This bug was filed from the Socorro interface and is report bp-07d14514-5697-4a15-a907-7d3872140531. ============================================================= Filing in networking to start; I'm not sure where this belongs. Note crash dump analysis rates exploitability high. More reports are here: https://crash-stats.mozilla.com/report/list?product=Firefox&signature=arena_dalloc+|+je_free+|+nsACString_internal%3A%3ASetLength%28unsigned+int%29
Something has messed up the allocator's memory, we need to find and fix it.
Component: Networking → jemalloc
I'm pretty sure this is actually a Networking issue, my guess is jemalloc is being handed junk memory. A random sampling of the stacks indicates the same path each time with the most likely root cause being the call to |mPAC.GetProxyForURI|  in |nsPACMan::ProcessPending|.  http://hg.mozilla.org/releases/mozilla-release/annotate/529a45c94e5a/netwerk/base/src/nsPACMan.cpp#l550
Patrick, you know the PAC code best, but we can also hand this to Valentin or Dragana, etc.
1035075 might be similar.. a uaf in the pac code.. not sure exactly what has changed in that space - some of the js team made some updates for api changes with js that might be causing the issue. I asked steve if he wanted to look at 1035075
FWIW, a bunch of crash reporter comments are about crashing during shutdown (but not exclusively).
davidb - I think based on 1035075 it is a shutdown issue and I've got a patch to address that. So I'm going to dup it.
Status: NEW → RESOLVED
Last Resolved: 4 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 1035075
You need to log in before you can comment on or make changes to this bug.