Closed
Bug 517361
Opened 16 years ago
Closed 12 years ago
[@ realloc - js_realloc] js_ConcatStrings heap error related to oom
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
WORKSFORME
People
(Reporter: johnjbarton, Unassigned)
References
Details
(Keywords: crash)
Crash Data
Attachments
(1 file)
|
73.34 KB,
application/zip
|
Details |
I was crashing with no crash reporter. Firebug ended the day with:
extensions.firebug: fbs.onError (0) with this.showStackTrace=false and this.breakOnErrors=false kind=undefined msg=out of memory@file:///G:/firefox/eventlistener/eventlistenerservice10b-win32/firefox/components/nsSessionStore.js:2790.0
fbs.onError sees out of memory file:///G:/firefox/eventlistener/eventlistenerservice10b-win32/firefox/components/nsSessionStore.js:2790
I opened Visual Studio and I'll paste the stack from there next. But it is clear that the problem is in parsing the session restore.js that I attached.
|
Reporter | |
Comment 1•16 years ago
|
||
|
|
Reporter | |
Comment 2•16 years ago
|
||
73kb compressed, but 60Mb uncompressed. Maybe session restore ought to go on a diet ;-)
|
|
||
Comment 3•16 years ago
|
||
JSON parsing, right? Over to jseng.
Assignee: nobody → general
Component: General → JavaScript Engine
QA Contact: general → general
|
|
Reporter | |
Comment 4•16 years ago
|
||
The crash happens on the realloc call in jsstr.cpp, but we are out of memory so its probably not helpful to know the stack trace.
if (!left->isMutable()) {
/* We must copy if left does not own a buffer to realloc. */
s = (jschar *) cx->malloc((ln + rn + 1) * sizeof(jschar));
if (!s)
return NULL;
js_strncpy(s, ls, ln);
ldep = NULL;
} else {
/* We can realloc left's space and make it depend on our result. */
JS_ASSERT(left->isFlat());
s = (jschar *) cx->realloc(ls, (ln + rn + 1) * sizeof(jschar));
if (!s)
return NULL;
/* Take care: right could depend on left! */
lrdist = (size_t)(rs - ls);
if (lrdist < ln)
rs = s + lrdist;
left->mChars = ls = s;
ldep = left;
}
Component: JavaScript Engine → General
|
|
Reporter | |
Comment 5•16 years ago
|
||
ntdll.dll!_RtlReAllocateHeap@16()
ntdll.dll!_RtlDebugReAllocateHeap@16()
ntdll.dll!_RtlReAllocateHeap@16()
> msvcr80d.dll!_realloc_base(void *, unsigned int) Line 323 C
msvcr80d.dll!realloc_help(void *, unsigned int *, int, const char *, int, int) Line 723 C++
msvcr80d.dll!_realloc_dbg(void *, unsigned int, int, const char *, int) Line 959 C++
msvcr80d.dll!realloc(void *, unsigned int) Line 862 C++
js3250.dll!js_realloc(void *, unsigned int) Line 198 C++
js3250.dll!JSRuntime::realloc(void *, unsigned int) Line 743 C++
js3250.dll!JSContext::realloc(void *, unsigned int) Line 1142 C++
js3250.dll!js_ConcatStrings(JSContext *, JSString *, JSString *) Line 156 C++
js3250.dll!js_Interpret(JSContext *) Line 987 C++
js3250.dll!js_Invoke(JSContext *, unsigned int, int *, unsigned int) Line 1372 C++
xpc3250.dll!nsXPCWrappedJSClass::CallMethod(nsXPCWrappedJS *, unsigned short, const XPTMethodDescriptor *, nsXPTCMiniVariant *) Line 1671 C++
xpc3250.dll!nsXPCWrappedJS::CallMethod(unsigned short, const XPTMethodDescriptor *, nsXPTCMiniVariant *) Line 571 C++
xpcom_core.dll!PrepareAndDispatch(nsXPTCStubBase *, unsigned int, unsigned int *, unsigned int *) Line 114 C++
xpcom_core.dll!SharedStub() Line 142 C++
xpcom_core.dll!nsObserverList::NotifyObservers(nsISupports *, const char *, const unsigned short *) Line 129 C++
xpcom_core.dll!nsObserverList::NotifyObservers(nsISupports *, const char *, const unsigned short *) Line 129 C++
xpcom_core.dll!nsObserverService::NotifyObservers(nsISupports *, const char *, const unsigned short *) Line 185 C++
xul.dll!XRE_main(int, char * *, const nsXREAppData *) Line 3449 C++
firefox.exe!NS_internal_main(int, char * *) Line 156 C++
firefox.exe!wmain(int, unsigned short * *) Line 110 C++
firefox.exe!__tmainCRTStartup() Line 583 C
firefox.exe!wmainCRTStartup() Line 403 C
kernel32.dll!_BaseProcessStart@4()
|
|
Reporter | |
Comment 6•16 years ago
|
||
(In reply to comment #3)
> JSON parsing, right? Over to jseng.
Sure, but I'd also like sessionstore not to be piggy, even if the crash does not occur something silly is going on in the save.
|
|
||
Comment 7•16 years ago
|
||
Yeah, we might want a separate bug on that too. Want to file one?
Component: General → JavaScript Engine
|
||
Comment 8•16 years ago
|
||
This feels very similar to a bug that Wayne filed.
|
||
Comment 9•16 years ago
|
||
(In reply to comment #8)
> This feels very similar to a bug that Wayne filed.
that would be bug 511135, involving bug 467409 and thus bug 464350
Severity: normal → critical
Keywords: crash
Summary: [crash] out of memory because of session restore → [@ realloc - js_realloc] js_ConcatStrings heap error related to oom
|
||
Updated•14 years ago
|
Crash Signature: [@ realloc - js_realloc]
|
|
||
Comment 10•13 years ago
|
||
(In reply to John J. Barton from comment #6)
> (In reply to comment #3)
> > JSON parsing, right? Over to jseng.
>
> Sure, but I'd also like sessionstore not to be piggy, even if the crash does
> not occur something silly is going on in the save.
do we have such a bug?
or is/was such a bug superseded by bug 669034 ?
|
|
||
Comment 11•12 years ago
|
||
Feel free to reopen if problem reproduces.
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•