author David Major <>
Tue, 02 Apr 2019 19:20:41 +0000
changeset 467649 cc2ac1b5534f166fbc0f225c5d66946fd8f410af
parent 458216 70d80c4a3fa0b6a383298766f658e4a95ce15e99
permissions -rw-r--r--
Bug 1536675 - Take the crashing out of MOZ_CrashPrintf r=froydnj It would be helpful if MOZ_CRASH_UNSAFE_PRINTF would do its crashing inline at the caller, so that CI failure logs can blame the right code. Before this patch, MOZ_CRASH_UNSAFE_PRINTF calls MOZ_CrashPrintf, which does the printf work and crashes. This patch pulls out the crashing piece at the end, so that MOZ_CrashPrintf only does the printf work, and returns the string to the caller, who will MOZ_Crash inline. Differential Revision:

/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this file,
 * You can obtain one at */

#include "mozilla/Assertions.h"
#include "mozilla/Atomics.h"

#include <stdarg.h>


 * The crash reason is defined as a global variable here rather than in the
 * crash reporter itself to make it available to all code, even libraries like
 * JS that don't link with the crash reporter directly. This value will only
 * be consumed if the crash reporter is used by the target application.
MFBT_DATA const char* gMozCrashReason = nullptr;

static char sPrintfCrashReason[sPrintfCrashReasonSize] = {};

// Accesses to this atomic are not included in web replay recordings, so that
// if we crash in an area where recorded events are not allowed the true reason
// for the crash is not obscured by a record/replay error.
static mozilla::Atomic<bool, mozilla::SequentiallyConsistent,

    char* MOZ_CrashPrintf(const char* aFormat, ...) {
  if (!sCrashing.compareExchange(false, true)) {
    // In the unlikely event of a race condition, skip
    // setting the crash reason and just crash safely.
  va_list aArgs;
  va_start(aArgs, aFormat);
  int ret =
      vsnprintf(sPrintfCrashReason, sPrintfCrashReasonSize, aFormat, aArgs);
      ret >= 0 && size_t(ret) < sPrintfCrashReasonSize,
      "Could not write the explanation string to the supplied buffer!");
  return sPrintfCrashReason;