Closed
Bug 842289
Opened 12 years ago
Closed 3 years ago
Crash in nsProfiler.getProfile on 64-bit Linux debug build
Categories
(Core :: Gecko Profiler, defect)
Tracking
()
RESOLVED
INACTIVE
People
(Reporter: zwol, Unassigned)
References
(Blocks 1 open bug)
Details
(Keywords: crash)
1) Install https://addons.mozilla.org/en-us/firefox/addon/aboutjank/ in a trunk debug build.
2) Open about:jank in a tab.
3) Do something else in another tab for a little while.
4) Reload the about:jank tab (this is supposed to show the profiling results). Kaboom.
gdb backtrace:
#4 <signal handler called>
#5 __strlen_sse42 () at ../sysdeps/x86_64/multiarch/strlen-sse4.S:32
#6 0x00007f3839585f21 in length (
__s=0x7f3800000f30 <Address 0x7f3800000f30 out of bounds>)
at /home/packages/gcc/4.7/w/gcc-4.7-4.7.2/build/x86_64-linux-gnu/libstdc++-v3/include/bits/char_traits.h:261
#7 std::operator<< <std::char_traits<char> > (__out=...,
__s=0x7f3800000f30 <Address 0x7f3800000f30 out of bounds>)
at /home/packages/gcc/4.7/w/gcc-4.7-4.7.2/build/x86_64-linux-gnu/libstdc++-v3/include/ostream:533
#8 0x00007f38366dd8d2 in operator<< (stream=..., entry=...)
at /home/zack/src/mozilla/S-mc/tools/profiler/TableTicker.cpp:1000
#9 0x00007f38366dd918 in operator<< (stream=..., profile=...)
at /home/zack/src/mozilla/S-mc/tools/profiler/TableTicker.cpp:980
#10 0x00007f38366ddb01 in mozilla_sampler_get_profile ()
at /home/zack/src/mozilla/S-mc/tools/profiler/TableTicker.cpp:1082
#11 0x00007f38366dc441 in nsProfiler::GetProfile (this=<optimized out>,
aProfile=0x7fff333ade58)
at /home/zack/src/mozilla/S-mc/tools/profiler/nsProfiler.cpp:104
#12 0x00007f3836ae3eab in NS_InvokeByIndex_P (that=<optimized out>,
methodIndex=<optimized out>, paramCount=<optimized out>,
params=<optimized out>)
at /home/zack/src/mozilla/S-mc/xpcom/reflect/xptcall/src/md/unix/xptcinvoke_x86_64_unix.cpp:164
#13 0x00007f38363fa680 in Invoke (this=0x7fff333ade18)
at /home/zack/src/mozilla/S-mc/js/xpconnect/src/XPCWrappedNative.cpp:3085
#14 Call (this=0x7fff333ade18)
at /home/zack/src/mozilla/S-mc/js/xpconnect/src/XPCWrappedNative.cpp:2419
#15 XPCWrappedNative::CallMethod (ccx=..., mode=<optimized out>)
at /home/zack/src/mozilla/S-mc/js/xpconnect/src/XPCWrappedNative.cpp:2385
#16 0x00007f38363fe5ff in XPC_WN_CallMethod (cx=0x7f3817aca710, argc=0,
vp=0x7f38241060a8)
at /home/zack/src/mozilla/S-mc/js/xpconnect/src/XPCWrappedNativeJSOps.cpp:1417
#17 0x00007f38370baffd in CallJSNative (args=..., native=<optimized out>,
cx=0x7f3817aca710)
at /home/zack/src/mozilla/S-mc/js/src/jscntxtinlines.h:327
The profile entry it's trying to print appears to be garbage:
(gdb) frame 9
(gdb) p profile.mEntries[readPos]
$5 = {{mTagData = 0x7f3800000f30 <Address 0x7f3800000f30 out of bounds>,
mTagChars = "0\017\000\000\070\177\000", mTagPtr = 0x7f3800000f30,
mTagFloat = 6.9109158922077916e-310,
mTagAddress = 0x7f3800000f30 <Address 0x7f3800000f30 out of bounds>,
mTagOffset = 139878494900016, mTagLine = 3888}, mTagName = 110 'n'}
I don't know enough about this code to investigate further.
Reporter | ||
Updated•12 years ago
|
Summary: Crash in nsIProfiler.getProfile on 64-bit Linux debug build → Crash in nsProfiler.getProfile on 64-bit Linux debug build
Reporter | ||
Comment 1•12 years ago
|
||
I don't think there's any way to get at nsProfiler from unprivileged JS, so this isn't a remotely triggerable crash (well, unless you can trick someone into installing your malicious extension, but then it's game over anyway).
Obsolete.
Status: NEW → RESOLVED
Closed: 3 years ago
Resolution: --- → INACTIVE
You need to log in
before you can comment on or make changes to this bug.
Description
•