Open Bug 1882908 Opened 1 year ago Updated 1 year ago

Crash in [@ mozalloc_abort | mozilla::PeerConnectionImpl::GetStats]

Categories

(Core :: WebRTC: Signaling, defect, P4)

Product:
Core
Component:
WebRTC: Signaling
Platform:
Unspecified
Windows 10
Type:
defect

Tracking

()

People

(Reporter: bwc, Assigned: bwc)

References

Details

(Keywords: crash)

Crash Data

Crash report: https://crash-stats.mozilla.org/report/index/7256c0fa-2f41-4b21-99cd-377290240229

MOZ_CRASH Reason: out of memory: 0x0000000000000000 bytes requested

Top 10 frames of crashing thread:

0  mozglue.dll  MOZ_Crash  mfbt/Assertions.h:301
0  mozglue.dll  mozalloc_abort  memory/mozalloc/mozalloc_abort.cpp:26
1  mozglue.dll  mozalloc_handle_oom  memory/mozalloc/mozalloc_oom.cpp:51
2  xul.dll  mozilla::PeerConnectionImpl::GetStats  dom/media/webrtc/jsapi/PeerConnectionImpl.cpp:3710
3  xul.dll  mozilla::PeerConnectionCtx::EverySecondTelemetryCallback_m  dom/media/webrtc/jsapi/PeerConnectionCtx.cpp:393
4  xul.dll  nsTimerImpl::Fire::<lambda_14>::operator const  xpcom/threads/nsTimerImpl.cpp:681
4  xul.dll  mozilla::detail::VariantImplementation<unsigned char, 3, nsTimerImpl::FuncCallback, nsTimerImpl::ClosureCallback>::matchN  mfbt/Variant.h:309
4  xul.dll  mozilla::detail::VariantImplementation<unsigned char, 2, nsCOMPtr<nsIObserver>, nsTimerImpl::FuncCallback, nsTimerImpl::ClosureCallback>::matchN  mfbt/Variant.h:318
4  xul.dll  mozilla::detail::VariantImplementation<unsigned char, 1, nsCOMPtr<nsITimerCallback>, nsCOMPtr<nsIObserver>, nsTimerImpl::FuncCallback, nsTimerImpl::ClosureCallback>::matchN  mfbt/Variant.h:318
4  xul.dll  mozilla::detail::VariantImplementation<unsigned char, 0, nsTimerImpl::UnknownCallback, nsCOMPtr<nsITimerCallback>, nsCOMPtr<nsIObserver>, nsTimerImpl::FuncCallback, nsTimerImpl::ClosureCallback>::matchN  mfbt/Variant.h:318

Wow. Looks like in some rare cases we're OOMing on the size of the SDP history. Unless maybe we're getting a garbage size. I think we ought to pass a non-zero size to our call of mozalloc_handle_oom; it would be great if that value was actually accurate, but it would maybe be acceptable to pass the length of the array instead, so we get a number on crash-stats.

Crash Signature: [@ mozalloc_abort | mozilla::PeerConnectionImpl::GetStats] → [@ mozalloc_abort | mozilla::PeerConnectionImpl::GetStats] [@ mozilla::PeerConnectionImpl::GetStats ]
You need to log in before you can comment on or make changes to this bug.