Closed
Bug 842289
Opened 11 years ago
Closed 2 years ago
Crash in nsProfiler.getProfile on 64-bit Linux debug build
Categories
(Core :: Gecko Profiler, defect)
Tracking
()
RESOLVED
INACTIVE
People
(Reporter: zwol, Unassigned)
References
(Blocks 1 open bug)
Details
(Keywords: crash)
1) Install https://addons.mozilla.org/en-us/firefox/addon/aboutjank/ in a trunk debug build. 2) Open about:jank in a tab. 3) Do something else in another tab for a little while. 4) Reload the about:jank tab (this is supposed to show the profiling results). Kaboom. gdb backtrace: #4 <signal handler called> #5 __strlen_sse42 () at ../sysdeps/x86_64/multiarch/strlen-sse4.S:32 #6 0x00007f3839585f21 in length ( __s=0x7f3800000f30 <Address 0x7f3800000f30 out of bounds>) at /home/packages/gcc/4.7/w/gcc-4.7-4.7.2/build/x86_64-linux-gnu/libstdc++-v3/include/bits/char_traits.h:261 #7 std::operator<< <std::char_traits<char> > (__out=..., __s=0x7f3800000f30 <Address 0x7f3800000f30 out of bounds>) at /home/packages/gcc/4.7/w/gcc-4.7-4.7.2/build/x86_64-linux-gnu/libstdc++-v3/include/ostream:533 #8 0x00007f38366dd8d2 in operator<< (stream=..., entry=...) at /home/zack/src/mozilla/S-mc/tools/profiler/TableTicker.cpp:1000 #9 0x00007f38366dd918 in operator<< (stream=..., profile=...) at /home/zack/src/mozilla/S-mc/tools/profiler/TableTicker.cpp:980 #10 0x00007f38366ddb01 in mozilla_sampler_get_profile () at /home/zack/src/mozilla/S-mc/tools/profiler/TableTicker.cpp:1082 #11 0x00007f38366dc441 in nsProfiler::GetProfile (this=<optimized out>, aProfile=0x7fff333ade58) at /home/zack/src/mozilla/S-mc/tools/profiler/nsProfiler.cpp:104 #12 0x00007f3836ae3eab in NS_InvokeByIndex_P (that=<optimized out>, methodIndex=<optimized out>, paramCount=<optimized out>, params=<optimized out>) at /home/zack/src/mozilla/S-mc/xpcom/reflect/xptcall/src/md/unix/xptcinvoke_x86_64_unix.cpp:164 #13 0x00007f38363fa680 in Invoke (this=0x7fff333ade18) at /home/zack/src/mozilla/S-mc/js/xpconnect/src/XPCWrappedNative.cpp:3085 #14 Call (this=0x7fff333ade18) at /home/zack/src/mozilla/S-mc/js/xpconnect/src/XPCWrappedNative.cpp:2419 #15 XPCWrappedNative::CallMethod (ccx=..., mode=<optimized out>) at /home/zack/src/mozilla/S-mc/js/xpconnect/src/XPCWrappedNative.cpp:2385 #16 0x00007f38363fe5ff in XPC_WN_CallMethod (cx=0x7f3817aca710, argc=0, vp=0x7f38241060a8) at /home/zack/src/mozilla/S-mc/js/xpconnect/src/XPCWrappedNativeJSOps.cpp:1417 #17 0x00007f38370baffd in CallJSNative (args=..., native=<optimized out>, cx=0x7f3817aca710) at /home/zack/src/mozilla/S-mc/js/src/jscntxtinlines.h:327 The profile entry it's trying to print appears to be garbage: (gdb) frame 9 (gdb) p profile.mEntries[readPos] $5 = {{mTagData = 0x7f3800000f30 <Address 0x7f3800000f30 out of bounds>, mTagChars = "0\017\000\000\070\177\000", mTagPtr = 0x7f3800000f30, mTagFloat = 6.9109158922077916e-310, mTagAddress = 0x7f3800000f30 <Address 0x7f3800000f30 out of bounds>, mTagOffset = 139878494900016, mTagLine = 3888}, mTagName = 110 'n'} I don't know enough about this code to investigate further.
Reporter | ||
Updated•11 years ago
|
Summary: Crash in nsIProfiler.getProfile on 64-bit Linux debug build → Crash in nsProfiler.getProfile on 64-bit Linux debug build
Reporter | ||
Comment 1•11 years ago
|
||
I don't think there's any way to get at nsProfiler from unprivileged JS, so this isn't a remotely triggerable crash (well, unless you can trick someone into installing your malicious extension, but then it's game over anyway).
Obsolete.
Status: NEW → RESOLVED
Closed: 2 years ago
Resolution: --- → INACTIVE
You need to log in
before you can comment on or make changes to this bug.
Description
•