Open
Bug 1719138
Opened 3 years ago
Updated 19 days ago
Crash in [@ OOM | large | NS_ABORT_OOM | nsTArray_base<T>::EnsureCapacity<T> | mozilla::dom::Gamepad::Gamepad]
Categories
(Core :: DOM: Device Interfaces, defect, P3)
Tracking
()
REOPENED
People
(Reporter: gsvelto, Unassigned)
Details
(Keywords: crash)
Crash Data
Crash report: https://crash-stats.mozilla.org/report/index/8fd01adc-1911-4362-8b0c-af4270210619
MOZ_CRASH Reason: MOZ_CRASH(OOM)
Top 10 frames of crashing thread:
0 libxul.so NS_ABORT_OOM xpcom/base/nsDebugImpl.cpp:618
1 libxul.so nsTArrayInfallibleAllocator::ResultTypeProxy nsTArray_base<nsTArrayInfallibleAllocator, nsTArray_RelocateUsingMemutils>::EnsureCapacity<nsTArrayInfallibleAllocator> xpcom/ds/nsTArray-inl.h:167
2 libxul.so mozilla::dom::Gamepad::Gamepad dom/gamepad/Gamepad.cpp:52
3 libxul.so mozilla::dom::GamepadManager::AddGamepad dom/gamepad/GamepadManager.cpp:201
4 libxul.so mozilla::dom::GamepadManager::Update dom/gamepad/GamepadManager.cpp:458
5 libxul.so mozilla::dom:: dom/gamepad/ipc/GamepadEventChannelChild.cpp:21
6 libxul.so mozilla::TaskController::DoExecuteNextTaskOnlyMainThreadInternal xpcom/threads/TaskController.cpp:805
7 libxul.so nsThread::ProcessNextEvent xpcom/threads/nsThread.cpp:1152
8 libxul.so nsThread::Shutdown xpcom/threads/nsThread.cpp:844
9 libxul.so mozilla::MediaTrackGraphShutdownThreadRunnable::Run dom/media/GraphDriver.cpp:85
This is an OOM that appears to stem from an overflow value used to allocate an array. Specifically the crash seems to be triggered by this line.
The allocation sizes we recorded appear to be either 0xFFFFFF9F or 0xFFFFFFDC times 8. That suggests that aNumButtons had overflowed or contained a very large value.
Severity: -- → S2
|
||
Comment 1•3 years ago
|
||
Changing severity to S3 because of low crash volume.
Severity: S2 → S3
Priority: -- → P3
|
||
Comment 2•1 year ago
|
||
Closing because no crashes reported for 12 weeks.
Status: NEW → RESOLVED
Closed: 1 year ago
Resolution: --- → WORKSFORME
|
Reporter | |
Comment 3•1 year ago
|
||
This is a signature change.
Status: RESOLVED → REOPENED
Crash Signature: [@ OOM | large | NS_ABORT_OOM | nsTArray_base<T>::EnsureCapacity<T> | mozilla::dom::Gamepad::Gamepad] → [@ OOM | large | NS_ABORT_OOM | nsTArray_base<T>::EnsureCapacity<T> | mozilla::dom::Gamepad::Gamepad]
[@ OOM | large | NS_ABORT_OOM | nsTArray_base<T>::EnsureCapacity<T> | nsTArray_Impl<T>::SetCapacity<T> | nsTArray_Impl<T>::nsTArray_Impl | nsTArray<T>::…
Resolution: WORKSFORME → ---
|
||
Updated•19 days ago
|
Crash Signature: nsTArray<T>::nsTArray | mozilla::dom::Gamepad::Gamepad] → nsTArray<T>::nsTArray | mozilla::dom::Gamepad::Gamepad] [@ OOM | large | NS_ABORT_OOM | nsTArray_Impl<T>::SetCapacity<T> | nsTArray_Impl<T>::nsTArray_Impl | nsTArray<T>::nsTArray | mozilla::dom::Gamepad::Gamepad ]
You need to log in
before you can comment on or make changes to this bug.
Description
•