Closed Bug 906108 Opened 11 years ago Closed 7 years ago

crash in mozilla::dom::ContentParent::GetOrCreateActorForBlob

Categories

(Core :: DOM: Content Processes, defect)

ARM
Gonk (Firefox OS)
defect
Not set
critical

Tracking

()

RESOLVED DUPLICATE of bug 1353629
tracking-b2g backlog
Tracking Status
b2g-v1.3T --- affected

People

(Reporter: nhirata, Unassigned)

Details

(Keywords: crash, Whiteboard: [sprd321209])

Crash Data

This bug was filed from the Socorro interface and is report bp-9dc4ac72-f183-4719-ae4d-577072130815 . ============================================================= Frame Module Signature Source 0 libxul.so mozilla::dom::ContentParent::GetOrCreateActorForBlob ../../dist/include/mozilla/dom/ipc/Blob.h 1 libxul.so mozilla::dom::ContentParent::DoSendAsyncMessage /home/zhangchun/P752D04_MOVISTAR/PRE/android/gecko/dom/ipc/ContentParent.cpp 2 libxul.so nsFrameMessageManager::DispatchAsyncMessageInternal /home/zhangchun/P752D04_MOVISTAR/PRE/android/gecko/content/base/src/nsFrameMessageManager.cpp 3 libxul.so nsFrameMessageManager::DispatchAsyncMessage /home/zhangchun/P752D04_MOVISTAR/PRE/android/gecko/content/base/src/nsFrameMessageManager.cpp 4 libxul.so nsFrameMessageManager::BroadcastAsyncMessage /home/zhangchun/P752D04_MOVISTAR/PRE/android/gecko/content/base/src/nsFrameMessageManager.cpp 5 libxul.so NS_InvokeByIndex_P /home/zhangchun/P752D04_MOVISTAR/PRE/android/gecko/xpcom/reflect/xptcall/src/md/unix/xptcinvoke_arm.cpp 6 libxul.so XPCWrappedNative::CallMethod /home/zhangchun/P752D04_MOVISTAR/PRE/android/gecko/js/xpconnect/src/XPCWrappedNative.cpp 7 libxul.so XPC_WN_CallMethod /home/zhangchun/P752D04_MOVISTAR/PRE/android/gecko/js/xpconnect/src/XPCWrappedNativeJSOps.cpp 8 libxul.so js::InvokeKernel /home/zhangchun/P752D04_MOVISTAR/PRE/android/gecko/js/src/jscntxtinlines.h 9 libxul.so js::Interpret /home/zhangchun/P752D04_MOVISTAR/PRE/android/gecko/js/src/jsinterp.cpp 10 libxul.so js::RunScript /home/zhangchun/P752D04_MOVISTAR/PRE/android/gecko/js/src/jsinterp.cpp 11 libxul.so js::Invoke /home/zhangchun/P752D04_MOVISTAR/PRE/android/gecko/js/src/jsinterp.cpp 12 libxul.so JS_CallFunctionValue /home/zhangchun/P752D04_MOVISTAR/PRE/android/gecko/js/src/jsapi.cpp 13 libxul.so nsFrameMessageManager::ReceiveMessage /home/zhangchun/P752D04_MOVISTAR/PRE/android/gecko/content/base/src/nsFrameMessageManager.cpp 14 libxul.so nsFrameMessageManager::ReceiveMessage /home/zhangchun/P752D04_MOVISTAR/PRE/android/gecko/content/base/src/nsFrameMessageManager.cpp 15 libxul.so mozilla::dom::ContentParent::RecvAsyncMessage /home/zhangchun/P752D04_MOVISTAR/PRE/android/gecko/dom/ipc/ContentParent.cpp 16 libxul.so mozilla::dom::PContentParent::OnMessageReceived /home/zhangchun/P752D04_MOVISTAR/PRE/android/out/target/product/roamer2/obj/objdir-gecko/ipc/ipdl/PContentParent.cpp 17 libxul.so mozilla::ipc::AsyncChannel::OnDispatchMessage /home/zhangchun/P752D04_MOVISTAR/PRE/android/gecko/ipc/glue/AsyncChannel.cpp 18 libxul.so mozilla::ipc::RPCChannel::OnMaybeDequeueOne /home/zhangchun/P752D04_MOVISTAR/PRE/android/gecko/ipc/glue/RPCChannel.cpp 19 libxul.so RunnableMethod<IPC::ChannelProxy::Context, void (IPC::ChannelProxy::Context::*)(), Tuple0>::Run /home/zhangchun/P752D04_MOVISTAR/PRE/android/gecko/ipc/chromium/src/base/tuple.h 20 libxul.so mozilla::ipc::RPCChannel::DequeueTask::Run ../../dist/include/mozilla/ipc/RPCChannel.h 21 libxul.so MessageLoop::RunTask /home/zhangchun/P752D04_MOVISTAR/PRE/android/gecko/ipc/chromium/src/base/message_loop.cc 22 libxul.so MessageLoop::DeferOrRunPendingTask /home/zhangchun/P752D04_MOVISTAR/PRE/android/gecko/ipc/chromium/src/base/message_loop.cc 23 libxul.so MessageLoop::DoWork /home/zhangchun/P752D04_MOVISTAR/PRE/android/gecko/ipc/chromium/src/base/message_loop.cc 24 libxul.so mozilla::ipc::DoWorkRunnable::Run /home/zhangchun/P752D04_MOVISTAR/PRE/android/gecko/ipc/glue/MessagePump.cpp 25 libxul.so nsThread::ProcessNextEvent /home/zhangchun/P752D04_MOVISTAR/PRE/android/gecko/xpcom/threads/nsThread.cpp 26 libxul.so NS_ProcessNextEvent_P /home/zhangchun/P752D04_MOVISTAR/PRE/android/out/target/product/roamer2/obj/objdir-gecko/xpcom/build/nsThreadUtils.cpp 27 libxul.so mozilla::ipc::MessagePump::Run /home/zhangchun/P752D04_MOVISTAR/PRE/android/gecko/ipc/glue/MessagePump.cpp 28 libxul.so MessageLoop::RunInternal /home/zhangchun/P752D04_MOVISTAR/PRE/android/gecko/ipc/chromium/src/base/message_loop.cc 29 libxul.so MessageLoop::Run /home/zhangchun/P752D04_MOVISTAR/PRE/android/gecko/ipc/chromium/src/base/message_loop.cc 30 libxul.so nsBaseAppShell::Run /home/zhangchun/P752D04_MOVISTAR/PRE/android/gecko/widget/xpwidgets/nsBaseAppShell.cpp 31 libxul.so nsAppStartup::Run /home/zhangchun/P752D04_MOVISTAR/PRE/android/gecko/toolkit/components/startup/nsAppStartup.cpp 32 libxul.so XREMain::XRE_mainRun /home/zhangchun/P752D04_MOVISTAR/PRE/android/gecko/toolkit/xre/nsAppRunner.cpp 33 libxul.so XREMain::XRE_main /home/zhangchun/P752D04_MOVISTAR/PRE/android/gecko/toolkit/xre/nsAppRunner.cpp 34 libxul.so XRE_main /home/zhangchun/P752D04_MOVISTAR/PRE/android/gecko/toolkit/xre/nsAppRunner.cpp 35 b2g main ../../../gecko/b2g/app/nsBrowserApp.cpp 36 libc.so __libc_init bionic/libc/bionic/libc_init_dynamic.c 37 libc.so __cxa_atexit bionic/libc/stdlib/atexit.c 38 @0xbebddd46 More reports : https://crash-stats.mozilla.com/report/list?product=B2G&signature=mozilla%3A%3Adom%3A%3AContentParent%3A%3AGetOrCreateActorForBlob
OS: Android → Gonk (Firefox OS)
Hardware: All → ARM
Component: Gaia::System → IPC
Product: Boot2Gecko → Core
Version: unspecified → Trunk
Since we're crashing in code in Blob.h with an offset of 0x38, it looks like a null-deref. GetOrCreateActorForBlob assumes a non-null argument (see the assert at the start); Ben, any idea if the code at http://mxr.mozilla.org/mozilla-central/source/content/base/src/nsFrameMessageManager.cpp#152 could end up passing an array containing a null blob pointer?
Flags: needinfo?(bent.mozilla)
It shouldn't!
Flags: needinfo?(bent.mozilla)
Some STR here would be super useful.
Keywords: steps-wanted
Whiteboard: [sprd321209]
We meet this crash on v1.3t twice.
blocking-b2g: --- → 1.3T?
(In reply to Josh Matthews [:jdm] from comment #3) > Some STR here would be super useful. The problem is that in order to do steps-wanted, we usually need a hint of where to look to test this. For example, if you said something like "I saw this crash while using Grooveshark," then we can use steps-wanted to try to nail down the STR while using the Grooveshark app.
Keywords: steps-wanted
We meet this crash when monkey test. Ying, please find which app crashed.
Flags: needinfo?(ying.xu)
Component: IPC → DOM: Content Processes
tarako is in general stable, unless the stability testing isn't passing, let's add this to backlog thanks
blocking-b2g: 1.3T? → backlog
Flags: needinfo?(ying.xu)
blocking-b2g: backlog → ---
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.