Closed
Bug 1072801
Opened 10 years ago
Closed 10 years ago
crash in AutoGCSlice::~AutoGCSlice
Categories
(Core :: JavaScript: GC, defect)
Tracking
()
VERIFIED
FIXED
mozilla36
| Tracking | Status | |
|---|---|---|
| firefox33 | --- | affected |
People
(Reporter: andrei, Assigned: terrence)
References
()
Details
(Keywords: crash, Whiteboard: [mozmill])
Crash Data
Attachments
(1 file)
|
1.16 KB,
patch
|
sfink
:
review+
|
Details | Diff | Splinter Review |
This bug was filed from the Socorro interface and is report bp-4c2f0025-a30f-40c7-9f63-20b412140925. ============================================================= Similar to bug 1072800 and possibly bug 1069884. Please dupe if this is the case. Crashed in the same test as both of those above referenced bugs.
|
||
Comment 1•10 years ago
|
||
This crash is close to a null deref, but not sure how critical it could be. Crash Reason SIGSEGV Crash Address 0x1a8 First 10 frames of the stack: 0 libxul.so AutoGCSlice::~AutoGCSlice js/src/jsgc.cpp 1 libxul.so js::gc::GCRuntime::incrementalCollectSlice(long long, JS::gcreason::Reason, js::JSGCInvocationKind) js/src/jsgc.cpp 2 libxul.so js::gc::GCRuntime::gcCycle(bool, long long, js::JSGCInvocationKind, JS::gcreason::Reason) js/src/jsgc.cpp 3 libxul.so js::gc::GCRuntime::collect(bool, long long, js::JSGCInvocationKind, JS::gcreason::Reason) js/src/jsgc.cpp 4 libxul.so js::gc::GCRuntime::gcSlice(js::JSGCInvocationKind, JS::gcreason::Reason, long long) js/src/jsgc.cpp 5 libxul.so JS::IncrementalGC(JSRuntime*, JS::gcreason::Reason, long long) js/src/jsfriendapi.cpp 6 libxul.so nsJSContext::GarbageCollectNow(JS::gcreason::Reason, nsJSContext::IsIncremental, nsJSContext::IsShrinking, long long) dom/base/nsJSEnvironment.cpp 7 libxul.so InterSliceGCTimerFired(nsITimer*, void*) dom/base/nsJSEnvironment.cpp 8 libxul.so nsTimerImpl::Fire() xpcom/threads/nsTimerImpl.cpp 9 libxul.so nsTimerEvent::Run() xpcom/threads/nsTimerImpl.cpp 10 libxul.so nsThread::ProcessNextEvent(bool, bool*) xpcom/threads/nsThread.cpp
|
||
Updated•10 years ago
|
Component: XUL → JavaScript: GC
|
Reporter | |
Comment 2•10 years ago
|
||
Crashed again, same signature, linux, 33.0.1: https://crash-stats.mozilla.com/report/index/20f63e84-7c24-4c18-8c8a-e41672141027
|
Assignee | |
Comment 3•10 years ago
|
||
Well, that's horrid; we really should be handling this OOM better. It's a safe null deref in all cases, so at least it's not a sec issue. Making this site fallible isn't really feasible, so lets just signal this as an OOM crash immediately.
|
||
Comment 4•10 years ago
|
||
Comment on attachment 8512255 [details] [diff] [review] handle_slice_stats_oom_better-v0.diff Review of attachment 8512255 [details] [diff] [review]: ----------------------------------------------------------------- Hopefully this won't hit too often. It's a bit dangerous.
Attachment #8512255 -
Flags: review?(sphink) → review+
|
|
Assignee | |
Comment 5•10 years ago
|
||
remote: https://hg.mozilla.org/integration/mozilla-inbound/rev/111df21a6d66
|
||
Comment 6•10 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/111df21a6d66
Status: ASSIGNED → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla36
|
||
Comment 7•9 years ago
|
||
Socorro [1] shows only 2 crashes in Firefox 31 over the past month. [1] - https://crash-stats.mozilla.com/report/list?product=Firefox&range_unit=days&range_value=28&signature=AutoGCSlice%3A%3A~AutoGCSlice
Status: RESOLVED → VERIFIED
You need to log in
before you can comment on or make changes to this bug.
Description
•