Closed
Bug 1358244
Opened 7 years ago
Closed 6 years ago
Crash at js::ProtectedReallocPolicy::crashWithInfo
Categories
(Core :: JavaScript Engine, defect, P3)
Core
JavaScript Engine
Tracking
()
RESOLVED
WONTFIX
People
(Reporter: mccr8, Unassigned)
References
(Blocks 1 open bug)
Details
(Keywords: crash, triage-deferred)
Crash Data
I saw a crash with this signature (only one) and figured I'd file a bug for it: bp-253b7d65-7fc0-4e62-a35e-a8b5f0170419 The crash reason is: maybe_pod_realloc: new buffer (old size = 131072) contains 4096 bytes of poison starting from offset 36864!
|
Reporter | |
Updated•7 years ago
|
Flags: needinfo?(emanuel.hoogeveen)
|
||
Comment 1•7 years ago
|
||
This is one of the crashes associated with bug 1124397. There are other signatures [1][2] but this one is new, probably due to a change in inlining. I don't think there's any reason to mark this one as security sensitive. Unfortunately these crashes are pretty much inactionable; right now I'm trying to get some statistics and see if some of them are due to bad hardware. It's possible that the OSX crashes are due to some sort of miscompilation in mozjemalloc; that's something I want to look into soon. The Windows ones are probably a lost cause though. [1] https://crash-stats.mozilla.com/search/?build_id=%3E%3D20170323030203&moz_crash_reason=~maybe_pod_realloc&moz_crash_reason=~free_&moz_crash_reason=~uintptr_t%28p%29%20%3D%3D%20currAddr&moz_crash_reason=~%21currSize%20%26%26%20%21currAddr&moz_crash_reason=~Could%20not%20confirm%20the%20presence%20of%20poison%21&product=Firefox&version=55.0a1&date=%3E%3D2017-03-23T00%3A00%3A00.000Z&date=%3C2018-03-22T00%3A00%3A00.000Z&_sort=-date&_facets=signature&_facets=moz_crash_reason&_columns=date&_columns=signature&_columns=product&_columns=version&_columns=build_id&_columns=platform&_columns=moz_crash_reason#facet-signature [2] https://crash-stats.mozilla.com/search/?build_id=%3E%3D20170404004003&moz_crash_reason=~maybe_pod_realloc&moz_crash_reason=~free_&moz_crash_reason=~uintptr_t%28p%29%20%3D%3D%20currAddr&moz_crash_reason=~%21currSize%20%26%26%20%21currAddr&moz_crash_reason=~Could%20not%20confirm%20the%20presence%20of%20poison%21&product=Firefox&version=54.0a2&date=%3E%3D2017-04-04T00%3A00%3A00.000Z&date=%3C2018-04-03T00%3A00%3A00.000Z&_sort=-date&_facets=signature&_facets=moz_crash_reason&_columns=date&_columns=signature&_columns=product&_columns=version&_columns=build_id&_columns=platform&_columns=moz_crash_reason#facet-signature
Blocks: 1124397
Flags: needinfo?(emanuel.hoogeveen)
|
|
Reporter | |
Updated•7 years ago
|
Group: javascript-core-security
|
||
Updated•7 years ago
|
Keywords: triage-deferred
Priority: -- → P3
|
||
Comment 2•6 years ago
|
||
FWIW this signature has no reports in last 6 months https://crash-stats.mozilla.com/signature/?signature=js%3A%3AProtectedReallocPolicy%3A%3AcrashWithInfo&date=%3E%3D2018-03-05T23%3A02%3A45.000Z&date=%3C2018-09-06T01%3A02%3A45.000Z&_columns=date&_columns=product&_columns=version&_columns=build_id&_columns=platform&_columns=reason&_columns=address&_columns=install_time&_sort=-date&page=1#reports
Severity: normal → critical
Keywords: crash
|
||
Comment 3•6 years ago
|
||
Closing because no crash reported since 12 weeks.
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → WONTFIX
You need to log in
before you can comment on or make changes to this bug.
Description
•