1b3589 0000            add     byte ptr [rax],al ds:00000000`a42800b6=??

Since I don't see any deliberate jumps in this function to that address, it's looking like something went wrong at hardware level.

Flags: needinfo?(dmajor)

Ok, not all that much we can do here then unfortunately :(

Status: NEW → RESOLVED
Closed: 4 years ago
Resolution: --- → INVALID

(In reply to :dmajor from comment #3)

[...] it's looking like something went wrong at hardware level.

Thank you very much for deep analyzing. Looks like it could be the cause, as 1 per 2 months I have some odd issues with my old PC, like freeze or BSoD.

Status: RESOLVED → VERIFIED
status-firefox84: affected → ---
status-firefox85: affected → ---
status-firefox86: affected → ---
status-firefox-esr78: affected → ---
You need to log in before you can comment on or make changes to this bug.