I see many Android crash reports about OOMs inmozilla::image::nsAVIFDecoder::Decode. Available Virtual Memory is usually about 1.7 GB and OOM Allocation Size is between 70 MB - 116 MB. There are also crash reports from Windows with a different crash signature: [@ OOM | large | mozalloc_abort | moz_xmalloc | mozilla::image::nsAVIFDecoder::Decode ]. There is just one crash report from Linux and none from macOS.

I suspect this is a new signature for an old crash. This bug's crash data graph appears to show a big regression in September, but I think that's when Socorro's stack traces started to include inlined functions. I filed bug 1802715 to generate more useful signatures that can continue after new[] and include mozilla::image::nsAVIFDecoder::Decode.

Crash report: https://crash-stats.mozilla.org/report/index/2221dbec-ebc9-4bbc-ba95-a4c110221121

Reason: SIGSEGV / SEGV_MAPERR

Top 10 frames of crashing thread:

0  libmozglue.so  MOZ_Crash  mfbt/Assertions.h:261
0  libmozglue.so  mozalloc_abort  memory/mozalloc/mozalloc_abort.cpp:35
1  libmozglue.so  mozalloc_handle_oom  memory/mozalloc/mozalloc_oom.cpp:51
2  libmozglue.so  moz_xmalloc  memory/mozalloc/mozalloc.cpp:54
3  libxul.so  operator new[]  memory/mozalloc/cxxalloc.h:42
3  libxul.so  mozilla::MakeUnique<unsigned char []>  mfbt/UniquePtr.h:612
3  libxul.so  mozilla::image::nsAVIFDecoder::Decode  image/decoders/nsAVIFDecoder.cpp:1589
3  libxul.so  mozilla::image::nsAVIFDecoder::DoDecode  image/decoders/nsAVIFDecoder.cpp:1167
4  libxul.so  mozilla::image::Decoder::Decode  image/Decoder.cpp:177
5  libxul.so  mozilla::image::DecodedSurfaceProvider::Run  image/DecodedSurfaceProvider.cpp:125

Of the crashes on Windows all but three are on 102esr or 102 thunderbird. One is on 102 Firefox, two are on 105. Seems quite odd.

The line is allocating memory to store the decoded image. To get an idea of the size of image in that range, 4500 x 4500 x 4 (bytes) = 81mb. That's a pretty big image for desktop, nevermind mobile. Is there is site that is giving users avif's of that size commonly? Maybe the urls can shed some light?

(In reply to Timothy Nikkel (:tnikkel) from comment #1)

The line is allocating memory to store the decoded image. To get an idea of the size of image in that range, 4500 x 4500 x 4 (bytes) = 81mb. That's a pretty big image for desktop, nevermind mobile. Is there is site that is giving users avif's of that size commonly? Maybe the urls can shed some light?

Unfortunately, we don't have URLs for the Android OOMs, but here are some URLs from the desktop OOMs (64-bit Windows). I haven't tested these URLs on Android. The sites might serve different content to mobile users. None of these AVIFs are near the 4500 x 4500 size, so I don't know where the 70 MB - 116 MB allocation sizes are coming from.

• https://www.crocs.com.au/p/bayaband-clog/205089.html?cgid=sale&cid=4CC (with a 1980 x 1643 px AVIF: https://media.crocs.com/images/t_pdpzoom/f_auto%2Cq_auto/products/205089_4CC_ALT100/crocs)
• https://www.microsoft.com/en-gb/microsoft-365/try (with a 1842 x 1036 px AVIF: https://cdn-dynmedia-1.microsoft.com/is/image/microsoftcorp/Highlight-M365-IconBounce-2022-01:VP5-1842x1036)
• https://www.action.com/fr-fr/p/drinkfles-456cce6a/ (with seven 1500 x 1500 px AVIFs like https://www.action.com/_next/image/?url=https%3A%2F%2Faction.com%2Fhostedassets%2FCMSArticleImages%2F11%2F54%2F3004111_5701390639850-111_01.png&w=1920&q=75)
• https://phdhealth.community/landing (with a 2880 x 1152 px AVIF: https://media1-production-mightynetworks.imgix.net/asset/43563607/Welcome_to_the_Proper_Human_Diet_Community.jpg?ixlib=rails-4.2.0&fm=jpg&q=75&auto=format&w=2880&h=1152&fit=crop&impolicy=ResizeCrop)
• https://alliance-du-peuple.eu/language/fr/accueil/ (with a 1600 x 857 px AVIF: https://alliance-du-peuple.eu/wp-content/uploads/2022/11/alliance-accuei22222.jpg)

Bug 1802715 has been fixed, so I'm adding what I believe the new crash signature will be.

[@ OOM | large | mozalloc_abort | moz_xmalloc | new[] | mozilla::image::nsAVIFDecoder::Decode]

There was a spike in this in Oct and Nov and then went away. A site was sending large avifs accidentally?