Closed Bug 1167244 Opened 6 years ago Closed 6 years ago
crash in js::Unboxed
Layout::make Native Group(JSContext*, js::Object Group*)
This bug was filed from the Socorro interface and is report bp-f02a1255-4c46-4809-b823-7f3562150521. ============================================================= Got this crash today under Nightly e10s. Not sure which tab caused the issue, but I opened Google Maps most recently.
Brian, this one might be different from bug 1166700?
Based on the fact that the STR involves Google Maps, this might be a dupe of bug 1166542.
I got this again just now without having Google Maps open.
Do you have any STR? This looks like a NULL deref that should be easy to fix but it would be nice to know why the pointer involved is NULL (since it shouldn't be).
I don't, sorry. I'll try to come up with some if it happens again (so far no more instances).
Crashed an e10s tab with today's Nightly with a similar stack trace: 00c66232-f4dc-4a4c-8275-af6d02150527
OS: Mac OS X → All
Version: unspecified → Trunk
https://crash-stats.mozilla.com/report/index/70e9f401-753b-4d49-a0bf-8fddc2150603 crashed an e10s nightly tab with this. I think it was the slate.com homepage. It doesn't reproduce.
My Nightly is about a week out of date, but I just crashed on Amazon doing something in the shopping cart view: https://crash-stats.mozilla.com/report/index/fdc1a179-ba77-41b4-ae48-dd0902150610
Saw this bug as the top JS crasher. maybeGetProperty() is missing a nullptr check. There are a few other uses of maybeGetProperty() in the codebase that also don't have a check, but most of them look safe. Probably a 5-minute auditing job for bhackett just to make sure :)
Attachment #8620554 - Flags: review?(bhackett1024)
Attachment #8620554 - Flags: review?(bhackett1024) → review+
You need to log in before you can comment on or make changes to this bug.