Closed
Bug 1028904
Opened 11 years ago
Closed 9 years ago
crash in js::StringObject::setStringThis(JSString*)
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
WORKSFORME
People
(Reporter: kairo, Unassigned)
References
Details
(Keywords: crash, topcrash-win)
Crash Data
This bug was filed from the Socorro interface and is
report bp-3f38fecb-8d7d-41d7-9b48-0a6a62140623.
=============================================================
Top frames:
0 mozjs.dll js::StringObject::setStringThis(JSString *) js/src/vm/StringObject.h
1 mozjs.dll js::StringObject::init(JSContext *,JS::Handle<JSString *>) js/src/vm/StringObject-inl.h
2 mozjs.dll js::StringObject::create(JSContext *,JS::Handle<JSString *>,js::NewObjectKind) js/src/vm/StringObject-inl.h
3 mozjs.dll js::PrimitiveToObject(JSContext *,JS::Value const &) js/src/jsobj.cpp
4 mozjs.dll js::jit::DoGetPropFallback js/src/jit/BaselineIC.cpp
This started to happen on Nightly with the 6/20 build, across all Windows versions on 32bit builds.
Based on this being the first nightly build it happens with, the regression range is http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=f78e532e8a10&tochange=bdac18bd6c74
More reports at https://crash-stats.mozilla.com/report/list?signature=js%3A%3AStringObject%3A%3AsetStringThis%28JSString%2A%29
This bug might have the same root cause as bug 1028902, which started at the same time.
|
Reporter | |
Comment 1•11 years ago
|
||
Also note that https://crash-stats.mozilla.com/report/list?signature=EnterBaseline spiked at the same time as well.
|
||
Comment 2•11 years ago
|
||
Jan: could this crash be fallout from your Latin1 string changes? Could it be related to GetLengthProperty crash bug 1028902?
Flags: needinfo?(jdemooij)
|
||
Comment 3•11 years ago
|
||
(In reply to Chris Peterson (:cpeterson) from comment #2)
> Jan: could this crash be fallout from your Latin1 string changes? Could it
> be related to GetLengthProperty crash bug 1028902?
This seems to be the same issue as bug 1028902, just a different signature.
My string changes in this range are all pretty straight-forward; I double-checked them at least 5 times yesterday and nothing stands out. Also see bug 1028902 comment 5, these crashes only happen for users with a weird malware addon installed; I think it's more likely that addon is misbehaving somehow...
Flags: needinfo?(jdemooij)
|
||
Updated•10 years ago
|
Crash Signature: [@ js::StringObject::setStringThis(JSString*)] → [@ js::StringObject::setStringThis(JSString*)]
[@ js::StringObject::setStringThis]
|
||
Comment 4•9 years ago
|
||
like bug 1028902, there are almost no crashes here for any current version https://crash-stats.mozilla.com/signature/?signature=js%3A%3AStringObject%3A%3AsetStringThis so I think this can be closed. Please reopen if you disagree.
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•