Closed Bug 1694900 Opened 3 years ago Closed 2 years ago

Crash in [@ memcpy_repmovs | mozilla::ProfileBufferEntryWriter::WriteBytes]

Categories

(Core :: Gecko Profiler, defect, P3)

Product:
Core
Component:
Gecko Profiler
Platform:
Unspecified
Windows
Type:
defect

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: sg, Unassigned)

Details

(Keywords: crash)

Crash Data

Crash report: https://crash-stats.mozilla.org/report/index/5e966b6f-32eb-4d11-81df-813b80210223

Reason: EXCEPTION_ACCESS_VIOLATION_WRITE

Top 10 frames of crashing thread:

0 vcruntime140.dll memcpy_repmovs f:\dd\vctools\crt\vcruntime\src\string\amd64\memcpy.asm:115
1 xul.dll mozilla::ProfileBufferEntryWriter::WriteBytes mozglue/baseprofiler/public/ProfileBufferEntrySerialization.h:465
2 xul.dll mozilla::ProfileChunkedBuffer::ReserveAndPutRaw<`lambda at /builds/worker/workspace/obj-build/dist/include/mozilla/ProfileChunkedBuffer.h:672:9', `lambda at /builds/worker/workspace/obj-build/dist/include/mozilla/ProfileChunkedBuffer.h:677:9'> mozglue/baseprofiler/public/ProfileChunkedBuffer.h:1537
3 xul.dll mozilla::ProfileChunkedBuffer::ReserveAndPut<`lambda at /builds/worker/workspace/obj-build/dist/include/mozilla/ProfileChunkedBuffer.h:713:9', `lambda at /builds/worker/workspace/obj-build/dist/include/mozilla/ProfileChunkedBuffer.h:714:9'> mozglue/baseprofiler/public/ProfileChunkedBuffer.h:671
4 xul.dll static mozilla::base_profiler_markers_detail::MarkerTypeSerialization<mozilla::baseprofiler::markers::TextMarker>::Serialize<nsPrintfCString> mozglue/baseprofiler/public/BaseProfilerMarkersDetail.h:158
5 xul.dll mozilla::base_profiler_markers_detail::AddMarkerToBuffer<mozilla::baseprofiler::markers::TextMarker, nsPrintfCString> mozglue/baseprofiler/public/BaseProfilerMarkersDetail.h:295
6 xul.dll AddMarkerToBuffer<mozilla::baseprofiler::markers::TextMarker, nsPrintfCString> tools/profiler/public/ProfilerMarkers.h:75
7 xul.dll profiler_add_marker<mozilla::baseprofiler::markers::TextMarker, nsPrintfCString> tools/profiler/public/ProfilerMarkers.h:106
8 xul.dll nsDOMNavigationTiming::NotifyNonBlankPaintForRootContentDocument dom/base/nsDOMNavigationTiming.cpp:423
9 xul.dll nsPresContext::NotifyNonBlankPaint layout/base/nsPresContext.cpp:2417

Very low volume, but maybe still interesting?

Thank you for the bug and report.

Going through the code, I can't see (yet) how this can happen, I thought the different possible situations were properly covered.
Some things to try:

  • Examine existing tests and make sure they cover this code path, with different sets of numbers.
  • Add extra safety tests in ProfileBufferEntryWriter::WriteBytes and ProfileChunkedBuffer::ReserveAndPutRaw (e.g., don't even call memcpy if the size if 0, etc.)
  • Verify that buffers can't be freed while we're still writing in them, and other concurrency issues.
Severity: -- → S3
Priority: -- → P3

Closing because no crashes reported for 12 weeks.

Status: NEW → RESOLVED
Closed: 2 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.