Crash in `anonymous namespace''::TypeAnalyzer::insertConversions

RESOLVED DUPLICATE of bug 1276558

Status

()

--
critical
RESOLVED DUPLICATE of bug 1276558
2 years ago
2 years ago

People

(Reporter: dbaron, Unassigned)

Tracking

({crash, topcrash})

Firefox Tracking Flags

(Not tracked)

Details

(crash signature)

This bug was filed from the Socorro interface and is 
report bp-e511ea20-bdd3-428e-8df0-1b6d42160529.
=============================================================

There are a decent number of crashes with signature `anonymous namespace''::TypeAnalyzer::insertConversions across all channels, although they seem somewhat more prevalent in prerelease channels (proportional to user base).  (Maybe it correlates with being a developer or advanced users for some reason?)

They're probably at the borderline for whether I could bother with the "topcrash" keyword.

I took a quick look at the minidump for this one, bp-e511ea20-bdd3-428e-8df0-1b6d42160529 .  In this case the crash appears to be a null-dereference, though I didn't dig through the inlining to figure out what it's a null-dereference of.
Er, actually, the null-dereference is dereferencing a pointer in a vtable, in order to try to call the first virtual function on something.  (The object is 0x00007FFE13093DE8, but its vtable is null, and the first parameter to the function call is taken from the 0x10 offset in the object, and is 0x000000DFBC21C020.)

Comment 2

2 years ago
i'm marking this a duplicate of bug 1276558 because that had some followup from the js team.
Status: NEW → RESOLVED
Last Resolved: 2 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 1276558
You need to log in before you can comment on or make changes to this bug.