Closed
Bug 1390102
Opened 7 years ago
Closed 3 years ago
Crash in mozilla::BufferList<T>::WriteBytes
Categories
(Core :: JavaScript Engine, defect, P2)
Tracking
()
RESOLVED
INCOMPLETE
People
(Reporter: baffclan, Assigned: djvj)
Details
(Keywords: crash)
Crash Data
This bug was filed from the Socorro interface and is report bp-e131b495-998e-41f5-9fd7-d0ea70170814. ============================================================= Crashing Thread (0) Frame Module Signature Source 0 xul.dll mozilla::BufferList<js::TempAllocPolicy>::WriteBytes(char const*, unsigned __int64) obj-firefox/dist/include/mozilla/BufferList.h:388 1 xul.dll JSStructuredCloneWriter::writeString(unsigned int, JSString*) js/src/vm/StructuredClone.cpp:1127 2 xul.dll JSStructuredCloneWriter::startWrite(JS::Handle<JS::Value>) js/src/vm/StructuredClone.cpp:1467 3 xul.dll JSStructuredCloneWriter::write(JS::Handle<JS::Value>) js/src/vm/StructuredClone.cpp:1747 4 xul.dll WriteStructuredClone(JSContext*, JS::Handle<JS::Value>, JSStructuredCloneData*, JS::StructuredCloneScope, JS::CloneDataPolicy, JSStructuredCloneCallbacks const*, void*, JS::Value const&) js/src/vm/StructuredClone.cpp:616 5 xul.dll JSAutoStructuredCloneBuffer::write(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, JS::CloneDataPolicy, JSStructuredCloneCallbacks const*, void*) js/src/vm/StructuredClone.cpp:2762 6 xul.dll mozilla::dom::StructuredCloneHolderBase::Write(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, JS::CloneDataPolicy) dom/base/StructuredCloneHolder.cpp:189 7 xul.dll mozilla::dom::StructuredCloneHolder::Write(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, JS::CloneDataPolicy, mozilla::ErrorResult&) dom/base/StructuredCloneHolder.cpp:282 8 xul.dll mozilla::dom::StructuredCloneHolder::Write(JSContext*, JS::Handle<JS::Value>, mozilla::ErrorResult&) dom/base/StructuredCloneHolder.cpp:268 9 xul.dll mozilla::dom::StructuredCloneBlob::Constructor(mozilla::dom::GlobalObject&, JS::Handle<JS::Value>, JS::Handle<JSObject*>, mozilla::ErrorResult&) dom/base/StructuredCloneBlob.cpp:71 10 xul.dll mozilla::dom::StructuredCloneHolderBinding::_constructor obj-firefox/dom/bindings/StructuredCloneHolderBinding.cpp:179 11 @0x3eeb0ed5dcc Application Basics: Name: Firefox Version: 56.0b2 Build ID: 20170810180547 Update Channel: beta User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0 OS: Windows_NT 10.0
Comment 1•7 years ago
|
||
Kannan please investigate if this is actionable.
Assignee: nobody → kvijayan
status-firefox56:
--- → affected
Flags: needinfo?(kvijayan)
Priority: -- → P1
Assignee | ||
Comment 2•7 years ago
|
||
Looking today.
Assignee | ||
Comment 3•7 years ago
|
||
Investigated this. I _think_ it's a null-pointer based access. The low crash addr and the read violation suggests a "large offset from null", but I'm not 100% sure about that. I took a good look through the code looking for something to pop out, but it all seems pretty solid. This needs local repro to be actionable.
Flags: needinfo?(kvijayan)
Updated•7 years ago
|
status-firefox57:
--- → wontfix
Priority: P1 → P2
Updated•3 years ago
|
Status: NEW → RESOLVED
Closed: 3 years ago
Resolution: --- → INCOMPLETE
You need to log in
before you can comment on or make changes to this bug.
Description
•