Closed Bug 1126072 Opened 9 years ago Closed 9 years ago

Crash [@ ucol_close_52] or [@ js::gc::Arena::finalize] or [@ js::gc::ArenaLists::queueForegroundObjectsForSweep]

Categories

(Core :: JavaScript: GC, defect)

Product:
Core
Component:
JavaScript: GC
Platform:
x86_64
macOS
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED DUPLICATE of bug 949220
Tracking Flags:
Tracking Status
firefox38 --- affected

People

(Reporter: gkw, Unassigned)

Details

(Keywords: crash, regression, testcase)

Attachments

(1 file)

stack
6.30 KB, text/plain
Details
Attached file stack 
The upcoming testcase crashes js debug shell on m-c changeset c0f88b376e33 with  --fuzzing-safe --gc-zeal=14 --no-threads --no-fpu --no-asmjs --no-baseline --ion-eager at ucol_close_52 with js::gc::Arena::finalize and js::gc::ArenaLists::queueForegroundObjectsForSweep on the stack.

Debug configure options:

CC="clang -Qunused-arguments" CXX="clang++ -Qunused-arguments" AR=ar AUTOCONF=/usr/local/Cellar/autoconf213/2.13/bin/autoconf213 sh /Users/fuzz2/trees/mozilla-central/js/src/configure --target=x86_64-apple-darwin12.5.0 --disable-debug --enable-optimize --enable-nspr-build --enable-more-deterministic --with-ccache --enable-gczeal --enable-debug-symbols --disable-tests

Not sure exactly what issue this is, so setting needinfo? from Jon as a start, since this seems related to compacting GC, also setting s-s.
Flags: needinfo?(jcoppeard)
:decoder mentioned over IRC that this might be bug 949220.
Confirmed by :Waldo in person. Opening up.
Group: core-security
Status: NEW → RESOLVED
Closed: 9 years ago
Flags: needinfo?(jcoppeard)
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: