Crash in nsTSubstring<T>::SetIsVoid

NEW
Unassigned

Status

()

Core
Preferences: Backend
--
critical
a month ago
16 days ago

People

(Reporter: marcia, Unassigned)

Tracking

({crash, regression})

58 Branch
Unspecified
Mac OS X
crash, regression
Points:
---

Firefox Tracking Flags

(firefox58 wontfix)

Details

(crash signature)

This bug was filed from the Socorro interface and is
report bp-52fcf323-51be-4bbd-8aab-b473a0180124.
=============================================================

Seen while looking at 58 crash stats: http://bit.ly/2DBwxJr. Crashes are only seen in 58 release. Not sure if this is the right bucket but I looked at the top of ths stack.

One comment "occurred when trying to install update"

Top 10 frames of crashing thread:

0 XUL nsTSubstring<char>::SetIsVoid clang/include/c++/v1/atomic:987
1 XUL nsPrefBranch::GetCharPref modules/libpref/Preferences.cpp:643
2 XUL nsPrefBranch::GetCharPrefWithDefault modules/libpref/Preferences.cpp:2273
3 XUL NS_InvokeByIndex 
4 XUL XPCWrappedNative::CallMethod js/xpconnect/src/XPCWrappedNative.cpp:1996
5 XUL XPC_WN_CallMethod js/xpconnect/src/XPCWrappedNativeJSOps.cpp:929
6 XUL js::InternalCallOrConstruct js/src/jscntxtinlines.h:291
7 XUL Interpret js/src/vm/Interpreter.cpp:528
8 XUL js::RunScript js/src/vm/Interpreter.cpp:423
9 XUL js::InternalCallOrConstruct js/src/vm/Interpreter.cpp:495

=============================================================
Several more comments about updating - it seems that every version of Mac is affected from 10.9 up:

*it just crashed after I started the computer and the updates were installed 
*computer crashed almost immediately after starting
Volume is pretty low, between 5 and 15 reports a day so far.
Startup crash that seems to be Mac only. Low volume, but we should try to understand what's happening here.

Nicholas, can you find someone to investigate?
status-firefox58: affected → wontfix
Flags: needinfo?(n.nethercote)
This is a strange one. For one, it's Mac-only, despite this code being platform-independent.

The crashing line is this:

> aValueOut.SetIsVoid(true);

The crashing line is in clang/include/c++/v1/atomic; I'm not sure why atomics are involved.

The crashing address is always 0xfffffffffffffff8, which is obviously bad. I don't know where it might have come from.

Presumably `aValueOut` is bad. It ultimately comes from xpconnect. So that's a strange thing to be bad.

I'm not sure what to make of this.
Flags: needinfo?(n.nethercote)
You need to log in before you can comment on or make changes to this bug.