Closed Bug 1072801 Opened 10 years ago Closed 10 years ago

crash in AutoGCSlice::~AutoGCSlice

Categories

(Core :: JavaScript: GC, defect)

x86
Linux
defect
Not set
critical

Tracking

()

VERIFIED FIXED
mozilla36
Tracking Status
firefox33 --- affected

People

(Reporter: andrei, Assigned: terrence)

References

()

Details

(Keywords: crash, Whiteboard: [mozmill])

Crash Data

Attachments

(1 file)

This bug was filed from the Socorro interface and is report bp-4c2f0025-a30f-40c7-9f63-20b412140925. ============================================================= Similar to bug 1072800 and possibly bug 1069884. Please dupe if this is the case. Crashed in the same test as both of those above referenced bugs.
This crash is close to a null deref, but not sure how critical it could be. Crash Reason SIGSEGV Crash Address 0x1a8 First 10 frames of the stack: 0 libxul.so AutoGCSlice::~AutoGCSlice js/src/jsgc.cpp 1 libxul.so js::gc::GCRuntime::incrementalCollectSlice(long long, JS::gcreason::Reason, js::JSGCInvocationKind) js/src/jsgc.cpp 2 libxul.so js::gc::GCRuntime::gcCycle(bool, long long, js::JSGCInvocationKind, JS::gcreason::Reason) js/src/jsgc.cpp 3 libxul.so js::gc::GCRuntime::collect(bool, long long, js::JSGCInvocationKind, JS::gcreason::Reason) js/src/jsgc.cpp 4 libxul.so js::gc::GCRuntime::gcSlice(js::JSGCInvocationKind, JS::gcreason::Reason, long long) js/src/jsgc.cpp 5 libxul.so JS::IncrementalGC(JSRuntime*, JS::gcreason::Reason, long long) js/src/jsfriendapi.cpp 6 libxul.so nsJSContext::GarbageCollectNow(JS::gcreason::Reason, nsJSContext::IsIncremental, nsJSContext::IsShrinking, long long) dom/base/nsJSEnvironment.cpp 7 libxul.so InterSliceGCTimerFired(nsITimer*, void*) dom/base/nsJSEnvironment.cpp 8 libxul.so nsTimerImpl::Fire() xpcom/threads/nsTimerImpl.cpp 9 libxul.so nsTimerEvent::Run() xpcom/threads/nsTimerImpl.cpp 10 libxul.so nsThread::ProcessNextEvent(bool, bool*) xpcom/threads/nsThread.cpp
Component: XUL → JavaScript: GC
Well, that's horrid; we really should be handling this OOM better. It's a safe null deref in all cases, so at least it's not a sec issue. Making this site fallible isn't really feasible, so lets just signal this as an OOM crash immediately.
Assignee: nobody → terrence
Status: NEW → ASSIGNED
Attachment #8512255 - Flags: review?(sphink)
Comment on attachment 8512255 [details] [diff] [review] handle_slice_stats_oom_better-v0.diff Review of attachment 8512255 [details] [diff] [review]: ----------------------------------------------------------------- Hopefully this won't hit too often. It's a bit dangerous.
Attachment #8512255 - Flags: review?(sphink) → review+
Status: ASSIGNED → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla36
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: