Closed Bug 1317202 Opened 8 years ago Closed 7 years ago

Crash in JS::CompileOptions::CompileOptions [Mac]

Categories

(Core :: JavaScript Engine, defect, P3)

Product:
Core
Component:
JavaScript Engine
Platform:
Unspecified
macOS
Type:
defect

Tracking

()

Status:
RESOLVED WORKSFORME
Tracking Flags:
Tracking Status
firefox52 --- wontfix

People

(Reporter: wsmwk, Unassigned)

Details

(Keywords: crash, triage-deferred, Whiteboard: [tbird crash])

Crash Data

Some examples of this in Thunderbird nightlies and aurora.

But this report bp-a63735bd-3a12-4a62-8833-965aa2161114 is from 45.4.0
 0 	XUL	JS::CompileOptions::CompileOptions(JSContext*, JSVersion)	js/src/jscntxtinlines.h:457
1 	XUL	CreateFunctionPrototype	js/src/jsfun.cpp:771
2 	XUL	js::GlobalObject::resolveConstructor(JSContext*, JS::Handle<js::GlobalObject*>, JSProtoKey)	js/src/vm/GlobalObject.cpp:158
3 	XUL	js::GlobalObject::ensureConstructor(JSContext*, JS::Handle<js::GlobalObject*>, JSProtoKey)	js/src/vm/GlobalObject.cpp:98
4 	XUL	CreateObjectConstructor	js/src/builtin/Object.cpp:1035
5 	XUL	js::GlobalObject::resolveConstructor(JSContext*, JS::Handle<js::GlobalObject*>, JSProtoKey)	js/src/vm/GlobalObject.cpp:166
6 	XUL	js::GlobalObject::ensureConstructor(JSContext*, JS::Handle<js::GlobalObject*>, JSProtoKey)	js/src/vm/GlobalObject.cpp:98
7 	XUL	JS_GetObjectPrototype(JSContext*, JS::Handle<JSObject*>)	js/src/vm/GlobalObject.h:342
8 	XUL	mozilla::dom::EventTargetBinding::CreateInterfaceObjects(JSContext*, JS::Handle<JSObject*>, mozilla::dom::ProtoAndIfaceCache&, bool)	/builds/slave/tb-rel-c-esr45-m64_bld-0000000/build/objdir-tb/x86_64/dom/bindings/EventTargetBinding.cpp:1228
9 	XUL	mozilla::dom::EventTargetBinding::	/builds/slave/tb-rel-c-esr45-m64_bld-0000000/build/objdir-tb/x86_64/dom/bindings/EventTargetBinding.cpp:1295
10 	XUL	mozilla::dom::WindowBinding::GetNamedPropertiesObject	/builds/slave/tb-rel-c-esr45-m64_bld-0000000/build/objdir-tb/x86_64/dom/bindings/WindowBinding.cpp:13619 

https://hg.mozilla.org/releases/mozilla-esr45/annotate/1496935d4503/js/src/jscntxtinlines.h#l457
inline JSScript*
JSContext::currentScript(jsbytecode** ppc,
                         MaybeAllowCrossCompartment allowCrossCompartment) const
{
    if (ppc)
        *ppc = nullptr;

    js::Activation* act = runtime()->activation();
    while (act && (act->cx() != this || (act->isJit() && !act->asJit()->isActive())))

https://hg.mozilla.org/releases/mozilla-esr45/annotate/1496935d4503/js/src/jsfun.cpp#l771
    if (!ss) {
        js_free(source);
        return nullptr;
    }
    ScriptSourceHolder ssHolder(ss);
    ss->setSource(source, sourceLen);
    CompileOptions options(cx);
#14 Mac crash for Thunderbird 45.6.0. #8 for 51.0b1
Too late for firefox 52, mass-wontfix.
status-firefox52: affectedwontfix
Keywords: triage-deferred
Priority: -- → P3
 There has been some for Thunderbird 52.2.1, but this signature is almost nonexistent for current Thunderbird 52.x. 


(In reply to Wayne Mery (:wsmwk) from comment #0)
> Some examples of this in Thunderbird nightlies and aurora.
> 
> But this report bp-a63735bd-3a12-4a62-8833-965aa2161114 is from 45.4.0

macOS 10.12.1 16B2555
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.