Closed
Bug 638750
Opened 15 years ago
Closed 7 years ago
OOM crash in nsDisplayList::HitTest
Categories
(Core :: Layout, defect)
Tracking
()
RESOLVED
WONTFIX
People
(Reporter: scoobidiver, Unassigned)
References
Details
(Keywords: crash, regression)
Crash Data
It is a new crash signature in the trunk.
It is #74 top crasher in 4.0b12.
Signature mozalloc_abort(char const* const) | mozalloc_handle_oom() | nsTArray_base<nsTArrayDefaultAllocator>::EnsureCapacity(unsigned int, unsigned int) | nsDisplayList::HitTest(nsDisplayListBuilder*, nsRect const&, nsDisplayItem::HitTestState*, nsTArray<nsIFra...
UUID 01c378f9-9bd1-40b0-aa11-b298a2110223
Time 2011-02-23 11:26:44.711864
Uptime 4070
Install Age 2796897 seconds (4.6 weeks) since version was first installed.
Product Firefox
Version 4.0b9
Build ID 20110110191547
Branch 2.0
OS Windows NT
OS Version 5.1.2600 Service Pack 3
CPU x86
CPU Info AuthenticAMD family 6 model 8 stepping 1
Crash Reason EXCEPTION_BREAKPOINT
Crash Address 0x3e1a39
App Notes AdapterVendorID: 1039, AdapterDeviceID: 6330
Frame Module Signature [Expand] Source
0 mozalloc.dll mozalloc_abort memory/mozalloc/mozalloc_abort.cpp:77
1 mozalloc.dll mozalloc_handle_oom memory/mozalloc/mozalloc_oom.cpp:54
2 xul.dll nsTArray_base<nsTArrayDefaultAllocator>::EnsureCapacity obj-firefox/dist/include/nsTArray-inl.h:106
3 xul.dll nsDisplayList::HitTest layout/base/nsDisplayList.cpp:574
4 @0x17
5 xul.dll nsDisplayList::HitTest layout/base/nsDisplayList.cpp:567
6 xul.dll nsDisplayList::HitTest layout/base/nsDisplayList.cpp:567
7 xul.dll nsCSSFrameConstructor::CreateNeededTablePseudos layout/base/nsCSSFrameConstructor.cpp:9362
8 xul.dll nsDisplayList::HitTest layout/base/nsDisplayList.cpp:567
9 @0x308cbff
10 mozsqlite3.dll sqlite3Update db/sqlite3/src/sqlite3.c:93009
More reports at:
https://crash-stats.mozilla.com/report/list?range_value=4&range_unit=weeks&signature=mozalloc_abort%28char%20const*%20const%29%20|%20mozalloc_handle_oom%28%29%20|%20nsTArray_base%3CnsTArrayDefaultAllocator%3E%3A%3AEnsureCapacity%28unsigned%20int%2C%20unsigned%20int%29%20|%20nsDisplayList%3A%3AHitTest%28nsDisplayListBuilder*%2C%20nsRect%20const%26%2C%20nsDisplayItem%3A%3AHitTestState*%2C%20nsTArray%3CnsIFra...
|
||
Comment 1•15 years ago
|
||
Looks like OOM allocating an array when hit-testing... but why would this be new?
|
|
Reporter | |
Comment 2•15 years ago
|
||
> but why would this be new?
It is new for the trunk, but it has happened for a long time. There are no mozalloc_ crash signatures in 3.6.13.
|
|
||
Comment 3•15 years ago
|
||
The mozalloc_ bit just means out of memory. The nsTArray bit just means we made nsTArray infallible some time back.
The thing that's really relevant for this signature is that it's OOM under nsDisplayList::HitTest...
That is somewhat unexpected. The first thing nsDisplayList::HitTest does is append every list item to the array, but the list should only contain items that intersect the event position, so that shouldn't be a lot of display items.
|
Assignee | |
Updated•14 years ago
|
Crash Signature: [@ mozalloc_abort(char const* const) | mozalloc_handle_oom() | nsTArray_base<nsTArrayDefaultAllocator>::EnsureCapacity(unsigned int, unsigned int) | nsDisplayList::HitTest(nsDisplayListBuilder*, nsRect const&, nsDisplayItem::HitTestState*, nsTA... ]
|
|
Reporter | |
Updated•14 years ago
|
Crash Signature: [@ mozalloc_abort(char const* const) | mozalloc_handle_oom() | nsTArray_base<nsTArrayDefaultAllocator>::EnsureCapacity(unsigned int, unsigned int) | nsDisplayList::HitTest(nsDisplayListBuilder*, nsRect const&, nsDisplayItem::HitTestState*, nsTA... ] → [@ mozalloc_abort(char const* const) | mozalloc_handle_oom() | nsTArray_base<nsTArrayDefaultAllocator>::EnsureCapacity(unsigned int, unsigned int) | nsDisplayList::HitTest(nsDisplayListBuilder*, nsRect const&, nsDisplayItem::HitTestState* nsTA... ]
[@ mo…
|
|
Reporter | |
Updated•14 years ago
|
Summary: Crash [@ mozalloc_abort(char const* const) | mozalloc_handle_oom() | nsTArray_base<nsTArrayDefaultAllocator>::EnsureCapacity(unsigned int, unsigned int) | nsDisplayList::HitTest(nsDisplayListBuilder*, nsRect const&, nsDisplayItem::HitTestState* nsTA... ] → OOM crash in nsDisplayList::HitTest
|
||
Updated•11 years ago
|
Crash Signature: , nsTArray<nsIFra... ] → , nsTArray<nsIFra... ]
[@ mozalloc_abort(char const* const) | mozalloc_handle_oom(unsigned int) | moz_xrealloc | nsTArray_base<nsTArrayInfallibleAllocator, nsTArray_CopyWithMemutils>::EnsureCapacity(unsigned int, unsigned int) | nsDisplayList::HitTest(ns…
|
||
Comment 6•7 years ago
|
||
Closing because no crash reported since 12 weeks.
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → WONTFIX
You need to log in
before you can comment on or make changes to this bug.
Description
•