It's possible that a thread that has called YieldCooperativeContext() might crash. In this case, we can end up here: http://searchfox.org/mozilla-central/rev/b258e6864ee3e809d40982bc5d0d5aff66a20780/js/src/wasm/WasmSignalHandlers.cpp#1344 That accesses a ThreadLocal field on the JSContext (activation_), which calls CurrentThreadCanAccessRuntime, which asserts: http://searchfox.org/mozilla-central/rev/b258e6864ee3e809d40982bc5d0d5aff66a20780/js/src/threading/ProtectedData.cpp#47 If we segfault on a thread that doesn't own the current JSContext, we probably should just leave the signal handler. Brian, can you take a look at this?
Created attachment 8901363 [details] [diff] [review] patch Sorry for the delay.
Assignee: nobody → bhackett1024
Attachment #8901363 - Flags: review?(luke)
Attachment #8901363 - Flags: review?(luke) → review+
Pushed by email@example.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/8ee0053733f8 Don't try to handle wasm faults on threads that are not their runtime's active thread, r=luke.
Status: NEW → RESOLVED
Last Resolved: 11 months ago
status-firefox57: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla57
You need to log in before you can comment on or make changes to this bug.