Closed Bug 738943 Opened 13 years ago Closed 6 years ago

OOM crash in XPCConvert::NativeData2JS using UTF8ToNewUnicode

Categories

(Core :: XPCOM, defect)

Product:
Core
Component:
XPCOM
Version:
14 Branch
Platform:
ARM
Android
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED WONTFIX

People

(Reporter: scoobidiver, Unassigned)

References

Details

(Keywords: crash, Whiteboard: [native-crash][mobile-crash])

Crash Data

Signature TouchBadMemory | mozalloc_abort | moz_xmalloc | NS_Alloc_P More Reports Search UUID b71710a8-3671-4a1f-873e-b56702120323 Date Processed 2012-03-23 10:06:02 Uptime 6 Last Crash 14 seconds before submission Install Age 32 seconds since version was first installed. Install Time 2012-03-23 10:05:02 Product FennecAndroid Version 14.0a1 Build ID 20120322031220 Release Channel nightly OS Linux OS Version 0.0.0 Linux 2.6.35.7-gd1b7276 #1 SMP PREEMPT Thu Dec 15 03:57:45 CST 2011 armv7l Build Architecture arm Build Architecture Info Crash Reason SIGSEGV Crash Address 0x0 App Notes EGL? EGL+ AdapterVendorID: mapphone_umts, AdapterDeviceID: ME865. AdapterDescription: 'Android, Model: 'ME865', Product: 'EdisonHKTW', Manufacturer: 'motorola', Hardware: 'mapphone_umts''. GL Context? GL Context+ GL Layers? GL Layers- motorola ME865 MOTO/EdisonHKTW/edison:2.3.6/5.5.1-1_GC-90_EDISON-11/33:user/release-keys EMCheckCompatibility True OOMAllocationSize 110 Frame Module Signature [Expand] Source 0 libmozalloc.so TouchBadMemory memory/mozalloc/mozalloc_abort.cpp:68 1 libmozalloc.so mozalloc_abort memory/mozalloc/mozalloc_abort.cpp:89 2 libmozalloc.so moz_xmalloc memory/mozalloc/mozalloc.cpp:105 3 libxul.so NS_Alloc_P xpcom/base/nsMemoryImpl.cpp:195 4 libxul.so UTF8ToNewUnicode nsMemory.h:68 5 libxul.so XPCConvert::NativeData2JS js/xpconnect/src/XPCConvert.cpp:289 6 libxul.so XPCWrappedNative::CallMethod js/xpconnect/src/xpcprivate.h:3275 7 libxul.so XPC_WN_GetterSetter js/xpconnect/src/xpcprivate.h:2672 8 libxul.so js::InvokeGetterOrSetter js/src/jscntxtinlines.h:314 9 libxul.so js::GetPropertyHelper js/src/jsscopeinlines.h:287 10 libxul.so js::Interpret js/src/jsinterpinlines.h:268 11 libxul.so js::RunScript js/src/jsinterp.cpp:469 12 libxul.so js::Invoke js/src/jsinterp.cpp:528 13 libxul.so JS_CallFunctionValue js/src/jsapi.cpp:5385 14 libxul.so nsXPCWrappedJSClass::CallMethod js/xpconnect/src/XPCWrappedJSClass.cpp:1518 15 libxul.so nsXPCWrappedJS::CallMethod js/xpconnect/src/XPCWrappedJS.cpp:617 16 libxul.so PrepareAndDispatch xpcom/reflect/xptcall/src/md/unix/xptcstubs_arm.cpp:138 ... More reports at: https://crash-stats.mozilla.com/report/list?signature=TouchBadMemory+|+mozalloc_abort+|+moz_xmalloc+|+NS_Alloc_P
We should probably add a fallible version of UTF8ToNewUnicode
What exactly made UTF8ToUnicode infallible and why? All sorts of untrusted data can go through that.....
Component: XPConnect → XPCOM
QA Contact: xpconnect → xpcom
NS_Alloc was made infallible some time back. I didn't participate in that discussion.
We can certainly make a fallible version of UTF8ToNewUnicode, but this is supposedly an allocation of 110 bytes. If an allocation of that size is failing, we'd be aborting pretty soon anyway with "new".
Summary: crash in XPCConvert::NativeData2JS @ TouchBadMemory → OOM crash in XPCConvert::NativeData2JS using UTF8ToNewUnicode
Closing because no crash reported since 12 weeks.
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → WONTFIX
Closing because no crash reported since 12 weeks.
You need to log in before you can comment on or make changes to this bug.