Closed Bug 1388382 Opened 5 years ago Closed 4 years ago

Crash in realloc_impl | mozilla::Vector<T>::growStorageBy

Categories

(Core :: JavaScript Engine, defect, P2)

Unspecified
Windows 10
defect

Tracking

()

RESOLVED WORKSFORME
Tracking Status
firefox57 --- fix-optional

People

(Reporter: marcia, Unassigned)

Details

(4 keywords)

Crash Data

This bug was filed from the Socorro interface and is 
report bp-964c2d2b-d428-4554-a900-8d5f00170808.
=============================================================

Seen while looking at crash stats - there are a bunch of new crashes in this build that start with realloc_impl - here is one: http://bit.ly/2wEeXwg

Possible regression range based on Build ID: https://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=fe6609d22dfdd710b11e3ac7773aff89f7a8d12c&tochange=47248637eafa9a38dade8dc3aa6c4736177c8d8d

Other possible related signatures:

je_realloc | moz_xrealloc | nsTArray_base<T>::EnsureCapacity<T> | nsTArray_Impl<T>::InsertElementAt<T> | `anonymous namespace''::AxisPartition::InsertCoord

realloc_impl | alloc::raw_vec::RawVec<T>::double<T>
Priority: -- → P2
For some reason, even expanding to 6 months, I only see about a dozen crashes.  8 or so of them appear to be the same installation, and all of those are EXEC wildptr crashes.

From the graph, it appears there have been few if any crashes recently... possibly this is fixed?
Group: core-security
Group: core-security → javascript-core-security
Dan, do you think we can close this? Not a lot of crashes per comment 1 and no more crashes since the great purging of crash data.
Flags: needinfo?(dveditz)
There are a lot of crashes for [@ mozilla::Vector<T>::growStorageBy ] but they go back a long ways so I guess that's a different one? In fact for different types <T> they probably are different causes. I don't see a bug filed on those--and some look like potential vulnerabilities--but that doesn't make them this bug.
Status: NEW → RESOLVED
Closed: 4 years ago
Flags: needinfo?(dveditz)
Resolution: --- → WORKSFORME
Group: javascript-core-security
You need to log in before you can comment on or make changes to this bug.