search

brave / brave-browser

Brave browser for Android, iOS, Linux, macOS, Windows.
https://brave.com
Mozilla Public License 2.0
17.73k stars 2.31k forks source link

Crashes (OOM) from allocating too much memory, trying to read large filter lists #36424

Open stephendonner opened 7 months ago

stephendonner commented 7 months ago

Description

Crashes (OOM) from allocating too much memory, trying to read large filter lists

Steps to Reproduce

  1. install Brave
  2. load https://filterlists.com/
  3. open brave://settings/shields/filters
  4. enter https://tgc.cloud/downloads/hosts.txt into the Custom filter list textfield and save
  5. wait

Actual result:

Tends to crash (OOM, looks like it allocates too much)

Expected result:

Shouldn't crash

Reproduces how often:

Brave version (brave://version info)

Brave 1.65.35 Chromium: 122.0.6261.69 (Official Build) nightly (x86_64)
Revision 8873b7ee8825b7b68a55a5ffbd3ab44759476d02
OS macOS Version 14.4 (Build 23E5205c)

Version/Channel Information:

Other Additional Information:

Miscellaneous Information:

cc @antonok-edm @pes10k @AlexeyBarabash @brave/qa-team @rebron

bsclifton commented 7 months ago

@stephendonner is there a crash ID on brave://crashes?

stephendonner commented 7 months ago

@stephendonner is there a crash ID on brave://crashes?

Yup, sorry!

25ff0400-b651-8c0b-0000-000000000000

[ 00 ] partition_alloc::internal::OnNoMemoryInternal(unsigned long) ( oom.cc:57 )
[ 01 ] partition_alloc::TerminateBecauseOutOfMemory(unsigned long) ( oom.cc:64 )
[ 02 ] partition_alloc::internal::OnNoMemory(unsigned long) ( oom.cc:74 )
[ 03 ] partition_alloc::PartitionRoot::OutOfMemory(unsigned long) ( partition_root.cc:836 )
[ 04 ] partition_alloc::internal::(anonymous namespace)::PartitionOutOfMemoryMappingFailure(partition_alloc::PartitionRoot*, unsigned long) ( partition_bucket.cc:63 )
[ 05 ] partition_alloc::internal::(anonymous namespace)::PartitionDirectMap(partition_alloc::PartitionRoot*, partition_alloc::internal::AllocFlags, unsigned long, unsigned long) ( partition_bucket.cc:288 )
[ 06 ] partition_alloc::internal::PartitionBucket::SlowPathAlloc(partition_alloc::PartitionRoot*, partition_alloc::internal::AllocFlags, unsigned long, unsigned long, partition_alloc::internal::SlotSpanMetadata**, bool*) ( partition_bucket.cc:1341 )
[ 07 ] void* partition_alloc::PartitionRoot::AllocInternalNoHooks<(partition_alloc::internal::AllocFlags)16>(unsigned long, unsigned long) ( partition_root.h:1298 )
[ 08 ] void* partition_alloc::PartitionRoot::AllocInternal<(partition_alloc::internal::AllocFlags)16>(unsigned long, unsigned long, char const*) ( partition_root.h:2111 )
[ 09 ] void* partition_alloc::PartitionRoot::ReallocInline<(partition_alloc::internal::AllocFlags)16, (partition_alloc::internal::FreeFlags)0>(void*, unsigned long, char const*) ( partition_root.h:2492 )
[ 10 ] void* partition_alloc::PartitionRoot::Realloc<(partition_alloc::internal::AllocFlags)16, (partition_alloc::internal::FreeFlags)0>(void*, unsigned long, char const*) ( partition_root.h:534 )
[ 11 ] base::allocator::dispatcher::internal::DispatcherImpl<base::PoissonAllocationSampler>::ReallocFn(allocator_shim::AllocatorDispatch const*, void*, unsigned long, void*) ( dispatcher_internal.h:180 )
[ 12 ] ShimRealloc ( shim_alloc_functions.h:134 )
[ 13 ] allocator_shim::(anonymous namespace)::MallocZoneRealloc(_malloc_zone_t*, void*, unsigned long) ( allocator_shim_override_apple_default_zone.h:161 )
[ 14 ] malloc_zone_realloc
[ 15 ] realloc
[ 16 ] alloc::alloc::Global::grow_impl ( alloc.rs:136 )
[ 17 ] <alloc::alloc::Global as core::alloc::Allocator>::grow ( alloc.rs:266 )
[ 18 ] alloc::raw_vec::finish_grow ( raw_vec.rs:492 )
[ 19 ] alloc::raw_vec::RawVec<T,A>::grow_amortized ( raw_vec.rs:414 )
[ 20 ] alloc::raw_vec::RawVec<T,A>::reserve::do_reserve_and_handle ( raw_vec.rs:289 )
[ 21 ] alloc::raw_vec::RawVec<T,A>::reserve ( raw_vec.rs:293 )
[ 22 ] alloc::vec::Vec<T,A>::reserve ( mod.rs:909 )
[ 23 ] alloc::vec::Vec<T,A>::append_elements ( mod.rs:1997 )
[ 24 ] alloc::vec::Vec<T,A>::append ( mod.rs:1987 )
[ 25 ] adblock::lists::FilterSet::add_filters ( lists.rs:241 )
[ 26 ] adblock::lists::FilterSet::add_filter_list ( lists.rs:234 )
[ 27 ] adblock_cxx::filter_set::FilterSet::add_filter_list_with_permissions::{{closure}} ( filter_set.rs:35 )
[ 28 ] adblock_cxx::filter_set::FilterSet::add_filter_list_with_permissions ( filter_set.rs:34 )
[ 29 ] adblock::FilterSet::add_filter_list(std::__Cr::vector<unsigned char, std::__Cr::allocator<unsigned char>> const&) ( filter_set.rs:26 )
[ 30 ] brave_shields::(anonymous namespace)::AddDATBufferToFilterSet(base::OnceCallback<void (adblock::FilterListMetadata const&)>, std::__Cr::vector<unsigned char, std::__Cr::allocator<unsigned char>>, rust::cxxbridge1::Box<adblock::FilterSet>*) ( ad_block_subscription_filters_provider.cc:28 )
[ 31 ] void base::internal::FunctorTraits<void (*)(base::OnceCallback<void (adblock::FilterListMetadata const&)>, std::__Cr::vector<unsigned char, std::__Cr::allocator<unsigned char>>, rust::cxxbridge1::Box<adblock::FilterSet>*)>::Invoke<void (*)(base::OnceCallback<void (adblock::FilterListMetadata const&)>, std::__Cr::vector<unsigned char, std::__Cr::allocator<unsigned char>>, rust::cxxbridge1::Box<adblock::FilterSet>*), base::OnceCallback<void (adblock::FilterListMetadata const&)>, std::__Cr::vector<unsigned char, std::__Cr::allocator<unsigned char>>, rust::cxxbridge1::Box<adblock::FilterSet>*>(void (*&&)(base::OnceCallback<void (adblock::FilterListMetadata const&)>, std::__Cr::vector<unsigned char, std::__Cr::allocator<unsigned char>>, rust::cxxbridge1::Box<adblock::FilterSet>*), base::OnceCallback<void (adblock::FilterListMetadata const&)>&&, std::__Cr::vector<unsigned char, std::__Cr::allocator<unsigned char>>&&, rust::cxxbridge1::Box<adblock::FilterSet>*&&) ( bind_internal.h:641 )
``` [ 39 ] void base::internal::Invoker*)>, std::__Cr::allocator*)>>>, rust::cxxbridge1::Box*), std::__Cr::vector*)>, std::__Cr::allocator*)>>>>, void (rust::cxxbridge1::Box*)>::RunImpl*)>, std::__Cr::allocator*)>>>, rust::cxxbridge1::Box*), std::__Cr::tuple*)>, std::__Cr::allocator*)>>>>, 0ul>(void (*&&)(std::__Cr::vector*)>, std::__Cr::allocator*)>>>, rust::cxxbridge1::Box*), std::__Cr::tuple*)>, std::__Cr::allocator*)>>>>&&, std::__Cr::integer_sequence, rust::cxxbridge1::Box*&&) ( bind_internal.h:991 ) [ 40 ] base::internal::Invoker*)>, std::__Cr::allocator*)>>>, rust::cxxbridge1::Box*), std::__Cr::vector*)>, std::__Cr::allocator*)>>>>, void (rust::cxxbridge1::Box*)>::RunOnce(base::internal::BindStateBase*, rust::cxxbridge1::Box*) ( bind_internal.h:904 ) [ 41 ] base::OnceCallback*)>::Run(rust::cxxbridge1::Box*) && ( callback.h:156 ) [ 42 ] brave_shields::AdBlockService::SourceProviderObserver::OnFilterSetCallbackLoaded(base::OnceCallback*)>)::$_0::operator()(base::OnceCallback*)>) const ( ad_block_service.cc:93 ) [ 43 ] std::__Cr::unique_ptr, std::__Cr::default_delete>> base::internal::FunctorTraits*)>)::$_0>::Invoke*)>)::$_0, base::OnceCallback*)>>(brave_shields::AdBlockService::SourceProviderObserver::OnFilterSetCallbackLoaded(base::OnceCallback*)>)::$_0&&, base::OnceCallback*)>&&) ( bind_internal.h:626 ) [ 44 ] std::__Cr::unique_ptr, std::__Cr::default_delete>> base::internal::InvokeHelper, std::__Cr::default_delete>>, 0ul>::MakeItSo*)>)::$_0, std::__Cr::tuple*)>>>(brave_shields::AdBlockService::SourceProviderObserver::OnFilterSetCallbackLoaded(base::OnceCallback*)>)::$_0&&, std::__Cr::tuple*)>>&&) ( bind_internal.h:860 ) [ 45 ] std::__Cr::unique_ptr, std::__Cr::default_delete>> base::internal::Invoker*)>)::$_0, base::OnceCallback*)>>, std::__Cr::unique_ptr, std::__Cr::default_delete>> ()>::RunImpl*)>)::$_0, std::__Cr::tuple*)>>, 0ul>(brave_shields::AdBlockService::SourceProviderObserver::OnFilterSetCallbackLoaded(base::OnceCallback*)>)::$_0&&, std::__Cr::tuple*)>>&&, std::__Cr::integer_sequence) ( bind_internal.h:991 ) ``` < SNIP> ``` [ 59 ] base::internal::TaskTracker::RunSkipOnShutdown(base::internal::Task&, base::TaskTraits const&, base::internal::TaskSource*, base::internal::SequenceToken const&) ( task_tracker.cc:664 ) [ 60 ] base::internal::TaskTracker::RunTask(base::internal::Task, base::internal::TaskSource*, base::TaskTraits const&) ( task_tracker.cc:694 ) [ 61 ] base::internal::TaskTracker::RunAndPopNextTask(base::internal::RegisteredTaskSource) ( task_tracker.cc:416 ) [ 62 ] base::internal::WorkerThread::RunWorker() ( worker_thread.cc:430 ) [ 63 ] base::internal::WorkerThread::RunPooledWorker() ( worker_thread.cc:315 ) [ 64 ] base::internal::WorkerThread::ThreadMain() ( worker_thread.cc:295 ) [ 65 ] base::(anonymous namespace)::ThreadFunc(void*) ( platform_thread_posix.cc:103 ) [ 66 ] _pthread_start [ 67 ] thread_start ```