Closed Bug 720857 Opened 12 years ago Closed 8 years ago

crash nsDocumentEncoder::EncodeToString

Categories

(Core :: DOM: Core & HTML, defect)

Product:
Core
Component:
DOM: Core & HTML
Platform:
x86
Windows NT
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: wsmwk, Assigned: smaug)

References

(
URL
)

Details

(Keywords: crash, Whiteboard: [tbird crash][gs])

Crash Data

This bug was filed from the Socorro interface and is 
report bp-da31437c-7020-4b03-b22c-a92d62120124 .
============================================================= 
I have the reporter of this crash on hand. It evolved to startup crash.  bp-93830339-6f21-47b8-9e72-7ecd82120114 firefox is also reported as being startup

Crashing line last touched by smaug - but I'm not assigning blame :)

0 	xul.dll 	nsDocumentEncoder::EncodeToString 	content/base/src/nsDocumentEncoder.cpp:1086
1 	xul.dll 	nsPlaintextEditor::OutputToString 	editor/libeditor/text/nsPlaintextEditor.cpp:1402
2 	xul.dll 	nsTextEditorState::GetValue 	content/html/content/src/nsTextEditorState.cpp:1712
3 	xul.dll 	nsHTMLInputElement::GetTextEditorValue 	content/html/content/src/nsHTMLInputElement.cpp:4090
4 	xul.dll 	nsTextControlFrame::GetText 	layout/forms/nsTextControlFrame.cpp:1329
5 	xul.dll 	nsTextEditorState::SetValue 	content/html/content/src/nsTextEditorState.cpp:1762
6 	xul.dll 	nsHTMLInputElement::SetValueInternal 	content/html/content/src/nsHTMLInputElement.cpp:1358
7 	xul.dll 	nsHTMLInputElement::SetValue 	content/html/content/src/nsHTMLInputElement.cpp:1007
8 	xul.dll 	nsIDOMHTMLInputElement_SetValue 	objdir-tb/mozilla/js/src/xpconnect/src/dom_quickstubs.cpp:19610
9 	mozjs.dll 	js::Shape::set 	js/src/jsscopeinlines.h:312
10 	mozjs.dll 	js_SetPropertyHelper 	js/src/jsobj.cpp:6177
11 	mozjs.dll 	js::Interpret 	js/src/jsinterp.cpp:3820
12 	mozjs.dll 	js::analyze::ScriptAnalysis::integerOperation 	js/src/jsinfer.cpp:4334
13 	mozjs.dll 	js::RunScript 	js/src/jsinterp.cpp:614
URL: http://getsatisfaction.com/mozilla_me...
Whiteboard: [tbird crash] → [tbird crash][gs]
Looks like OOM which causes a null pointer crash.
Assignee: nobody → bugs
Hmm, or is malloc infallible. I never remember which allocation is and which isn't ..
I was verifying if bug 912574 was still valid, and the site still crashes, but I got the following crash report now https://crash-stats.mozilla.com/report/index/3c356949-d48b-4574-a6ea-4ca562131209
Is it the same bug?
Ah, thank you. That looks like this bug.
But I still don't understand how we get there except if we're running out of memory.
(In reply to Olli Pettay [:smaug] from comment #6)
> But I still don't understand how we get there except if we're running out of
> memory.

Yeah. users with this signature also get OOM | small. 

Some cases appear to have NOT have low memory (I saw one with 3GB memory available). Similar to bug 1057756.

Also, some may be related to overly large pop accounts/folders or otherwise bad folders. An example of the former is bp-6133d53f-fd57-4b14-ae6d-5ea252140919 http://forums.mozillazine.org/viewtopic.php?f=39&t=2874743& where the user has 27k messages in a pop Inbox.
See Also: → 1057756
Crash Signature: [@ nsDocumentEncoder::EncodeToString(nsAString_internal&)] → [@ nsDocumentEncoder::EncodeToString(nsAString_internal&)] [@ nsDocumentEncoder::EncodeToString]
no crashes newer than version 29.0.1. Perhaps it changed to something else

For completeness, I do find nsDocumentEncoder::EncodeToStringWithMaxLength going back to at least version 31 https://crash-stats.mozilla.com/signature/?date=%3E2015-10-01&date=%3C2015-11-01&signature=nsDocumentEncoder%3A%3AEncodeToStringWithMaxLength&_columns=date&_columns=product&_columns=version&_columns=build_id&_columns=platform&_columns=reason&_columns=address&page=1#reports
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.