Open
Bug 1246987
Opened 8 years ago
Updated 2 years ago
crash in EnumerateNativeProperties
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
REOPENED
| Tracking | Status | |
|---|---|---|
| firefox47 | --- | wontfix |
| firefox48 | --- | wontfix |
| firefox49 | --- | wontfix |
| firefox-esr45 | --- | wontfix |
| firefox50 | --- | wontfix |
| firefox51 | --- | wontfix |
| firefox-esr60 | --- | affected |
| firefox-esr78 | --- | affected |
| firefox64 | --- | affected |
| firefox65 | --- | affected |
| firefox90 | --- | affected |
| firefox91 | --- | affected |
| firefox92 | --- | affected |
People
(Reporter: alex_mayorga, Unassigned)
References
(Blocks 1 open bug)
Details
(Keywords: crash, Whiteboard: qa-not-actionable)
Crash Data
This bug was filed from the Socorro interface and is report bp-7d7e8dc7-df37-49e7-bc8d-40eec2160205. ============================================================= Filing as instructed by mccr8 on https://bugzilla.mozilla.org/show_bug.cgi?id=851806#c9 Crashing Thread (10) Frame Module Signature Source 0 libxul.so EnumerateNativeProperties js/src/jsiter.cpp 1 libxul.so Snapshot js/src/jsiter.cpp 2 libxul.so js::CrossCompartmentWrapper::getOwnEnumerablePropertyKeys js/src/proxy/DirectProxyHandler.cpp 3 libxul.so js::Proxy::getOwnEnumerablePropertyKeys js/src/proxy/Proxy.cpp 4 libxul.so Snapshot js/src/jsiter.cpp 5 libxul.so Str js/src/jsiter.cpp 6 libxul.so Str js/src/json.cpp 7 libxul.so Str js/src/json.cpp 8 libxul.so JA js/src/json.cpp 9 libxul.so Str js/src/json.cpp 10 libxul.so Str js/src/json.cpp 11 libxul.so JA js/src/json.cpp 12 libxul.so Str js/src/json.cpp 13 libxul.so Str js/src/json.cpp 14 libxul.so Str js/src/json.cpp 15 libxul.so js::Stringify js/src/json.cpp 16 libxul.so json_stringify js/src/json.cpp 17 libxul.so js::Invoke js/src/jscntxtinlines.h 18 libxul.so Interpret js/src/vm/Interpreter.cpp 19 libxul.so js::RunScript js/src/vm/Interpreter.cpp 20 libxul.so js::Invoke js/src/vm/Interpreter.cpp 21 libxul.so js::fun_call js/src/jsfun.cpp 22 libxul.so js::Invoke js/src/jscntxtinlines.h 23 libxul.so js::Invoke js/src/vm/Interpreter.cpp 24 libxul.so js::CrossCompartmentWrapper::call js/src/proxy/DirectProxyHandler.cpp 25 libxul.so js::proxy_Call js/src/proxy/Proxy.cpp 26 libxul.so js::Invoke js/src/jscntxtinlines.h 27 libxul.so js::Invoke js/src/vm/Interpreter.cpp 28 libxul.so js::jit::DoCallFallback js/src/jit/BaselineIC.cpp 29 @0x4624745a 30 libxul.so __aeabi_fcmpgt
|
||
Comment 1•8 years ago
|
||
Crash volume for signature 'EnumerateNativeProperties':
- nightly (version 50): 0 crashes from 2016-06-06.
- aurora (version 49): 5 crashes from 2016-06-07.
- beta (version 48): 91 crashes from 2016-06-06.
- release (version 47): 156 crashes from 2016-05-31.
- esr (version 45): 16 crashes from 2016-04-07.
Crash volume on the last weeks:
W. N-1 W. N-2 W. N-3 W. N-4 W. N-5 W. N-6 W. N-7
- nightly 0 0 0 0 0 0 0
- aurora 1 0 0 0 2 1 1
- beta 9 10 14 18 9 10 12
- release 14 23 27 17 18 26 18
- esr 0 1 1 2 0 10 1
Affected platforms: Windows, Mac OS X, Linux
status-firefox48:
--- → affected
status-firefox49:
--- → affected
status-firefox-esr45:
--- → affected
|
|
||
Comment 2•8 years ago
|
||
Crash volume for signature 'EnumerateNativeProperties':
- nightly (version 51): 1 crash from 2016-08-01.
- aurora (version 50): 2 crashes from 2016-08-01.
- beta (version 49): 42 crashes from 2016-08-02.
- release (version 48): 34 crashes from 2016-07-25.
- esr (version 45): 18 crashes from 2016-05-02.
Crash volume on the last weeks (Week N is from 08-22 to 08-28):
W. N-1 W. N-2 W. N-3
- nightly 0 1 0
- aurora 0 1 0
- beta 19 16 2
- release 9 12 4
- esr 0 1 1
Affected platforms: Windows, Mac OS X, Linux
Crash rank on the last 7 days:
Browser Content Plugin
- nightly
- aurora #470
- beta #1143 #1540
- release #1692 #452
- esr #3171
status-firefox50:
--- → affected
status-firefox51:
--- → affected
|
Reporter | |
Comment 3•8 years ago
|
||
¡Hola! The Beta crash below suggest this might need to move to DOM now, right? ¡Gracias! Alex https://crash-stats.mozilla.com/report/index/d69d4b1b-5954-4377-a8c9-98a262160913 Crashing Thread (0) Frame Module Signature Source 0 xul.dll EnumerateNativeProperties js/src/jsiter.cpp:182 1 xul.dll Snapshot js/src/jsiter.cpp:390 2 xul.dll js::ValueToIterator(JSContext*, unsigned int, JS::MutableHandle<JS::Value>) js/src/jsiter.cpp:1205 3 xul.dll js::jit::DoIteratorNewFallback js/src/jit/BaselineIC.cpp:7592 4 @0xfffffff5 5 @0x5 6 @0x5 7 @0x5 8 @0x5 9 @0xfffffff5 10 @0xfffffff5 11 @0xfffffff5 12 @0x2 13 @0x3 14 @0xfffffff5 15 @0xfffffff5 16 @0xfffffff5 17 @0xfffffff5 18 @0xfffffff5 19 xul.dll mozilla::dom::CallbackObject::CallSetup::CallSetup(mozilla::dom::CallbackObject*, mozilla::ErrorResult&, char const*, mozilla::dom::CallbackObject::ExceptionHandling, JSCompartment*, bool) dom/bindings/CallbackObject.cpp:195 20 xul.dll js::ToWindowProxyIfWindow(JSObject*) js/src/jsfriendapi.cpp:1359 21 xul.dll nsUrlClassifierDBService::LookupURI(nsIPrincipal*, nsACString_internal const&, nsIUrlClassifierCallback*, bool, bool*) toolkit/components/url-classifier/nsUrlClassifierDBService.cpp:1480 22 xul.dll mozilla::EventListenerManager::ListenerCanHandle(mozilla::EventListenerManager::Listener const*, mozilla::WidgetEvent const*, mozilla::EventMessage) dom/events/EventListenerManager.cpp:697 23 xul.dll mozilla::dom::SubtleCrypto::Verify(JSContext*, mozilla::dom::ObjectOrString const&, mozilla::dom::CryptoKey&, mozilla::dom::ArrayBufferViewOrArrayBuffer const&, mozilla::dom::ArrayBufferViewOrArrayBuffer const&, mozilla::ErrorResult&) dom/base/SubtleCrypto.cpp:86 24 xul.dll mozilla::BasePrincipal::CreateCodebasePrincipal(nsIURI*, mozilla::PrincipalOriginAttributes const&) caps/BasePrincipal.cpp:574 25 xul.dll mozilla::EventListenerManager::HandleEventSubType(mozilla::EventListenerManager::Listener*, nsIDOMEvent*, mozilla::dom::EventTarget*) dom/events/EventListenerManager.cpp:1119 26 xul.dll mozilla::EventListenerManager::HandleEventSubType(mozilla::EventListenerManager::Listener*, nsIDOMEvent*, mozilla::dom::EventTarget*) dom/events/EventListenerManager.cpp:1101 27 xul.dll nsCOMPtr_base::assign_with_AddRef(nsISupports*) xpcom/glue/nsCOMPtr.cpp:50 28 xul.dll mozilla::EventListenerManager::HandleEventInternal(nsPresContext*, mozilla::WidgetEvent*, nsIDOMEvent**, mozilla::dom::EventTarget*, nsEventStatus*) dom/events/EventListenerManager.cpp:1294 29 xul.dll mozilla::EventTargetChainItem::HandleEvent(mozilla::EventChainPostVisitor&, mozilla::ELMCreationDetector&) dom/events/EventDispatcher.cpp:274 30 xul.dll mozilla::EventTargetChainItem::HandleEventTargetChain(nsTArray<mozilla::EventTargetChainItem>&, mozilla::EventChainPostVisitor&, mozilla::EventDispatchingCallback*, mozilla::ELMCreationDetector&) dom/events/EventDispatcher.cpp:379 31 xul.dll mozilla::EventDispatcher::Dispatch(nsISupports*, nsPresContext*, mozilla::WidgetEvent*, nsIDOMEvent*, nsEventStatus*, mozilla::EventDispatchingCallback*, nsTArray<mozilla::dom::EventTarget*>*) dom/events/EventDispatcher.cpp:710 32 xul.dll mozilla::dom::PostMessageEvent::Run() dom/base/PostMessageEvent.cpp:168 33 xul.dll nsWindow::SetInputContext(mozilla::widget::InputContext const&, mozilla::widget::InputContextAction const&) widget/windows/nsWindow.cpp:6900 34 xul.dll CallWindowProcCrashProtected xpcom/base/nsCrashOnException.cpp:41 35 xul.dll nsWindow::WindowProc(HWND__*, unsigned int, unsigned int, long) widget/windows/nsWindow.cpp:4509 36 user32.dll _EndUserApiHook
Component: JavaScript Engine → DOM: Events
OS: Android → All
Hardware: ARM → All
|
||
Comment 4•8 years ago
|
||
That stack doesn't seem reliable at all, and in either case, it looks like the bug is still in JS code.
Component: DOM: Events → JavaScript Engine
|
|
||
Comment 5•5 years ago
|
||
Closing because no crashes reported for 12 weeks.
Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → WONTFIX
|
||
Comment 6•5 years ago
|
||
There are still some crashes so reopen it.
Status: RESOLVED → REOPENED
status-firefox64:
--- → affected
status-firefox65:
--- → affected
status-firefox-esr60:
--- → affected
Resolution: WONTFIX → ---
Reopening bug since there are crash reports in the last 6 months.
Status: REOPENED → RESOLVED
Closed: 5 years ago → 3 years ago
Resolution: --- → WORKSFORME
Status: RESOLVED → REOPENED
Resolution: WORKSFORME → ---
Whiteboard: qa-not-actionable
|
|
Reporter | |
Comment 8•3 years ago
|
||
Updated flags per https://crash-stats.mozilla.org/signature/?signature=EnumerateNativeProperties&date=%3E%3D2021-07-01T22%3A08%3A00.000Z&date=%3C2021-08-01T22%3A08%3A00.000Z
status-firefox90:
--- → affected
status-firefox91:
--- → affected
status-firefox92:
--- → affected
status-firefox-esr78:
--- → affected
|
||
Updated•3 years ago
|
Blocks: sm-defects-crashes
|
|
||
Comment 9•2 years ago
|
||
Since the crash volume is low (less than 5 per week), the severity is downgraded to S3. Feel free to change it back if you think the bug is still critical.
For more information, please visit auto_nag documentation.
Severity: critical → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•