Open Bug 1366753 Opened 7 years ago Updated 2 years ago

Crash in js::NativeHasProperty

Categories

(Core :: JavaScript Engine, defect, P3)

Product:
Core
Component:
JavaScript Engine
Platform:
x86
Windows 10
Type:
defect

Tracking

()

Status:
REOPENED
Tracking Flags:
Tracking Status
firefox-esr60 --- affected
firefox64 --- affected
firefox65 --- affected

People

(Reporter: baffclan, Unassigned)

References

(Blocks 1 open bug)

Details

(Keywords: crash, triage-deferred)

Crash Data

This bug was filed from the Socorro interface and is 
report bp-36332f33-a91c-4176-a210-f04b80170522.
=============================================================

Crashing Thread (0)
Frame 	Module 	Signature 	Source
0 	xul.dll 	js::NativeHasProperty(JSContext*, JS::Handle<js::NativeObject*>, JS::Handle<jsid>, bool*) 	js/src/vm/NativeObject.cpp:1790
1 		@0x68e9bf8eaf 	
2 	mozglue.dll 	free_impl 	memory/build/replace_malloc.c:197
3 		@0xfffdffffffffffff 	
4 	xul.dll 	ObjectDefineProperties 	js/src/builtin/Object.cpp:784
5 	xul.dll 	js::obj_create(JSContext*, unsigned int, JS::Value*) 	js/src/builtin/Object.cpp:833
6 	xul.dll 	js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) 	js/src/vm/Interpreter.cpp:470
7 	xul.dll 	Interpret 	js/src/vm/Interpreter.cpp:3028
8 	xul.dll 	js::RunScript(JSContext*, js::RunState&) 	js/src/vm/Interpreter.cpp:410
9 	xul.dll 	js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) 	js/src/vm/Interpreter.cpp:488
10 	xul.dll 	js::Wrapper::call(JSContext*, JS::Handle<JSObject*>, JS::CallArgs const&) 	js/src/proxy/Wrapper.cpp:166
11 	xul.dll 	js::CrossCompartmentWrapper::call(JSContext*, JS::Handle<JSObject*>, JS::CallArgs const&) 	js/src/proxy/CrossCompartmentWrapper.cpp:353
12 	xul.dll 	js::Proxy::call(JSContext*, JS::Handle<JSObject*>, JS::CallArgs const&) 	js/src/proxy/Proxy.cpp:479
13 	xul.dll 	js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) 	js/src/vm/Interpreter.cpp:452
14 	xul.dll 	Interpret 	js/src/vm/Interpreter.cpp:3028
15 	xul.dll 	js::RunScript(JSContext*, js::RunState&) 	js/src/vm/Interpreter.cpp:410
16 	xul.dll 	js::ExecuteKernel(JSContext*, JS::Handle<JSScript*>, JSObject&, JS::Value const&, js::AbstractFramePtr, JS::Value*) 	js/src/vm/Interpreter.cpp:699
17 	xul.dll 	js::ExecuteInGlobalAndReturnScope(JSContext*, JS::Handle<JSObject*>, JS::Handle<JSScript*>, JS::MutableHandle<JSObject*>) 	js/src/builtin/Eval.cpp:477
18 	xul.dll 	nsMessageManagerScriptExecutor::LoadScriptInternal(nsAString const&, bool) 	dom/base/nsFrameMessageManager.cpp:1553
19 	xul.dll 	mozilla::dom::ContentChild::RecvLoadProcessScript(nsString const&) 	dom/ipc/ContentChild.cpp:2299
20 	xul.dll 	mozilla::dom::PContentChild::OnMessageReceived(IPC::Message const&) 	obj-firefox/ipc/ipdl/PContentChild.cpp:7957
21 	xul.dll 	mozilla::ipc::MessageChannel::DispatchAsyncMessage(IPC::Message const&) 	ipc/glue/MessageChannel.cpp:2064
22 	xul.dll 	mozilla::ipc::MessageChannel::DispatchMessageW(IPC::Message&&) 	ipc/glue/MessageChannel.cpp:1999
23 	xul.dll 	mozilla::ipc::MessageChannel::RunMessage(mozilla::ipc::MessageChannel::MessageTask&) 	ipc/glue/MessageChannel.cpp:1868
24 	xul.dll 	mozilla::ipc::MessageChannel::MessageTask::Run() 	ipc/glue/MessageChannel.cpp:1901
25 	xul.dll 	nsThread::ProcessNextEvent(bool, bool*) 	xpcom/threads/nsThread.cpp:1302
26 	xul.dll 	mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) 	ipc/glue/MessagePump.cpp:96
27 	xul.dll 	mozilla::ipc::MessagePumpForChildProcess::Run(base::MessagePump::Delegate*) 	ipc/glue/MessagePump.cpp:301
28 	xul.dll 	MessageLoop::RunHandler() 	ipc/chromium/src/base/message_loop.cc:231
29 	xul.dll 	MessageLoop::Run() 	ipc/chromium/src/base/message_loop.cc:211
30 	xul.dll 	nsBaseAppShell::Run() 	widget/nsBaseAppShell.cpp:156
31 	xul.dll 	nsAppShell::Run() 	widget/windows/nsAppShell.cpp:271
32 	xul.dll 	XRE_RunAppShell() 	toolkit/xre/nsEmbedFunctions.cpp:893
33 	xul.dll 	mozilla::ipc::MessagePumpForChildProcess::Run(base::MessagePump::Delegate*) 	ipc/glue/MessagePump.cpp:269
34 	xul.dll 	MessageLoop::RunHandler() 	ipc/chromium/src/base/message_loop.cc:231
35 	xul.dll 	MessageLoop::Run() 	ipc/chromium/src/base/message_loop.cc:211
36 	xul.dll 	XRE_InitChildProcess(int, char** const, XREChildData const*) 	toolkit/xre/nsEmbedFunctions.cpp:709
37 	firefox.exe 	content_process_main(mozilla::Bootstrap*, int, char** const) 	ipc/contentproc/plugin-container.cpp:64
38 	firefox.exe 	NS_internal_main(int, char**, char**) 	browser/app/nsBrowserApp.cpp:285
39 	firefox.exe 	wmain 	toolkit/xre/nsWindowsWMain.cpp:115
40 	firefox.exe 	__scrt_common_main_seh 	f:/dd/vctools/crt/vcstartup/src/startup/exe_common.inl:253
41 	kernel32.dll 	BaseThreadInitThunk 	
42 	ntdll.dll 	RtlUserThreadStart 	


Application Basics: 
Name: Firefox
Version: 55.0a1
Build ID: 20170521030205
Update Channel: nightly
User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55.0
OS: Windows_NT 10.0
Keywords: triage-deferred
Priority: -- → P3
Closing because no crashes reported for 12 weeks.
Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → WONTFIX
There are still some crashes so reopen it.
Status: RESOLVED → REOPENED
status-firefox64: --- → affected
status-firefox65: --- → affected
status-firefox-esr60: --- → affected
Resolution: WONTFIX → ---
Severity: critical → S2

Since the crash volume is low (less than 5 per week), the severity is downgraded to S3. Feel free to change it back if you think the bug is still critical.

For more information, please visit auto_nag documentation.

Severity: S2 → S3
You need to log in before you can comment on or make changes to this bug.