Closed
Bug 1072801
Opened 10 years ago
Closed 10 years ago
crash in AutoGCSlice::~AutoGCSlice
Categories
(Core :: JavaScript: GC, defect)
Tracking
()
VERIFIED
FIXED
mozilla36
Tracking | Status | |
---|---|---|
firefox33 | --- | affected |
People
(Reporter: andrei, Assigned: terrence)
References
()
Details
(Keywords: crash, Whiteboard: [mozmill])
Crash Data
Attachments
(1 file)
1.16 KB,
patch
|
sfink
:
review+
|
Details | Diff | Splinter Review |
This bug was filed from the Socorro interface and is
report bp-4c2f0025-a30f-40c7-9f63-20b412140925.
=============================================================
Similar to bug 1072800 and possibly bug 1069884.
Please dupe if this is the case.
Crashed in the same test as both of those above referenced bugs.
Comment 1•10 years ago
|
||
This crash is close to a null deref, but not sure how critical it could be.
Crash Reason SIGSEGV
Crash Address 0x1a8
First 10 frames of the stack:
0 libxul.so AutoGCSlice::~AutoGCSlice js/src/jsgc.cpp
1 libxul.so js::gc::GCRuntime::incrementalCollectSlice(long long, JS::gcreason::Reason, js::JSGCInvocationKind) js/src/jsgc.cpp
2 libxul.so js::gc::GCRuntime::gcCycle(bool, long long, js::JSGCInvocationKind, JS::gcreason::Reason) js/src/jsgc.cpp
3 libxul.so js::gc::GCRuntime::collect(bool, long long, js::JSGCInvocationKind, JS::gcreason::Reason) js/src/jsgc.cpp
4 libxul.so js::gc::GCRuntime::gcSlice(js::JSGCInvocationKind, JS::gcreason::Reason, long long) js/src/jsgc.cpp
5 libxul.so JS::IncrementalGC(JSRuntime*, JS::gcreason::Reason, long long) js/src/jsfriendapi.cpp
6 libxul.so nsJSContext::GarbageCollectNow(JS::gcreason::Reason, nsJSContext::IsIncremental, nsJSContext::IsShrinking, long long) dom/base/nsJSEnvironment.cpp
7 libxul.so InterSliceGCTimerFired(nsITimer*, void*) dom/base/nsJSEnvironment.cpp
8 libxul.so nsTimerImpl::Fire() xpcom/threads/nsTimerImpl.cpp
9 libxul.so nsTimerEvent::Run() xpcom/threads/nsTimerImpl.cpp
10 libxul.so nsThread::ProcessNextEvent(bool, bool*) xpcom/threads/nsThread.cpp
Updated•10 years ago
|
Component: XUL → JavaScript: GC
Reporter | ||
Comment 2•10 years ago
|
||
Crashed again, same signature, linux, 33.0.1:
https://crash-stats.mozilla.com/report/index/20f63e84-7c24-4c18-8c8a-e41672141027
Assignee | ||
Comment 3•10 years ago
|
||
Well, that's horrid; we really should be handling this OOM better. It's a safe null deref in all cases, so at least it's not a sec issue. Making this site fallible isn't really feasible, so lets just signal this as an OOM crash immediately.
Comment 4•10 years ago
|
||
Comment on attachment 8512255 [details] [diff] [review]
handle_slice_stats_oom_better-v0.diff
Review of attachment 8512255 [details] [diff] [review]:
-----------------------------------------------------------------
Hopefully this won't hit too often. It's a bit dangerous.
Attachment #8512255 -
Flags: review?(sphink) → review+
Assignee | ||
Comment 5•10 years ago
|
||
Comment 6•10 years ago
|
||
Status: ASSIGNED → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla36
Comment 7•10 years ago
|
||
Socorro [1] shows only 2 crashes in Firefox 31 over the past month.
[1] - https://crash-stats.mozilla.com/report/list?product=Firefox&range_unit=days&range_value=28&signature=AutoGCSlice%3A%3A~AutoGCSlice
Status: RESOLVED → VERIFIED
You need to log in
before you can comment on or make changes to this bug.
Description
•