Closed
Bug 741090
Opened 12 years ago
Closed 6 years ago
OOM crash in nsGenericDOMDataNode::SetTextInternal
Categories
(Core :: DOM: Core & HTML, defect)
Tracking
()
RESOLVED
WONTFIX
People
(Reporter: over68, Unassigned)
Details
(Keywords: crash, reproducible)
Crash Data
Mozilla/5.0 (Windows NT 6.1; rv:14.0) Gecko/20120331 Firefox/14.0a1 Crash report: http://crash-stats.mozilla.com/report/index/bp-540b23c2-e1ba-4b91-a286-cfcbd2120331
Comment 1•12 years ago
|
||
What are your steps to reproduce? Did it happen in the previous build, 14.0a1/20120330?
Crash Signature: [@ mozalloc_abort(char const* const) | mozalloc_handle_oom(unsigned int) | moz_xrealloc | nsGenericDOMDataNode::SetTextInternal(unsigned int, unsigned int, wchar_t const*, unsigned int, bool, CharacterDataChangeInfo::Details*)]
Component: General → DOM
Keywords: crash
QA Contact: general → general
Steps to reproduce: 1. Download this file https://rapidshare.com/files/869381982/path.zip 2. Open the file path.log by the browser.
(In reply to Scoobidiver from comment #1) > Did it happen in the previous build, 14.0a1/20120330? Yes
Comment 4•12 years ago
|
||
I don't crash with 4GB of RAM.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Keywords: regressionwindow-wanted,
reproducible
Summary: Crash in @ mozalloc_abort(char const* const) | mozalloc_handle_oom(unsigned int) | moz_xrealloc | nsGenericDOMDataNode::SetTextInternal(unsigned int, unsigned int, wchar_t const*, unsigned int, bool, CharacterDataChangeInfo::Details*) → OOM crash in nsGenericDOMDataNode::SetTextInternal
Version: 14 Branch → Trunk
(In reply to Scoobidiver from comment #4) > I don't crash with 4GB of RAM. Try this page http://kaubonschen.com/100000000/log/path.log Crash report: http://crash-stats.mozilla.com/report/index/bp-06203059-b2cb-4f28-b41f-9b4f32120331
Comment 6•12 years ago
|
||
(In reply to TB from comment #5) > Try this page http://kaubonschen.com/100000000/log/path.log I don't crash. With your STR in comment 2, does it happen in Safe Mode (see http://support.mozilla.org/kb/Safe%20Mode)? with a new profile (see http://support.mozilla.org/kb/Managing-profiles)?
Comment 7•12 years ago
|
||
The signature is an out-of-memory crash, so whether you hit it will depend on lots of things (like what else you have loaded and what else your computer is doing), no?
(In reply to Boris Zbarsky (:bz) from comment #7) > The signature is an out-of-memory crash, so whether you hit it will depend > on lots of things (like what else you have loaded and what else your > computer is doing), no? No, This crash occurs before the out-of-memory. See, just paste the link, the browser crashes Note the "Memory usage" http://s449.photobucket.com/albums/qq217/movh/?action=view¤t=faefab73.mp4 Crash in another case http://s449.photobucket.com/albums/qq217/movh/?action=view¤t=5f94f8ce.mp4 This crash does not happen in Chrome http://s449.photobucket.com/albums/qq217/movh/?action=view¤t=af50f78d.mp4 Actual result: Actually does not happen out-of-memory, this bug in the code.
Reporter | ||
Comment 10•12 years ago
|
||
(In reply to Scoobidiver from comment #6) > With your STR in comment 2, does it happen in Safe Mode (see > http://support.mozilla.org/kb/Safe%20Mode)? with a new profile (see > http://support.mozilla.org/kb/Managing-profiles)? Crash still occurs.
Reporter | ||
Comment 11•12 years ago
|
||
Scoobidiver, Try the STR in comment 2 After the page loads click on the button "Reload page" Example http://s449.photobucket.com/albums/qq217/movh/?action=view¤t=f8053406.mp4 Repeat this several times.
Comment 12•12 years ago
|
||
> No, This crash occurs before the out-of-memory. The crash signature is showing that we're explicitly calling the out-of-memory handler, so it's out of memory... Just look at the stacks from comment 9: 0 mozalloc.dll mozalloc_abort memory/mozalloc/mozalloc_abort.cpp:79 1 mozalloc.dll mozalloc_handle_oom memory/mozalloc/mozalloc_oom.cpp:60 2 mozalloc.dll moz_xmalloc memory/mozalloc/mozalloc.cpp:105 3 xul.dll nsMemory::Clone obj-firefox/xpcom/build/nsMemory.cpp:61 4 xul.dll nsTextFragment::SetTo That's an out of memory cloning some text. > Note the "Memory usage" This doesn't update instantaneously. It's pretty easy to run out of memory between updates. Also note that "memory" for purposes of running out of it almost certainly means "address space", which may not be what your widget there is measuring... > This crash does not happen in Chrome Which also seems to use less memory in this case. What would be interesting is looking into why we're using so much memory here....
Comment 13•12 years ago
|
||
> What would be interesting is looking into why we're using so much memory here.... There's bug 689769, in general.
Comment 14•12 years ago
|
||
FWIW, I don't receive a Crash against a recent 32-Bit Nightly on Win 7 x64 with 4GB RAM either. I created a Cleopatra Profile for loading the URL mentioned in Comment 5: http://people.mozilla.com/~bgirard/cleopatra/?report=AMIfv95Nwlw7RiEe-irRjegRxcVwztliWmu-zfb1FiVWtEnkmy18CiGDPn3g9G1yw-oIzzcphfwfzX0wk99M6bZyUMFPT9a-bbG1p0MeVMJrRG_vbNfQXOUcJKGFqaoFeutfbdzrblKL8QB-QqLBjCqiuCOU7k6ESw Spending Time in Harfbuzz and GFX Text Parsing if I read correctly. Can the Reg.Range-Wanted KW be removed?
Updated•12 years ago
|
Keywords: regressionwindow-wanted
Updated•9 years ago
|
Crash Signature: [@ mozalloc_abort(char const* const) | mozalloc_handle_oom(unsigned int) | moz_xrealloc | nsGenericDOMDataNode::SetTextInternal(unsigned int, unsigned int, wchar_t const*, unsigned int, bool, CharacterDataChangeInfo::Details*)] → [@ mozalloc_abort(char const* const) | mozalloc_handle_oom(unsigned int) | moz_xrealloc | nsGenericDOMDataNode::SetTextInternal(unsigned int, unsigned int, wchar_t const*, unsigned int, bool, CharacterDataChangeInfo::Details*)]
[@ mozalloc_abort | mozall…
Comment 15•6 years ago
|
||
Closing because no crash reported since 12 weeks.
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → WONTFIX
Comment 16•6 years ago
|
||
Closing because no crash reported since 12 weeks.
Assignee | ||
Updated•5 years ago
|
Component: DOM → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•