Closed
Bug 705630
Opened 14 years ago
Closed 7 years ago
OOM crash in nsTextFragment::Append
Categories
(Core :: DOM: Core & HTML, defect)
Tracking
()
RESOLVED
WONTFIX
People
(Reporter: scoobidiver, Unassigned)
References
Details
(Keywords: crash, regression)
Crash Data
It's a new crash signature that first appeared in 11.0a1/20111124.
It's #61 top crasher in 11.0a1/20111127.
One comment says: "crashed after selecting text".
Signature mozalloc_abort(char const* const) | mozalloc_handle_oom() | nsTextFragment::Append(wchar_t const*, unsigned int, bool)
UUID d9720207-bc3a-4621-b99e-4a23f2111128
Date Processed 2011-11-28 00:49:09.770403
Uptime 39
Last Crash 46 seconds before submission
Install Age 1.9 hours since version was first installed.
Install Time 2011-11-28 06:56:03
Product Firefox
Version 11.0a1
Build ID 20111127031032
Release Channel nightly
OS Windows NT
OS Version 6.1.7601 Service Pack 1
Build Architecture x86
Build Architecture Info GenuineIntel family 15 model 6 stepping 5
Crash Reason EXCEPTION_BREAKPOINT
Crash Address 0x683d193d
App Notes AdapterVendorID: 8086, AdapterDeviceID: 2972, AdapterSubsysID: 101517aa, AdapterDriverVersion: 8.15.10.1930
D3D10 Layers? D3D10 Layers-
D3D9 Layers? D3D9 Layers-
EMCheckCompatibility False
Frame Module Signature [Expand] Source
0 mozalloc.dll mozalloc_abort memory/mozalloc/mozalloc_abort.cpp:77
1 mozalloc.dll mozalloc_handle_oom memory/mozalloc/mozalloc_oom.cpp:54
2 xul.dll nsTextFragment::Append
3 xul.dll nsGenericDOMDataNode::SetTextInternal content/base/src/nsGenericDOMDataNode.cpp:335
4 xul.dll nsGenericDOMDataNode::AppendText content/base/src/nsGenericDOMDataNode.cpp:870
5 xul.dll nsHtml5TreeOperation::AppendTextToTextNode
6 xul.dll nsHtml5TreeOperation::AppendText parser/html/nsHtml5TreeOperation.cpp:192
7 xul.dll nsHtml5TreeOperation::Perform parser/html/nsHtml5TreeOperation.cpp:504
8 xul.dll nsHtml5TreeOpExecutor::RunFlushLoop parser/html/nsHtml5TreeOpExecutor.cpp:529
9 xul.dll nsHtml5ExecutorReflusher::Run parser/html/nsHtml5TreeOpExecutor.cpp:94
10 xul.dll nsThread::ProcessNextEvent xpcom/threads/nsThread.cpp:625
11 nspr4.dll PR_Unlock nsprpub/pr/src/threads/combined/prulock.c:347
12 xul.dll MessageLoop::RunHandler ipc/chromium/src/base/message_loop.cc:201
13 xul.dll _SEH_epilog4
14 xul.dll MessageLoop::Run ipc/chromium/src/base/message_loop.cc:175
15 xul.dll nsImageBoxFrame::OnStopDecode layout/xul/base/src/nsImageBoxFrame.cpp:608
16 xul.dll nsBaseAppShell::Run widget/src/xpwidgets/nsBaseAppShell.cpp:189
17 @0x160e42f
More reports at:
https://crash-stats.mozilla.com/report/list?signature=mozalloc_abort%28char%20const*%20const%29%20|%20mozalloc_handle_oom%28%29%20|%20nsTextFragment%3A%3AAppend%28wchar_t%20const*%2C%20unsigned%20int%2C%20bool%29
|
||
Comment 1•14 years ago
|
||
This looks like a normal OOM crash that should be expected in the infallible malloc world.
|
Reporter | |
Comment 2•14 years ago
|
||
(In reply to Henri Sivonen (:hsivonen) from comment #1)
> This looks like a normal OOM crash
If it was normal, it won't happen for the first time in 11.0a1/20111124.
|
|
||
Comment 3•14 years ago
|
||
The nsImageBoxFrame::OnStopDecode part of the stack looks bogus, but the rest of the stack looks believable.
|
|
||
Comment 4•14 years ago
|
||
(In reply to Scoobidiver from comment #2)
> If it was normal, it won't happen for the first time in 11.0a1/20111124.
What's the first changeset that this happened with? The links in comment 0 don't lead me to a 20111124 build.
|
|
Reporter | |
Comment 5•14 years ago
|
||
(In reply to Henri Sivonen (:hsivonen) from comment #4)
> What's the first changeset that this happened with?
With few crashes per build, it's hard to be sure about the regression range, but it might be:
http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=3c8147998124&tochange=de483d897af4
|
|
||
Comment 6•14 years ago
|
||
(In reply to Scoobidiver from comment #5)
> (In reply to Henri Sivonen (:hsivonen) from comment #4)
> > What's the first changeset that this happened with?
> With few crashes per build, it's hard to be sure about the regression range,
> but it might be:
> http://hg.mozilla.org/mozilla-central/
> pushloghtml?fromchange=3c8147998124&tochange=de483d897af4
Thanks.
It looks like this is fallout from bug 680556.
|
|
Reporter | |
Updated•13 years ago
|
Crash Signature: [@ mozalloc_abort(char const* const) | mozalloc_handle_oom() | nsTextFragment::Append(wchar_t const*, unsigned int, bool) ] → [@ mozalloc_abort(char const* const) | mozalloc_handle_oom() | nsTextFragment::Append(wchar_t const*, unsigned int, bool) ]
[@ mozalloc_abort(char const* const) | mozalloc_handle_oom(unsigned int) | moz_xrealloc | nsTextFragment::Append(wchar_t const* un…
Version: Trunk → 13 Branch
|
||
Updated•10 years ago
|
Crash Signature: , unsigned int, bool) ] → , unsigned int, bool) ]
[@ mozalloc_abort | mozalloc_handle_oom | nsTextFragment::Append ]
[@ mozalloc_abort | mozalloc_handle_oom | moz_xrealloc | nsTextFragment::Append ]
|
||
Comment 8•7 years ago
|
||
Closing because no crash reported since 12 weeks.
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → WONTFIX
|
|
||
Comment 9•7 years ago
|
||
Closing because no crash reported since 12 weeks.
|
Assignee | |
Updated•7 years ago
|
Component: DOM → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•