"CGSResolveShmemReference : offset exceeds bounds" and random crashes after messing with "multiple" attribute on <select>

RESOLVED INVALID

Status

()

Core
Widget: Cocoa
--
critical
RESOLVED INVALID
12 years ago
12 years ago

People

(Reporter: Jesse Ruderman, Assigned: Josh Aas)

Tracking

({crash, testcase})

Trunk
x86
Mac OS X
crash, testcase
Points:
---
Bug Flags:
blocking1.9 ?

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

(Reporter)

Description

12 years ago
Created attachment 258056 [details]
testcase (crashes Firefox)

Steps to reproduce:
1. Load the testcase (preferably locally)
2. Let it reload itself a few times.

Result: "CGSResolveShmemReference : offset exceeds bounds" in the console, usually followed by a crash.  This usually happens within 5-10 reloads.
Flags: blocking1.9?
(Reporter)

Updated

12 years ago
Whiteboard: [sg:critical]
(Reporter)

Comment 1

12 years ago
Can't reproduce after restarting Mac OS X.
Summary: "CGSResolveShmemReference : offset exceeds bounds" and random crashes due to memory corruption after messing with "multiple" attribute on <select> → "CGSResolveShmemReference : offset exceeds bounds" and random crashes after messing with "multiple" attribute on <select>
Whiteboard: [sg:critical] → [sg:critical?]
(Reporter)

Comment 2

12 years ago
I'm not sure how Mac OS X got into that state, but I don't think it was entirely Firefox's fault that Firefox was crashing once Mac OS X was in that state.  TextWrangler was crashing on Find-Again wrap, Safari wasn't repainting properly, TextEdit and Console.app weren't displaying anything, etc.
Status: NEW → RESOLVED
Last Resolved: 12 years ago
Resolution: --- → INVALID
(Reporter)

Comment 3

12 years ago
Felt OOM-ish (well, "out of something", probably not memory).  The crashes seemed to be all over the place (nsGlobalWindow::RunTimeout, nsTObserverArray_base::AdjustIterators, _NXCreateWindow), but each signature appeared multiple times and they were all null derefs or assertion failures.

Btw, Dock crashed too.
Group: security
Whiteboard: [sg:critical?]
You need to log in before you can comment on or make changes to this bug.