Open
Bug 1443084
Opened 6 years ago
Updated 2 years ago
Crash in _alldiv
Categories
(Core :: DOM: Events, defect, P2)
Tracking
()
NEW
| Tracking | Status | |
|---|---|---|
| firefox-esr52 | --- | unaffected |
| firefox-esr60 | --- | affected |
| firefox58 | --- | unaffected |
| firefox59 | --- | unaffected |
| firefox60 | --- | wontfix |
| firefox61 | --- | wontfix |
| firefox62 | --- | fix-optional |
People
(Reporter: calixte, Assigned: tjr)
References
(Blocks 1 open bug)
Details
(Keywords: crash, regression)
Crash Data
This bug was filed from the Socorro interface and is report bp-4eff918b-8868-4a21-b50c-3272b0180305. ============================================================= Top 8 frames of crashing thread: 0 xul.dll _alldiv f:/dd/vctools/crt/vcstartup/src/helper/i386/lldiv.asm:121 1 xul.dll mozilla::nsRFPService::RandomMidpoint toolkit/components/resistfingerprinting/nsRFPService.cpp:340 2 xul.dll mozilla::nsRFPService::ReduceTimePrecisionImpl toolkit/components/resistfingerprinting/nsRFPService.cpp:489 3 xul.dll mozilla::nsRFPService::ReduceTimePrecisionAsUSecsWrapper toolkit/components/resistfingerprinting/nsRFPService.cpp:521 4 xul.dll NowAsMillis js/src/jsdate.cpp:1312 5 xul.dll DateNoArguments js/src/jsdate.cpp:3123 6 xul.dll js::DateConstructor js/src/jsdate.cpp:3263 7 xul.dll EnterJit js/src/jit/Jit.cpp:99 ============================================================= There is 1 crash in nightly 60 with buildid 20180304220118. In analyzing the backtrace, the regression may have been introduced by patch [1] to fix bug 1425462. [1] https://hg.mozilla.org/mozilla-central/rev?node=3052a1cf3b1c
Flags: needinfo?(tom)
|
Assignee | |
Comment 1•6 years ago
|
||
Thanks! Yea that's definitely me. I'm not sure how it's happening. line 340 : > long long extraClampedTime = (aClampedTimeUSec / reducedResolution) * reducedResolution; Socorro says 'EXCEPTION_INT_DIVIDE_BY_ZERO' reducedResolution comes from: > long long reducedResolution = aResolutionUSec * kClampTimesPerDigest; Since kClampTimesPerDigest is a constant, aResolutionUSec must be zero or impossibly large to overflow a long long. RandomMidpoint is only called from ReduceTimePrecisionImpl. At the top of that function we have the following which would avoid the call to RandomMidpoint. > if (!IsTimerPrecisionReductionEnabled(aType) || aResolutionUSec <= 0) > return aTime; We do the following cast from double -> long long later: > long long resolutionAsInt = aResolutionUSec; Maybe a decimal to avoid the top check, and get truncated later? But you can't set the preference to a decimal, prefs doesn't allow it. (Unless you manually hack at the JS file??) I'm not sure how to proceed on this, so I guess I'll wait to see if there are any more crashes...?
Flags: needinfo?(tom)
|
|
Assignee | |
Updated•6 years ago
|
Assignee: nobody → tom
|
||
Comment 2•6 years ago
|
||
The one crash on 60 has this url: https://donate.libreoffice.org/home/dl/win-x86/6.0.2/ja/LibreOffice_6.0.2_Win_x86.msi
|
||
Updated•6 years ago
|
status-firefox61:
--- → affected
Priority: -- → P2
|
|
||
Updated•6 years ago
|
|
||
Updated•6 years ago
|
|
||
Comment 3•2 years ago
|
||
Since the crash volume is low (less than 5 per week), the severity is downgraded to S3. Feel free to change it back if you think the bug is still critical.
For more information, please visit auto_nag documentation.
Severity: critical → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•