Closed
Bug 797982
Opened 13 years ago
Closed 8 years ago
crash in StringBuilder::Unit::~Unit
Categories
(Core :: DOM: Core & HTML, defect)
Tracking
()
RESOLVED
FIXED
People
(Reporter: marcia, Assigned: smaug)
Details
(Keywords: crash)
Crash Data
Attachments
(1 file)
|
1.85 KB,
patch
|
hsivonen
:
review+
|
Details | Diff | Splinter Review |
This bug was filed from the Socorro interface and is
report bp-9773a88a-9ab9-47fc-b159-f0eb22121001 .
=============================================================
Seen while looking at the explosive report today. Reports: https://crash-stats.mozilla.com/report/list?signature=arena_dalloc_small%20|%20je_free%20|%20nsACString_internal%3A%3A%60scalar%20deleting%20destructor%27%27%28unsigned%20int%29
6 week Signature summary crashes in Beta 2, Beta 3 and Beta 5.
Frame Module Signature Source
0 mozglue.dll arena_dalloc_small memory/mozjemalloc/jemalloc.c:4510
1 mozglue.dll je_free memory/mozjemalloc/jemalloc.c:6565
2 xul.dll nsACString_internal::`scalar deleting destructor'
3 xul.dll StringBuilder::Unit::~Unit content/html/content/src/nsGenericHTMLElement.cpp:650
4 xul.dll StringBuilder::Unit::`scalar deleting destructor'
5 xul.dll nsTArrayElementTraits<StringBuilder::Unit>::Destruct obj-firefox/dist/include/nsTArray.h:348
6 xul.dll nsTArray<StringBuilder::Unit,nsTArrayDefaultAllocator>::DestructRange obj-firefox/dist/include/nsTArray.h:1213
7 xul.dll nsTArray<StringBuilder::Unit,nsTArrayDefaultAllocator>::RemoveElementsAt obj-firefox/dist/include/nsTArray.h:933
8 xul.dll nsTArray<StringBuilder::Unit,nsTArrayDefaultAllocator>::Clear obj-firefox/dist/include/nsTArray.h:944
9 xul.dll nsTArray<StringBuilder::Unit,nsTArrayDefaultAllocator>::~nsTArray<StringBuilder: obj-firefox/dist/include/nsTArray.h:430
10 xul.dll StringBuilder::~StringBuilder
11 xul.dll StringBuilder::`scalar deleting destructor'
12 xul.dll nsAutoPtr<StringBuilder>::~nsAutoPtr<StringBuilder> obj-firefox/dist/include/nsAutoPtr.h:71
13 xul.dll StringBuilder::~StringBuilder
14 xul.dll StringBuilder::`scalar deleting destructor'
15 xul.dll nsAutoPtr<StringBuilder>::~nsAutoPtr<StringBuilder> obj-firefox/dist/include/nsAutoPtr.h:71
16 xul.dll StringBuilder::~StringBuilder
17 xul.dll StringBuilder::`scalar deleting destructor'
18 xul.dll nsAutoPtr<StringBuilder>::~nsAutoPtr<StringBuilder> obj-firefox/dist/include/nsAutoPtr.h:71
19 xul.dll StringBuilder::~StringBuilder
20 xul.dll StringBuilder::`scalar deleting destructor'
21 xul.dll nsAutoPtr<StringBuilder>::~nsAutoPtr<StringBuilder> obj-firefox/dist/include/nsAutoPtr.h:71
22 xul.dll StringBuilder::~StringBuilder
23 xul.dll StringBuilder::`scalar deleting destructor'
24 xul.dll nsAutoPtr<StringBuilder>::~nsAutoPtr<StringBuilder> obj-firefox/dist/include/nsAutoPtr.h:71
25 xul.dll StringBuilder::~StringBuilder
26 xul.dll StringBuilder::`scalar deleting destructor'
27 xul.dll nsAutoPtr<StringBuilder>::~nsAutoPtr<StringBuilder> obj-firefox/dist/include/nsAutoPtr.h:71
28 xul.dll StringBuilder::~StringBuilder
29 xul.dll StringBuilder::`scalar deleting destructor'
30 xul.dll nsAutoPtr<StringBuilder>::~nsAutoPtr<StringBuilder> obj-firefox/dist/include/nsAutoPtr.h:71
31 xul.dll StringBuilder::~StringBuilder
32 xul.dll StringBuilder::`scalar deleting destructor'
33 xul.dll nsAutoPtr<StringBuilder>::~nsAutoPtr<StringBuilder> obj-firefox/dist/include/nsAutoPtr.h:71
34 xul.dll StringBuilder::~StringBuilder
35 xul.dll StringBuilder::`scalar deleting destructor'
36 xul.dll nsAutoPtr<StringBuilder>::~nsAutoPtr<StringBuilder> obj-firefox/dist/include/nsAutoPtr.h:71
37 xul.dll StringBuilder::~StringBuilder
38 xul.dll StringBuilder::`scalar deleting destructor'
39 xul.dll nsAutoPtr<StringBuilder>::~nsAutoPtr<StringBuilder> obj-firefox/dist/include/nsAutoPtr.h:71
40 xul.dll StringBuilder::~StringBuilder
41 xul.dll StringBuilder::`scalar deleting destructor'
42 xul.dll nsAutoPtr<StringBuilder>::~nsAutoPtr<StringBuilder> obj-firefox/dist/include/nsAutoPtr.h:71
43 xul.dll StringBuilder::~StringBuilder
44 xul.dll StringBuilder::`scalar deleting destructor'
45 xul.dll nsAutoPtr<StringBuilder>::~nsAutoPtr<StringBuilder> obj-firefox/dist/include/nsAutoPtr.h:71
46 xul.dll StringBuilder::~StringBuilder
47 xul.dll StringBuilder::`scalar deleting destructor'
48 xul.dll nsAutoPtr<StringBuilder>::~nsAutoPtr<StringBuilder> obj-firefox/dist/include/nsAutoPtr.h:71
49 xul.dll StringBuilder::~StringBuilder
50 xul.dll StringBuilder::`scalar deleting destructor'
51 xul.dll nsAutoPtr<StringBuilder>::~nsAutoPtr<StringBuilder> obj-firefox/dist/include/nsAutoPtr.h:71
52 xul.dll StringBuilder::~StringBuilder
53 xul.dll StringBuilder::`scalar deleting destructor'
54 xul.dll nsAutoPtr<StringBuilder>::~nsAutoPtr<StringBuilder> obj-firefox/dist/include/nsAutoPtr.h:71
55 xul.dll StringBuilder::~StringBuilder
56 xul.dll StringBuilder::`scalar deleting destructor'
57 xul.dll nsAutoPtr<StringBuilder>::~nsAutoPtr<StringBuilder> obj-firefox/dist/include/nsAutoPtr.h:71
58 xul.dll StringBuilder::~StringBuilder
59 xul.dll StringBuilder::`scalar deleting destructor'
60 xul.dll nsAutoPtr<StringBuilder>::~nsAutoPtr<StringBuilder> obj-firefox/dist/include/nsAutoPtr.h:71
61 xul.dll StringBuilder::~StringBuilder
62 xul.dll StringBuilder::`scalar deleting destructor'
63 xul.dll nsAutoPtr<StringBuilder>::~nsAutoPtr<StringBuilder> obj-firefox/dist/include/nsAutoPtr.h:71
64 xul.dll StringBuilder::~StringBuilder
65 xul.dll StringBuilder::`scalar deleting destructor'
66 xul.dll nsAutoPtr<StringBuilder>::~nsAutoPtr<StringBuilder> obj-firefox/dist/include/nsAutoPtr.h:71
67 xul.dll StringBuilder::~StringBuilder
68 xul.dll StringBuilder::`scalar deleting destructor'
69 xul.dll nsAutoPtr<StringBuilder>::~nsAutoPtr<StringBuilder> obj-firefox/dist/include/nsAutoPtr.h:71
70 xul.dll StringBuilder::~StringBuilder
71 xul.dll StringBuilder::`scalar deleting destructor'
72 xul.dll nsAutoPtr<StringBuilder>::~nsAutoPtr<StringBuilder> obj-firefox/dist/include/nsAutoPtr.h:71
73 xul.dll StringBuilder::~StringBuilder
74 xul.dll StringBuilder::`scalar deleting destructor'
75 xul.dll nsAutoPtr<StringBuilder>::~nsAutoPtr<StringBuilder> obj-firefox/dist/include/nsAutoPtr.h:71
76 xul.dll StringBuilder::~StringBuilder
77 xul.dll StringBuilder::`scalar deleting destructor'
78 xul.dll nsAutoPtr<StringBuilder>::~nsAutoPtr<StringBuilder> obj-firefox/dist/include/nsAutoPtr.h:71
79 xul.dll StringBuilder::~StringBuilder
80 xul.dll StringBuilder::`scalar deleting destructor'
81 xul.dll nsAutoPtr<StringBuilder>::~nsAutoPtr<StringBuilder> obj-firefox/dist/include/nsAutoPtr.h:71
82 xul.dll StringBuilder::~StringBuilder
83 xul.dll StringBuilder::`scalar deleting destructor'
84 xul.dll nsAutoPtr<StringBuilder>::~nsAutoPtr<StringBuilder> obj-firefox/dist/include/nsAutoPtr.h:71
85 xul.dll StringBuilder::~StringBuilder
86 xul.dll StringBuilder::`scalar deleting destructor'
87 xul.dll nsAutoPtr<StringBuilder>::~nsAutoPtr<StringBuilder> obj-firefox/dist/include/nsAutoPtr.h:71
88 xul.dll StringBuilder::~StringBuilder
89 xul.dll StringBuilder::`scalar deleting destructor'
90 xul.dll nsAutoPtr<StringBuilder>::~nsAutoPtr<StringBuilder> obj-firefox/dist/include/nsAutoPtr.h:71
91 xul.dll StringBuilder::~StringBuilder
92 xul.dll StringBuilder::`scalar deleting destructor'
93 xul.dll nsAutoPtr<StringBuilder>::~nsAutoPtr<StringBuilder> obj-firefox/dist/include/nsAutoPtr.h:71
94 xul.dll StringBuilder::~StringBuilder
95 xul.dll StringBuilder::`scalar deleting destructor'
96 xul.dll nsAutoPtr<StringBuilder>::~nsAutoPtr<StringBuilder> obj-firefox/dist/include/nsAutoPtr.h:71
97 xul.dll StringBuilder::~StringBuilder
98 xul.dll StringBuilder::`scalar deleting destructor'
99 xul.dll nsAutoPtr<StringBuilder>::~nsAutoPtr<StringBuilder> obj-firefox/dist/include/nsAutoPtr.h:71
100 xul.dll StringBuilder::~StringBuilder
161 xul.dll nsCycleCollectingAutoRefCnt::incr obj-firefox/dist/include/nsISupportsImpl.h:130
162 xul.dll nsGlobalWindow::RunTimeout dom/base/nsGlobalWindow.cpp:9806
163 xul.dll nsGlobalWindow::TimerCallback dom/base/nsGlobalWindow.cpp:10077
164 xul.dll nsTimerImpl::Fire xpcom/threads/nsTimerImpl.cpp:473
165 xul.dll nsThread::ProcessNextEvent xpcom/threads/nsThread.cpp:624
166 nspr4.dll _MD_CURRENT_THREAD nsprpub/pr/src/md/windows/w95thred.c:312
167 xul.dll mozilla::ipc::MessagePump::Run ipc/glue/MessagePump.cpp:82
168 xul.dll MessageLoop::RunHandler ipc/chromium/src/base/message_loop.cc:201
169 xul.dll nsDocShell::GetVisibility docshell/base/nsDocShell.cpp:4973
170 @0x10effff
No Addon correlations show for this in the manual report, but there are some module correlations:
arena_dalloc_small | je_free | nsACString_internal::`scalar deleting destructor''(unsigned int)|EXCEPTION_BREAKPOINT (78 crashes)
81% (63/78) vs. 35% (21194/60844) dhcpcsvc.dll
100% (78/78) vs. 59% (35958/60844) shdocvw.dll
99% (77/78) vs. 60% (36611/60844) rsaenh.dll
100% (78/78) vs. 64% (38791/60844) feclient.dll
100% (78/78) vs. 64% (39075/60844) winrnr.dll
95% (74/78) vs. 60% (36705/60844) nssckbi.dll
100% (78/78) vs. 66% (39925/60844) rasadhlp.dll
100% (78/78) vs. 67% (40502/60844) browsercomps.dll
95% (74/78) vs. 62% (37794/60844) freebl3.dll
95% (74/78) vs. 62% (37826/60844) nssdbm3.dll
95% (74/78) vs. 62% (37832/60844) softokn3.dll
100% (78/78) vs. 67% (41037/60844) firefox.exe
100% (78/78) vs. 67% (41052/60844) xpcom.dll
62% (48/78) vs. 30% (17986/60844) ntshrui.dll
100% (78/78) vs. 68% (41487/60844) dbghelp.dll
100% (78/78) vs. 71% (43121/60844) dnsapi.dll
56% (44/78) vs. 28% (16797/60844) linkinfo.dll
79% (62/78) vs. 52% (31742/60844) t2embed.dll
51% (40/78) vs. 24% (14648/60844) wtsapi32.dll
53% (41/78) vs. 26% (15779/60844) cscapi.dll
50% (39/78) vs. 23% (14240/60844) rasapi32.dll
50% (39/78) vs. 23% (14242/60844) rasman.dll
51% (40/78) vs. 25% (15264/60844) slc.dll
100% (78/78) vs. 74% (45116/60844) mswsock.dll
50% (39/78) vs. 24% (14769/60844) rtutils.dll
100% (78/78) vs. 74% (45212/60844) wintrust.dll
51% (40/78) vs. 26% (15721/60844) srvcli.dll
49% (38/78) vs. 23% (14181/60844) dhcpcsvc6.DLL
74% (58/78) vs. 49% (29857/60844) ntmarta.dll
51% (40/78) vs. 27% (16615/60844) samlib.dll
56% (44/78) vs. 33% (20217/60844) pnrpnsp.dll
53% (41/78) vs. 29% (17912/60844) duser.dll
56% (44/78) vs. 33% (20281/60844) NapiNSP.dll
56% (44/78) vs. 33% (20298/60844) nlaapi.dll
58% (45/78) vs. 35% (21391/60844) wship6.dll
51% (40/78) vs. 29% (17499/60844) explorerframe.dll
51% (40/78) vs. 29% (17506/60844) dui70.dll
37% (29/78) vs. 15% (8966/60844) WLIDNSP.DLL
42% (33/78) vs. 20% (12114/60844) winsta.dll
55% (43/78) vs. 33% (20297/60844) DWrite.dll
91% (71/78) vs. 70% (42465/60844) icm32.dll
51% (40/78) vs. 30% (18292/60844) RpcRtRemote.dll
51% (40/78) vs. 31% (18582/60844) FWPUCLNT.DLL
32% (25/78) vs. 11% (6949/60844) netman.dll
32% (25/78) vs. 11% (6949/60844) wzcsvc.dll
32% (25/78) vs. 11% (6950/60844) esent.dll
32% (25/78) vs. 11% (6951/60844) wmi.dll
32% (25/78) vs. 12% (7040/60844) wzcsapi.dll
32% (25/78) vs. 12% (7069/60844) credui.dll
41% (32/78) vs. 21% (12570/60844) msvcp90.dll
32% (25/78) vs. 12% (7129/60844) netshell.dll
36% (28/78) vs. 16% (9526/60844) atl.dll
51% (40/78) vs. 31% (19035/60844) cryptsp.dll
83% (65/78) vs. 63% (38623/60844) apphelp.dll
56% (44/78) vs. 37% (22275/60844) WSHTCPIP.DLL
27% (21/78) vs. 7% (4364/60844) eapolqec.dll
27% (21/78) vs. 7% (4364/60844) qutil.dll
27% (21/78) vs. 7% (4396/60844) dot3dlg.dll
27% (21/78) vs. 7% (4410/60844) eappprxy.dll
27% (21/78) vs. 7% (4410/60844) onex.dll
27% (21/78) vs. 7% (4411/60844) eappcfg.dll
27% (21/78) vs. 7% (4413/60844) dot3api.dll
32% (25/78) vs. 13% (7652/60844) activeds.dll
32% (25/78) vs. 13% (7653/60844) adsldpc.dll
32% (25/78) vs. 13% (7692/60844) mprapi.dll
29% (23/78) vs. 11% (6506/60844) cscui.dll
45% (35/78) vs. 26% (15875/60844) msvcr90.dll
29% (23/78) vs. 11% (6515/60844) cscdll.dll
32% (25/78) vs. 13% (8136/60844) EhStorShell.dll
28% (22/78) vs. 10% (6089/60844) AavmRpch.dll
28% (22/78) vs. 10% (6089/60844) Aavm4h.dll
28% (22/78) vs. 10% (6089/60844) aswCmnOS.dll
28% (22/78) vs. 10% (6089/60844) ashTask.dll
28% (22/78) vs. 10% (6089/60844) aswProperty.dll
28% (22/78) vs. 10% (6089/60844) aswEngLdr.dll
28% (22/78) vs. 10% (6089/60844) aswCmnBS.dll
28% (22/78) vs. 10% (6089/60844) aswCmnIS.dll
28% (22/78) vs. 10% (6089/60844) aswAux.dll
28% (22/78) vs. 10% (6089/60844) ashBase.dll
27% (21/78) vs. 9% (5309/60844) msvcp60.dll
32% (25/78) vs. 14% (8533/60844) WindowsCodecs.dll
56% (44/78) vs. 39% (23444/60844) Wldap32.dll
33% (26/78) vs. 16% (9534/60844) tapi32.dll
35% (27/78) vs. 18% (10797/60844) snxhk.dll
63% (49/78) vs. 47% (28483/60844) mpr.dll
44% (34/78) vs. 28% (16868/60844) cryptui.dll
31% (24/78) vs. 16% (9549/60844) aswJsFlt.dll
21% (16/78) vs. 5% (3315/60844) msi.dll
15% (12/78) vs. 3% (1695/60844) ashShell.dll
47% (37/78) vs. 35% (21208/60844) msacm32.drv
44% (34/78) vs. 31% (19093/60844) wldap32.dll
44% (34/78) vs. 32% (19253/60844) lz32.dll
18% (14/78) vs. 6% (3719/60844) GrooveShellExtensions.dll
18% (14/78) vs. 6% (3721/60844) GrooveNew.DLL
18% (14/78) vs. 6% (3721/60844) GrooveUtil.DLL
17% (13/78) vs. 5% (2998/60844) msxml3.dll
47% (37/78) vs. 36% (21757/60844) msacm32.dll
18% (14/78) vs. 6% (3816/60844) ATL80.dll
46% (36/78) vs. 35% (21210/60844) midimap.dll
46% (36/78) vs. 35% (21324/60844) wdmaud.drv
19% (15/78) vs. 8% (4988/60844) ieframe.dll
59% (46/78) vs. 48% (29297/60844) imagehlp.dll
44% (34/78) vs. 33% (19969/60844) xpsp2res.dll
21% (16/78) vs. 10% (5939/60844) msvcr80.dll
14% (11/78) vs. 3% (2115/60844) GrooveSystemServices.dll
15% (12/78) vs. 5% (3284/60844) Wpc.dll
15% (12/78) vs. 5% (3284/60844) wevtapi.dll
13% (10/78) vs. 3% (1884/60844) cabinet.dll
17% (13/78) vs. 7% (4461/60844) SensApi.dll
12% (9/78) vs. 3% (1572/60844) wuapi.dll
18% (14/78) vs. 9% (5582/60844) msvcr71.dll
10% (8/78) vs. 2% (984/60844) GrooveMisc.dll
13% (10/78) vs. 4% (2646/60844) browseui.dll
13% (10/78) vs. 5% (2864/60844) sensapi.dll
22% (17/78) vs. 14% (8458/60844) d3d10_1core.dll
22% (17/78) vs. 14% (8458/60844) d3d10_1.dll
15% (12/78) vs. 8% (4565/60844) samcli.dll
33% (26/78) vs. 25% (15493/60844) MSCTF.dll
21% (16/78) vs. 13% (7716/60844) d3d10.dll
21% (16/78) vs. 13% (7716/60844) d3d10core.dll
22% (17/78) vs. 14% (8528/60844) dxgi.dll
15% (12/78) vs. 8% (4677/60844) netutils.dll
12% (9/78) vs. 4% (2361/60844) cryptdll.dll
8% (6/78) vs. 0% (38/60844) gbieh.dll
21% (16/78) vs. 13% (7937/60844) d2d1.dll
44% (34/78) vs. 36% (22094/60844) wshtcpip.dll
44% (34/78) vs. 36% (22104/60844) hnetcfg.dll
49% (38/78) vs. 42% (25303/60844) netapi32.dll
14% (11/78) vs. 7% (4286/60844) msv1_0.dll
62% (48/78) vs. 55% (33433/60844) secur32.dll
8% (6/78) vs. 1% (866/60844) pdfshell.dll
10% (8/78) vs. 4% (2501/60844) devrtl.dll
100% (78/78) vs. 94% (57313/60844) mscms.dll
6% (5/78) vs. 1% (645/60844) MpOAv.dll
14% (11/78) vs. 9% (5439/60844) msctfime.ime
8% (6/78) vs. 3% (1602/60844) GrooveIntlResource.dll
103% (80/78) vs. 98% (59347/60844) msvcr100.dll
There is some correlation to avast! Asynchronous Virus Monitor (AAVM) in that list.
|
||
Comment 1•13 years ago
|
||
With the above stack trace, it's a low volume crash w.r.t bug 798045.
It seems to happen only in Beta versions: 15.0 or 16.0.
Component: General → DOM
OS: Windows NT → Windows 7
Product: Firefox → Core
Summary: crash in arena_dalloc_small → crash in StringBuilder::Unit::~Unit
|
Assignee | |
Comment 3•13 years ago
|
||
Hmm, crashes are odd.
nsACString_internal::`scalar deleting destructor'
Yet Unit doesn't handle CStrings at all.
|
|
Assignee | |
Comment 4•13 years ago
|
||
I haven't figured you what could cause this bug, but at least
we could initialize all the member variables and also add
counters for ctor and dtor to detect leaks.
https://tbpl.mozilla.org/?tree=Try&rev=a7edb47a425c
Attachment #669271 -
Flags: review?(hsivonen)
|
||
Comment 5•13 years ago
|
||
Comment on attachment 669271 [details] [diff] [review]
investigation
Sorry about the delay.
Attachment #669271 -
Flags: review?(hsivonen) → review+
|
|
Assignee | |
Comment 6•13 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/cfbf2d4218c8
Maybe this gives some hint where the problem might be.
I went through the code and didn't see anything problematic.
Keeping the bug open for now.
|
||
Updated•10 years ago
|
Crash Signature: [@ arena_dalloc_small | je_free | nsACString_internal::`scalar deleting destructor''(unsigned int)] → [@ arena_dalloc_small | je_free | nsACString_internal::`scalar deleting destructor''(unsigned int)]
[@ arena_dalloc_small | je_free | nsACString_internal::`scalar deleting destructor'']
|
||
Comment 7•8 years ago
|
||
The patch landed, so I'm pretty sure, that I can close this bug as FIXED.
|
|
||
Updated•8 years ago
|
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
|
||
Updated•6 years ago
|
Component: DOM → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•