OOM crash in XPCWrappedNative::GetAttribute with DataMngrHlpFF17.dll

NEW
Unassigned

Status

()

Core
XPConnect
--
critical
5 years ago
2 years ago

People

(Reporter: Scoobidiver (away), Unassigned)

Tracking

({crash})

17 Branch
x86
Windows XP
crash
Points:
---

Firefox Tracking Flags

(firefox17-)

Details

(crash signature)

(Reporter)

Description

5 years ago
It's currently #10 top browser crasher in 17.0.

A manual check of crash reports shows a correlation to the DataMngr extension and DataMngrHlpFF17.dll.
It's similar to bug 812307.

Signature 	mozalloc_abort(char const* const) | mozalloc_handle_oom(unsigned int) | moz_xmalloc | XPCWrappedNative::GetAttribute(XPCCallContext&) More Reports Search
UUID	874ffef6-4e83-4fe9-83fa-471802121121
Date Processed	2012-11-21 08:44:22
Uptime	20
Last Crash	22 seconds before submission
Install Age	12.0 hours since version was first installed.
Install Time	2012-11-20 20:43:07
Product	Firefox
Version	17.0
Build ID	20121119183901
Release Channel	release
OS	Windows NT
OS Version	5.1.2600 Service Pack 2
Build Architecture	x86
Build Architecture Info	GenuineIntel family 6 model 23 stepping 10
Crash Reason	EXCEPTION_BREAKPOINT
Crash Address	0x11a1988
App Notes 	
AdapterVendorID: 0x1002, AdapterDeviceID: 0x954f, AdapterSubsysID: 24621682, AdapterDriverVersion: 8.582.0.0
D3D10 Layers? D3D10 Layers- D3D9 Layers? D3D9 Layers- 
EMCheckCompatibility	True
Adapter Vendor ID	0x1002
Adapter Device ID	0x954f
Total Virtual Memory	2147352576
Available Virtual Memory	1938837504
System Memory Use Percentage	57
Available Page File	2060955648
Available Physical Memory	450621440
OOMAllocationSize	12

Frame 	Module 	Signature 	Source
0 	mozalloc.dll 	mozalloc_abort 	memory/mozalloc/mozalloc_abort.cpp:23
1 	mozalloc.dll 	mozalloc_handle_oom 	memory/mozalloc/mozalloc_oom.cpp:27
2 	mozalloc.dll 	moz_xmalloc 	memory/mozalloc/mozalloc.cpp:59
3 	xul.dll 	XPCWrappedNative::GetAttribute 	js/xpconnect/src/xpcprivate.h:2823
4 	xul.dll 	XPC_WN_GetterSetter 	js/xpconnect/src/XPCWrappedNativeJSOps.cpp:1526
5 	xul.dll 	nsXPConnect::GetXPConnect 	js/xpconnect/src/nsXPConnect.cpp:139
6 	xul.dll 	XPC_WN_NoHelper_Resolve 	js/xpconnect/src/XPCWrappedNativeJSOps.cpp:690
7 	mozjs.dll 	js::mjit::ic::GetProp 	js/src/methodjit/PolyIC.cpp:2020
8 	mozjs.dll 	js::InvokeKernel 	js/src/jsinterp.cpp:363
9 	mozjs.dll 	js::Invoke 	js/src/jsinterp.cpp:396
10 	mozjs.dll 	JS_CallFunctionValue 	js/src/jsapi.cpp:5846
11 	xul.dll 	nsXPCWrappedJSClass::CallMethod 	js/xpconnect/src/XPCWrappedJSClass.cpp:1442
12 	xul.dll 	nsXPCWrappedJS::CallMethod 	js/xpconnect/src/XPCWrappedJS.cpp:580
13 	xul.dll 	PrepareAndDispatch 	xpcom/reflect/xptcall/src/md/win32/xptcstubs.cpp:85
14 	xul.dll 	SharedStub 	xpcom/reflect/xptcall/src/md/win32/xptcstubs.cpp:112
15 	xul.dll 	nsObserverService::NotifyObservers 	xpcom/ds/nsObserverService.cpp:149
16 	DataMngrHlpFF17.dll 	DataMngrHlpFF17.dll@0x9fa4 	
17 	DataMngrHlpFF17.dll 	DataMngrHlpFF17.dll@0x5879 	
...

More reports at:
https://crash-stats.mozilla.com/report/list?signature=mozalloc_abort%28char+const*+const%29+|+mozalloc_handle_oom%28unsigned+int%29+|+moz_xmalloc+|+XPCWrappedNative%3A%3AGetAttribute%28XPCCallContext%26%29
(Reporter)

Updated

5 years ago
Crash Signature: [@ mozalloc_abort(char const* const) | mozalloc_handle_oom(unsigned int) | moz_xmalloc | XPCWrappedNative::GetAttribute(XPCCallContext&)] → [@ mozalloc_abort(char const* const) | mozalloc_handle_oom(unsigned int) | moz_xmalloc | XPCWrappedNative::GetAttribute(XPCCallContext&)] [@ mozalloc_abort(char const* const) | mozalloc_handle_oom(unsigned int) | moz_xmalloc | XPCWrappedNative::Fi…
(Reporter)

Updated

5 years ago
Crash Signature: [@ mozalloc_abort(char const* const) | mozalloc_handle_oom(unsigned int) | moz_xmalloc | XPCWrappedNative::GetAttribute(XPCCallContext&)] [@ mozalloc_abort(char const* const) | mozalloc_handle_oom(unsigned int) | moz_xmalloc | XPCWrappedNative::Fi… → [@ mozalloc_abort(char const* const) | mozalloc_handle_oom(unsigned int) | moz_xmalloc | XPCWrappedNative::GetAttribute(XPCCallContext&)] [@ mozalloc_abort(char const* const) | mozalloc_handle_oom(unsigned int) | moz_xmalloc | XPCWrappedNative::Fi…

Updated

5 years ago
tracking-firefox17: ? → +

Comment 1

5 years ago
We've reached out to Bandoo, are attempting to reproduce internally, and are exploring blocklisting the DataMngr add-on in bug 812456.

I've included some xpconnect experts to see if they can take a look at this stack and suggest any changes that we could make to Firefox to guard against this crash.
I've we're crashing in infallible malloc then either some prior operation is causing us to allocate way too much memory, or the heap is corrupted. Either way, not much we can do about it on the XPConnect end.
These are all small allocations (12 bytes?) and I looked at a few crash reports and they didn't seem to have a particularly huge amount of memory used, so it seems likely this is being caused by some kind of memory corruption.
This is almost certainly a dupe of 812307, which involves various crashes in jemalloc with this same addon.
(Reporter)

Comment 5

5 years ago
It's #36 top browser crasher w/o hangs in 17.0 so no longer a top crasher.
tracking-firefox17: + → ?
Keywords: topcrash
tracking-firefox17: ? → -

Updated

2 years ago
Crash Signature: [@ mozalloc_abort(char const* const) | mozalloc_handle_oom(unsigned int) | moz_xmalloc | XPCWrappedNative::GetAttribute(XPCCallContext&)] [@ mozalloc_abort(char const* const) | mozalloc_handle_oom(unsigned int) | moz_xmalloc | XPCWrappedNative::Fi… → [@ mozalloc_abort(char const* const) | mozalloc_handle_oom(unsigned int) | moz_xmalloc | XPCWrappedNative::GetAttribute(XPCCallContext&)] [@ mozalloc_abort(char const* const) | mozalloc_handle_oom(unsigned int) | moz_xmalloc | XPCWrappedNative::Fi…
You need to log in before you can comment on or make changes to this bug.