Closed Bug 819633 Opened 12 years ago Closed 12 years ago

crash in nsTArrayInfallibleAllocator::SizeTooBig

Categories

(Core :: Layout, defect)

Product:
Core
Component:
Layout
Version:
17 Branch
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED WORKSFORME
Tracking Flags:
Tracking Status
firefox17 --- affected
firefox18 --- affected
firefox19 --- affected
firefox20 --- affected

People

(Reporter: scoobidiver, Unassigned)

References

Details

(Keywords: crash, regression)

Crash Data

It first showed up in 20.0a1/20121207 and is currently #12 top crasher in this build. The regression range is: http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=3c81e1c0d252&tochange=739f20de3c1e Stack traces are various: Frame Module Signature Source 0 mozalloc.dll mozalloc_abort memory/mozalloc/mozalloc_abort.cpp:23 1 xul.dll nsTArrayInfallibleAllocator::SizeTooBig obj-firefox/dist/include/nsTArray.h:73 2 xul.dll nsTArray_base<nsTArrayDefaultAllocator>::EnsureCapacity obj-firefox/dist/include/nsTArray-inl.h:112 3 xul.dll nsLineLayout::VerticalAlignFrames layout/generic/nsLineLayout.cpp:1570 4 xul.dll nsLineLayout::VerticalAlignLine layout/generic/nsLineLayout.cpp:1400 5 xul.dll nsBlockFrame::PlaceLine layout/generic/nsBlockFrame.cpp:4094 6 xul.dll nsBlockFrame::DoReflowInlineFrames layout/generic/nsBlockFrame.cpp:3655 7 xul.dll nsBlockFrame::ReflowInlineFrames layout/generic/nsBlockFrame.cpp:3377 ... Frame Module Signature Source 0 mozalloc.dll mozalloc_abort memory/mozalloc/mozalloc_abort.cpp:23 1 xul.dll nsTArrayInfallibleAllocator::SizeTooBig obj-firefox/dist/include/nsTArray.h:73 2 xul.dll nsTArray_base<nsTArrayDefaultAllocator>::EnsureCapacity obj-firefox/dist/include/nsTArray-inl.h:112 3 xul.dll nsTArray<gfxFontFeature,nsTArrayDefaultAllocator>::ReplaceElementsAt<gfxFontFeat obj-firefox/dist/include/nsTArray.h:732 4 xul.dll nsFont::nsFont gfx/src/nsFont.cpp:64 5 xul.dll nsStyleFont::nsStyleFont layout/style/nsStyleStruct.cpp:122 6 xul.dll nsRuleNode::CalcLengthWithInitialFont layout/style/nsRuleNode.cpp:429 7 xul.dll nsMediaExpression::Matches layout/style/nsCSSStyleSheet.cpp:194 8 xul.dll nsMediaQuery::Matches layout/style/nsCSSStyleSheet.cpp:501 ... Frame Module Signature Source 0 mozalloc.dll mozalloc_abort memory/mozalloc/mozalloc_abort.cpp:23 1 xul.dll nsTArrayInfallibleAllocator::SizeTooBig obj-firefox/dist/include/nsTArray.h:73 2 xul.dll nsTArray_base<nsTArrayDefaultAllocator>::EnsureCapacity obj-firefox/dist/include/nsTArray-inl.h:112 3 xul.dll AddSelector layout/style/nsCSSRuleProcessor.cpp:2778 4 xul.dll nsCSSRuleProcessor::RefreshRuleCascade layout/style/nsCSSRuleProcessor.cpp:3222 5 xul.dll nsStyleSet::AppendFontFaceRules layout/style/nsStyleSet.cpp:1246 6 xul.dll nsPresContext::FlushUserFontSet layout/base/nsPresContext.cpp:1934 7 xul.dll nsPresContext::HandleRebuildUserFontSet layout/base/nsPresContext.h:1091 ... Frame Module Signature Source 0 mozalloc.dll mozalloc_abort memory/mozalloc/mozalloc_abort.cpp:23 1 xul.dll nsTArrayInfallibleAllocator::SizeTooBig obj-firefox/dist/include/nsTArray.h:73 2 xul.dll nsTArray_base<nsTArrayDefaultAllocator>::EnsureCapacity obj-firefox/dist/include/nsTArray-inl.h:112 3 xul.dll nsTArray<nsHtml5SpeculativeLoad,nsTArrayDefaultAllocator>::MoveElementsFrom<nsHt obj-firefox/dist/include/nsTArray.h:929 4 xul.dll nsHtml5TreeOpExecutor::FlushSpeculativeLoads parser/html/nsHtml5TreeOpExecutor.cpp:403 5 xul.dll nsHtml5TreeOpExecutor::RunFlushLoop parser/html/nsHtml5TreeOpExecutor.cpp:516 6 xul.dll nsHtml5ExecutorReflusher::Run parser/html/nsHtml5TreeOpExecutor.cpp:60 7 xul.dll nsThread::ProcessNextEvent xpcom/threads/nsThread.cpp:627 ... and so on. More reports at: https://crash-stats.mozilla.com/report/list?signature=mozalloc_abort%28char+const*+const%29+|+nsTArrayInfallibleAllocator%3A%3ASizeTooBig%28%29
I found crashes that happened one build earlier: https://crash-stats.mozilla.com/report/list?signature=mozalloc_abort+|+nsTArrayInfallibleAllocator%3A%3ASizeTooBig%28%29 So it might be a regression from bug 801466.
Crash Signature: [@ mozalloc_abort(char const* const) | nsTArrayInfallibleAllocator::SizeTooBig()] → [@ mozalloc_abort(char const* const) | nsTArrayInfallibleAllocator::SizeTooBig()] [@ mozalloc_abort | nsTArrayInfallibleAllocator::SizeTooBig()]
OS: Windows 7 → All
Crashes have almost completely stopped since 20.0a1/20121208, maybe fixed by the patch of bug 818962.
More reports also at: https://crash-stats.mozilla.com/report/list?signature=mozalloc_abort%28char+const*%29+|+nsTArrayInfallibleAllocator%3A%3ASizeTooBig%28%29
Crash Signature: [@ mozalloc_abort(char const* const) | nsTArrayInfallibleAllocator::SizeTooBig()] [@ mozalloc_abort | nsTArrayInfallibleAllocator::SizeTooBig()] → [@ mozalloc_abort(char const* const) | nsTArrayInfallibleAllocator::SizeTooBig()] [@ mozalloc_abort(char const*) | nsTArrayInfallibleAllocator::SizeTooBig()] [@ mozalloc_abort | nsTArrayInfallibleAllocator::SizeTooBig()]
status-firefox17: --- → affected
status-firefox18: --- → affected
status-firefox19: unaffectedaffected
Version: 20 Branch → 17 Branch
Depends on: 892930
As it happens rarely after 21.0 and is a generic signature for unrelated crashes, I close it as workforme.
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.