Closed Bug 536792 Opened 16 years ago Closed 16 years ago

trunk topcrash [@ memcpy | nsFastLoadFileReader::Read(char*, unsigned int, unsigned int*)]

Categories

(Core :: XPCOM, defect)

Product:
Core
Component:
XPCOM
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla1.9.3a1

People

(Reporter: dbaron, Assigned: taras.mozilla)

References

Details

(Keywords: crash, topcrash)

Crash Data

There are a decent number of crash reports on trunk at memcpy | nsFastLoadFileReader::Read(char*, unsigned int, unsigned int*) http://crash-stats.mozilla.com/report/list?range_value=4&range_unit=weeks&signature=memcpy%20|%20nsFastLoadFileReader%3A%3ARead%28char*%2C%20unsigned%20int%2C%20unsigned%20int*%29&version=Firefox%3A3.7a1pre They seem to have spiked around December 15-17, but they've been persistent at somewhat lower levels than that spike for a while. Some of the comments are interesting, e.g.: This and previous crashes may be do to the lack of the various extensions.* files in the profile having been deleted. Rather than just proceeding to recreate these files, Minefield has been crashing on the first try. Previously, the browser just handles this. crashed at startup
Depends on: 537158
Is this due to the removal of file mtime checking in the patch for bug 531886 ? /be
No, almost certainly not. It appears to be a case where we write the fastload file after reading it (e.g. for loading some new module) in which case the offset is valid but the mmap has been closed. Taras is on it.
Assignee: nobody → tglek
Is this bug getting the patch? The other bug's patch doesn't address the update logic. /be
(In reply to comment #3) > Is this bug getting the patch? The other bug's patch doesn't address the update > logic. > The crash backtrace looks like we may have a Close()ed fastload stream that someone is Read()ing from. The patch in 537158 guards against that. I'm not sure what lead to that situation. Before mmap change the file descriptor would just fail a read() instead of segfaulting.
this is also a topcrash for (what was) Thunderbird 3.1a1pre example bp-c458d9a9-c925-4c48-bb74-5c3c72091220
I haven't seen any more crashes since the landing of bug 537158. Is it ok to close this?
http://crash-stats.mozilla.com/report/list?product=Firefox&version=Firefox%3A3.7a1pre&query_search=signature&query_type=exact&query=memcpy%20|%20nsFastLoadFileReader%3A%3ARead%28char*%2C%20unsigned%20int%2C%20unsigned%20int*%29&date=&range_value=31&range_unit=days&do_query=1&signature=memcpy%20|%20nsFastLoadFileReader%3A%3ARead%28char*%2C%20unsigned%20int%2C%20unsigned%20int*%29 agrees that almost all of the crashes stopped after the 2009123100 build (see the "Table" tab). So yes, I think it's ok to close this. Doing so. (There was one newer crash, bp-c73e07f9-f6ad-4f35-8a73-348e82100106, but I don't think that needs to hold this bug open.)
Status: NEW → RESOLVED
Closed: 16 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla1.9.3a1
sounds OK from Thunderbird trunk perspective - no crashes since 20091219031754
(In reply to comment #7) > (There was one newer crash, bp-c73e07f9-f6ad-4f35-8a73-348e82100106, but I > don't think that needs to hold this bug open.) This one doesn't count, it's on the electrolysis branch which didn't contain my fix.
Crash Signature: [@ memcpy | nsFastLoadFileReader::Read(char*, unsigned int, unsigned int*)]
You need to log in before you can comment on or make changes to this bug.