Closed Bug 1172059 Opened 9 years ago Closed 3 years ago

crash in js::Sprinter::putString

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Version:
39 Branch
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED WORKSFORME
Tracking Flags:
Tracking Status
firefox48 --- affected
firefox49 --- affected

People

(Reporter: tdowner, Unassigned)

Details

(Keywords: crash)

Crash Data

This bug was filed from the Socorro interface and is 
report bp-91de09af-10ab-43d3-9e63-42a542150605.
=============================================================

Reported by a user at https://support.mozilla.org/en-US/questions/1065717
These crashes (and https://crash-stats.mozilla.com/report/index/d0d97dbb-f6bc-4e4d-88ff-e5fff2150702) appear to be coming from one of the Ubuntu Firefox 39 builds (https://launchpad.net/~ubuntu-mozilla-security/+archive/ubuntu/ppa/+build/7586734). The crash seems to be specific to x86/gcc-4.8 (we have other builds with gcc-4.9 that don't have this problem).

Note, these builds haven't actually been published to the official Ubuntu archive yet as they're blocked on this crash, but some people manually install the builds from this PPA before we have a chance to test them (despite there being a warning not to).
This crash here seems to occur because js::ScopeCoordinateName returns nullptr (when it happens, |id| here is zero: http://hg.mozilla.org/releases/mozilla-release/file/7665b8d4d51f/js/src/vm/ScopeObject.cpp#l96)
This crash is caused by a miscompile in this particular Ubuntu build, see the analysis in https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1471949/comments/3
Crash volume for signature 'js::Sprinter::putString':
 - nightly (version 50): 0 crashes from 2016-06-06.
 - aurora  (version 49): 1 crash from 2016-06-07.
 - beta    (version 48): 25 crashes from 2016-06-06.
 - release (version 47): 32 crashes from 2016-05-31.
 - esr     (version 45): 0 crashes from 2016-04-07.

Crash volume on the last weeks:
            W. N-1  W. N-2  W. N-3  W. N-4  W. N-5  W. N-6  W. N-7
 - nightly       0       0       0       0       0       0       0
 - aurora        0       1       0       0       0       0       0
 - beta          1       7       3       0       3       4       3
 - release       4       3       6       4       6       4       4
 - esr           0       0       0       0       0       0       0

Affected platforms: Windows, Linux
status-firefox48: --- → affected
status-firefox49: --- → affected

Closing this issue as resolved:WFM since there were no crash reports for this in the last 6 months.

Status: NEW → RESOLVED
Closed: 3 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.