This bug was filed from the Socorro interface and is report bp-0ba7bad2-3775-400a-899b-b5bd82160426. ============================================================= Tested on Firefox 45.0.2 32-bit, this took down the whole browser in an OOM situation. I think the code was storing a blob into IndexedDB.

OOM allocation size of about 215MB.

The crash report says: Available Virtual Memory 1260367872 which is quite a bit! (1.17GB of the 4GB total). but: "largest_free_vm_block": "0xc000000", which is ~192MB.

I'll take a look at it. It seems bad that we'd be doing a copy constructor on some giant data.

It looks like the problem is here: if (aOverwrite) { params = ObjectStorePutParams(commonParams); } else { params = ObjectStoreAddParams(commonParams); } This copies commonParams, which does not seem to be used later, so we should be able to move it. The problem is that ObjectStoreAddPutParams is an IPDL-generated class, so this would require generating move constructors. I only see 12 crashes with this signature, so I'm not going to be able to work on this any time soon. That said, it is possible copies of IPDL-generated structures that should be moves might show up elsewhere, and if that gets fixed, this would be easy to fix.

Crash volume for signature 'OOM | large | mozalloc_abort | mozalloc_handle_oom | moz_xmalloc | nsTArray_base<T>::EnsureCapacity<T> | nsTArray_Impl<T>::ReplaceElementsAt<T> | mozilla::dom::indexedDB::ObjectStoreAddPutParams::operator=': - nightly (version 51): 0 crashes from 2016-08-01. - aurora (version 50): 0 crashes from 2016-08-01. - beta (version 49): 4 crashes from 2016-08-02. - release (version 48): 133 crashes from 2016-07-25. - esr (version 45): 3 crashes from 2016-05-02. Crash volume on the last weeks (Week N is from 08-22 to 08-28): W. N-1 W. N-2 W. N-3 - nightly 0 0 0 - aurora 0 0 0 - beta 2 0 0 - release 27 40 48 - esr 0 1 0 Affected platform: Windows Crash rank on the last 7 days: Browser Content Plugin - nightly - aurora - beta #3626 #1656 - release #775 #249 - esr