This bug was filed from the Socorro interface and is report bp-6a1ad8f1-bcce-4200-9e3f-d52382150923. ============================================================= Crashing Thread Frame Module Signature Source 0 xul.dll mozilla::OriginAttributes::CreateSuffix(nsACString_internal&) caps/BasePrincipal.cpp 1 @0x0 2 xul.dll nsPipeOutputStream::Write(char const*, unsigned int, unsigned int*) xpcom/io/nsPipe3.cpp 3 xul.dll TestInputStream xpcom/io/nsStreamUtils.cpp 4 xul.dll nsBinaryOutputStream::WriteBoolean(bool) xpcom/io/nsBinaryStream.cpp 5 xul.dll NS_WriteOptionalCompoundObject(nsIObjectOutputStream*, nsISupports*, nsID const&, bool) obj-firefox/dist/include/nsIObjectOutputStream.h 6 xul.dll [thunk]:nsStringInputStream::Release`adjustor{12}' () 7 xul.dll nsBinaryOutputStream::WriteFully(char const*, unsigned int) xpcom/io/nsBinaryStream.cpp 8 xul.dll nsBinaryOutputStream::WriteID(nsID const&) xpcom/io/nsBinaryStream.cpp 9 xul.dll nsBinaryOutputStream::WriteCompoundObject(nsISupports*, nsID const&, bool) xpcom/io/nsBinaryStream.cpp 10 xul.dll NS_InvokeByIndex xpcom/reflect/xptcall/md/win32/xptcinvoke.cpp 11 xul.dll XPCWrappedNative::CallMethod(XPCCallContext&, XPCWrappedNative::CallMode) js/xpconnect/src/XPCWrappedNative.cpp 12 xul.dll XPC_WN_CallMethod(JSContext*, unsigned int, JS::Value*) js/xpconnect/src/XPCWrappedNativeJSOps.cpp 13 xul.dll js::Invoke(JSContext*, JS::CallArgs, js::MaybeConstruct) js/src/vm/Interpreter.cpp 14 xul.dll Interpret js/src/vm/Interpreter.cpp 15 xul.dll js::RunScript(JSContext*, js::RunState&) js/src/vm/Interpreter.cpp 16 xul.dll js::Invoke(JSContext*, JS::CallArgs, js::MaybeConstruct) js/src/vm/Interpreter.cpp 17 xul.dll js::DirectProxyHandler::call(JSContext*, JS::Handle<JSObject*>, JS::CallArgs const&) js/src/proxy/DirectProxyHandler.cpp 18 xul.dll js::CrossCompartmentWrapper::call(JSContext*, JS::Handle<JSObject*>, JS::CallArgs const&) js/src/proxy/CrossCompartmentWrapper.cpp 19 xul.dll js::Invoke(JSContext*, JS::CallArgs, js::MaybeConstruct) js/src/vm/Interpreter.cpp 20 xul.dll Interpret js/src/vm/Interpreter.cpp 21 xul.dll js::RunScript(JSContext*, js::RunState&) js/src/vm/Interpreter.cpp 22 xul.dll js::Invoke(JSContext*, JS::CallArgs, js::MaybeConstruct) js/src/vm/Interpreter.cpp 23 xul.dll Interpret js/src/vm/Interpreter.cpp 24 xul.dll js::RunScript(JSContext*, js::RunState&) js/src/vm/Interpreter.cpp 25 xul.dll js::Invoke(JSContext*, JS::CallArgs, js::MaybeConstruct) js/src/vm/Interpreter.cpp 26 xul.dll js::fun_apply(JSContext*, unsigned int, JS::Value*) js/src/jsfun.cpp 27 xul.dll js::Invoke(JSContext*, JS::CallArgs, js::MaybeConstruct) js/src/vm/Interpreter.cpp 28 xul.dll js::DirectProxyHandler::call(JSContext*, JS::Handle<JSObject*>, JS::CallArgs const&) js/src/proxy/DirectProxyHandler.cpp 29 xul.dll js::CrossCompartmentWrapper::call(JSContext*, JS::Handle<JSObject*>, JS::CallArgs const&) js/src/proxy/CrossCompartmentWrapper.cpp 30 xul.dll js::Invoke(JSContext*, JS::CallArgs, js::MaybeConstruct) js/src/vm/Interpreter.cpp 31 xul.dll Interpret js/src/vm/Interpreter.cpp 32 xul.dll js::RunScript(JSContext*, js::RunState&) js/src/vm/Interpreter.cpp 33 xul.dll js::Invoke(JSContext*, JS::CallArgs, js::MaybeConstruct) js/src/vm/Interpreter.cpp 34 xul.dll JS_CallFunctionValue(JSContext*, JS::Handle<JSObject*>, JS::Handle<JS::Value>, JS::HandleValueArray const&, JS::MutableHandle<JS::Value>) js/src/jsapi.cpp 35 xul.dll nsXPCWrappedJSClass::CallMethod(nsXPCWrappedJS*, unsigned short, XPTMethodDescriptor const*, nsXPTCMiniVariant*) js/xpconnect/src/XPCWrappedJSClass.cpp 36 xul.dll nsXPCWrappedJS::CallMethod(unsigned short, XPTMethodDescriptor const*, nsXPTCMiniVariant*) js/xpconnect/src/XPCWrappedJS.cpp 37 xul.dll PrepareAndDispatch xpcom/reflect/xptcall/md/win32/xptcstubs.cpp 38 xul.dll SharedStub xpcom/reflect/xptcall/md/win32/xptcstubs.cpp 39 nss3.dll PR_Assert nsprpub/pr/src/io/prlog.c 40 nss3.dll md_UnlockAndPostNotifies nsprpub/pr/src/md/windows/w95cv.c 41 xul.dll nsThread::ProcessNextEvent(bool, bool*) xpcom/threads/nsThread.cpp 42 xul.dll NS_ProcessNextEvent(nsIThread*, bool) xpcom/glue/nsThreadUtils.cpp 43 xul.dll mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) ipc/glue/MessagePump.cpp 44 xul.dll MessageLoop::RunHandler() ipc/chromium/src/base/message_loop.cc 45 xul.dll nsThreadManager::QueryInterface(nsID const&, void**) xpcom/threads/nsThreadManager.cpp 46 xul.dll nsBaseAppShell::Run() widget/nsBaseAppShell.cpp 47 xul.dll nsAppStartup::Run() toolkit/components/startup/nsAppStartup.cpp 48 xul.dll XREMain::XRE_mainRun() toolkit/xre/nsAppRunner.cpp 49 xul.dll XREMain::XRE_main(int, char** const, nsXREAppData const*) toolkit/xre/nsAppRunner.cpp 50 xul.dll XRE_main toolkit/xre/nsAppRunner.cpp 51 kernel32.dll GetProcessPriorityBoost 52 kernel32.dll ConsoleApp 53 xul.dll base::LinearHistogram::FactoryGet(std::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, int, int, unsigned int, base::Histogram::Flags) ipc/chromium/src/base/histogram.cc 54 xul.dll `anonymous namespace'::HistogramGet(char const*, char const*, unsigned int, unsigned int, unsigned int, unsigned int, bool, base::Histogram**) toolkit/components/telemetry/Telemetry.cpp 55 xul.dll base::Histogram::SampleSet::Accumulate(int, int, unsigned int) ipc/chromium/src/base/histogram.cc 56 xul.dll base::Histogram::Add(int) ipc/chromium/src/base/histogram.cc 57 xul.dll mozilla::Telemetry::Accumulate(mozilla::Telemetry::ID, unsigned int) toolkit/components/telemetry/Telemetry.cpp 58 firefox.exe NS_internal_main(int, char**) browser/app/nsBrowserApp.cpp 59 firefox.exe wmain toolkit/xre/nsWindowsWMain.cpp 60 firefox.exe __tmainCRTStartup f:/dd/vctools/crt/crtw32/startup/crt0.c:255 61 kernel32.dll BaseThreadInitThunk 62 ntdll.dll __RtlUserThreadStart 63 ntdll.dll _RtlUserThreadStart this crash turned up in firefox 41.0 and is at #15 on the top crasher list of the release currently. based on the user comments and reviews at https://addons.mozilla.org/de/firefox/addon/mozilla-archive-format/reviews/ this will be caused by the "Mozilla Archive Format, with MHT and Faithful Save" extension (~180.000 users) when they try to open .mht or .maff files.

it's regressed by bug 1155153 according to manual regression testing https://hg.mozilla.org/integration/mozilla-inbound/pushloghtml?fromchange=8f01b41b169e42bc7f5094acef78fa9f8686f493&tochange=2cb48faca184ca1435f536916aa9b6c8ee5d5a5b

FWIW, we had a fix in bug 1182610 for a crash with the same signature if I see this correctly. Too bad this still slipped through.

And bug 1205456 as well! Philipp, are you sure this affects 42 and newer?

the issue looks solved(In reply to David Major [:dmajor] from comment #3) > And bug 1205456 as well! > > Philipp, are you sure this affects 42 and newer? no, i wasn't sure - this was just based on the various affected versions showing up at https://crash-stats.mozilla.com/report/list?signature=mozilla%3A%3AOriginAttributes%3A%3ACreateSuffix%28nsACString_internal%26%29 the crash looks fixed in nightly versions (and subsequently dev edition 43) after https://hg.mozilla.org/mozilla-central/rev/0e0f3104478f has landed. the beta try builds for https://hg.mozilla.org/releases/mozilla-beta/rev/c9a4c0cc5881 are still running - i'll test this later on...

42 looks fine as well after https://hg.mozilla.org/releases/mozilla-beta/rev/c9a4c0cc5881 - 42.0b1 is still affected though.

[Tracking Requested - why for this release]: tracking this to have it on the radar of relman - it appears that the fix in bug 1205456 is in essence for this issue, in case there is an opportunity to uplift that.

41 has shipped already. IMO this is not severe enough for a dot-release, even as a ride-along. In bug 1205456 comment 3 it seems that Bobby already knew that this wouldn't make the 41 train.

Also, if this has the same signature and same fix as bug 1205456, should we mark it as duplicate? Unless there is something unique about this bug that I am missing.

(In reply to David Major [:dmajor] from comment #7) > 41 has shipped already. IMO this is not severe enough for a dot-release, > even as a ride-along. in early data it's #4 for 41.0 on the crash score board though... (In reply to David Major [:dmajor] from comment #8) > Also, if this has the same signature and same fix as bug 1205456, should we > mark it as duplicate? Unless there is something unique about this bug that I > am missing. the issue with bug 1205456 was that it didn't have any signature attached, so i didn't find it when filing this in the first place. but yes, it looks like the same thing, since bug 1205456 was opened in reaction of the crashes you were pointing out at https://bugzilla.mozilla.org/show_bug.cgi?id=1182610#c9. those alos had the "Mozilla Archive Format" addon present.

For the record I'm okay with taking this as a 41 ride-along, contrary to what I said in comment 7. The volume and severity are currently worse than when I first encountered this crash.

I've created a test case with a MAFF file containing only this code: <html><body><iframe src="data:text/html,"/></body></html> This causes Release to crash but Beta does not crash.

(In reply to :Paolo Amadini from comment #12) > Created attachment 8667208 [details] > Minimal MAFF file causing the crash > > I've created a test case with a MAFF file containing only this code: > > <html><body><iframe src="data:text/html,"/></body></html> > > This causes Release to crash but Beta does not crash. the fix should land in 41.0.1

fixed by bug 1205456 in the 41.0.1 update which was pushed out now

This is already fixed so no need to track it for 41.