Closed
Bug 1498194
Opened 6 years ago
Closed 2 years ago
Linux ATK a11y crash in OOM | large | NS_ABORT_OOM | nsTSubstring<T>::SetLength when changing continuously the Devtools position
Categories
(Core :: Disability Access APIs, defect, P3)
Tracking
()
RESOLVED
WORKSFORME
Tracking | Status | |
---|---|---|
firefox-esr60 | --- | wontfix |
firefox-esr68 | --- | affected |
firefox62 | --- | wontfix |
firefox63 | --- | wontfix |
firefox64 | --- | wontfix |
firefox65 | --- | wontfix |
firefox68 | --- | wontfix |
firefox69 | --- | fix-optional |
firefox70 | --- | fix-optional |
People
(Reporter: cgeorgiu, Unassigned)
References
Details
(Keywords: crash, regression)
Crash Data
Attachments
(1 file)
4.10 MB,
video/mp4
|
Details |
This bug was filed from the Socorro interface and is report bp-ee06efe4-5baf-40c5-82fe-af8d70181011. ============================================================= Top 10 frames of crashing thread: 0 libxul.so NS_ABORT_OOM xpcom/base/nsDebugImpl.cpp:628 1 libxul.so nsTSubstring<char>::SetLength xpcom/string/nsTSubstring.cpp:847 2 libxul.so mozilla::a11y::DOMtoATK::ATKStringConverterHelper::FinishUTF16toUTF8 xpcom/string/nsTSubstring.h:923 3 libxul.so mozilla::a11y::DOMtoATK::ATKStringConverterHelper::ConvertAdjusted accessible/atk/DOMtoATK.cpp:134 4 libxul.so getTextCB accessible/atk/DOMtoATK.h:128 5 libxul.so getTextSelectionCB accessible/atk/nsMaiInterfaceText.cpp:543 6 libatk-1.0.so.0.21809.1 libatk-1.0.so.0.21809.1@0x14661 7 libatk-bridge-2.0.so.0.0.0 libatk-bridge-2.0.so.0.0.0@0x1ce02 8 libatk-bridge-2.0.so.0.0.0 libatk-bridge-2.0.so.0.0.0@0x1cd3f 9 libatk-bridge-2.0.so.0.0.0 libatk-bridge-2.0.so.0.0.0@0x12569 ============================================================= [Affected versions]: - latest Nightly 64.a01 - Beta 63.0b13 [Affected platforms]: - Ubuntu 16.04 x64 [Steps to reproduce]: 1. Launch Firefox. 2. Press "F12" in order to open Devtools. 3. Click on the "Customize Developer Tools and Get help" button, (those thee dots) situated in the right upper corner. 4. Toggle between the first 4 options in the dialog panel for a few times; "Dock to bottom", "Dock to right", "Dock to left", "Separate window" (please see the attached screencast). [Expected result]: - Firefox doesn't crash. [Actual result]: - Firefox cashes. [Regression range]: - I can't seem to reproduce it on 62.0.3, but since this crash happens rather randomly, it would be hard to determinate a regression range. [Additional notes]: - Please note this crash is intermittent and due to this fact the above steps are not triggering the crash each time. - Also, this issue doesn't occur on macOS 10.13 and Windows, I was able to reproduce this only on one machine of which I tested; running Ubuntu 16.04 x64 - see the about:support page of this machine: https://pastebin.com/SLeZZit6
Reporter | ||
Updated•6 years ago
|
Updated•6 years ago
|
Component: DOM → Disability Access APIs
Comment 1•6 years ago
|
||
Root cause: Instead of being an actual OOM on 64-bit Linux, it's more likely that we reach the maximum possible length for an XPCOM string and report that as an OOM. This suggests that the repro steps cause some accessibility-exposed string to grow and grow every time the dev tools docking is changed. We should use this bug number to track down whatever it is that causes an accessibility-exposed string to grow every time the dev tools docking is changed. Additional notes: * This doesn't happen on Windows or Mac, because the code involved is specific to the Linux accessibility API (ATK). * Repro on one machine but not another is probably caused by one machine running accessibility-API-using software that causes Firefox to report things via ATK and another not running such software so Firefox doesn't bother reporting things via ATK. * The current string conversion code between Gecko and ATK was introduced in bug 1346535. * This problem was not caused by bug 1487341 (the changeset isn't preset on beta and the crash report is from beta). * The conversion code looks needlessly inefficient. Filed bug 1498473. * Changing the Gecko-style allocations to fallible doesn't help unless the glib-style allocations are changed, too.
Updated•6 years ago
|
Updated•6 years ago
|
Comment 2•6 years ago
|
||
While this is high volume for fennec 63 beta and release, I don't see any crashes at all for beta 64 fennec. We can keep an eye on this crash for 64 release and then maybe more discussion to the follow up bugs.
Comment 3•6 years ago
|
||
(In reply to Liz Henry (:lizzard) (needinfo? me) from comment #2) > While this is high volume for fennec 63 beta and release, I don't see any > crashes at all for beta 64 fennec. This code involved in this bug only runs on desktop Linux and should not be running on Fennec. Chances are that what was observed on Fennec was something else with the same top stack frame.
Comment 4•6 years ago
|
||
The Fennec crashes seem to have been about Web Socket IPC proxying.
Comment 5•6 years ago
|
||
Maybe continued leftover crashes from Bug 1475218? Liz maybe it makes sense to make a separate bug for Fennec since the crashes seem to be different products with different causes.
Flags: needinfo?(lhenry)
Comment 7•5 years ago
|
||
Chris can you get this one re-triaged -- is there any action we can take here? (Still getting lots of reports)
Flags: needinfo?(cpeterson)
Comment 8•5 years ago
|
||
This is a low-volume Linux a11y crash. The crash volume in this bug's crash graph looks higher than it actually is because this is a common crash signature. Most of those crashes are unrelated Android and Windows OOMs. In the last week, there have been 778 Android crashes, 459 Windows crashes, and no Linux crashes with this particular signature from Firefox 68/69/70 users:
status-firefox68:
--- → affected
status-firefox69:
--- → affected
status-firefox70:
--- → affected
status-firefox-esr60:
--- → wontfix
status-firefox-esr68:
--- → affected
Flags: needinfo?(cpeterson)
Updated•5 years ago
|
Summary: Crash in OOM | large | NS_ABORT_OOM | nsTSubstring<T>::SetLength when changing continuously the Devtools position → Linux ATK a11y crash in OOM | large | NS_ABORT_OOM | nsTSubstring<T>::SetLength when changing continuously the Devtools position
Comment 9•5 years ago
|
||
Marcia's going to file a followup Fennec bug for that last OOM signature.
Updated•5 years ago
|
Priority: -- → P3
Comment 10•2 years ago
|
||
Closing because no crashes reported for 12 weeks.
Status: NEW → RESOLVED
Closed: 2 years ago
Resolution: --- → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•