1449945 - Crash in arena_dalloc | Allocator<T>::free | mozilla::Vector<T>::clearAndFree

Status: RESOLVED DUPLICATE of bug 1448612

(Core :: Memory Allocator, defect)

Description

[Marcia Knous [:marcia]]

This bug was filed from the Socorro interface and is
report bp-5f4a0f3d-5984-4029-a710-68c430180321.
=============================================================

Seen while looking at crash stats - Android only crash. Crashes started using 20180317111037: https://bit.ly/2uuJmB0. Crash reason: MOZ_RELEASE_ASSERT((mapelm->bits & ((size_t)0x01U)) != 0) (Double-free?)

Possible regression range based on Build ID: https://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=d3ce388dd3c0d3c7be7df26d5d4de3a0e40c57f3&tochange=97160a734959af73cc97af0bf8d198e301ebedae

Top 10 frames of crashing thread:

0 libmozglue.so arena_dalloc memory/build/mozjemalloc.cpp:3501
1 libmozglue.so Allocator<MozJemallocBase>::free memory/build/malloc_decls.h:40
2 libxul.so mozilla::Vector<JS::TranscodeSource, 0, mozilla::MallocAllocPolicy>::clearAndFree 
3 libxul.so mozilla::net::nsStreamLoader::OnStopRequest netwerk/base/nsStreamLoader.cpp:162
4 libxul.so nsInputStreamPump::OnStateStop netwerk/base/nsInputStreamPump.cpp:708
5 libxul.so nsInputStreamPump::OnInputStreamReady netwerk/base/nsInputStreamPump.cpp:436
6 libxul.so nsInputStreamReadyEvent::Run xpcom/io/nsStreamUtils.cpp:102
7 libxul.so mozilla::ThrottledEventQueue::Inner::ExecuteRunnable xpcom/threads/ThrottledEventQueue.cpp:193
8 libxul.so mozilla::ThrottledEventQueue::Inner::Executor::Run xpcom/threads/ThrottledEventQueue.cpp:79
9 libxul.so mozilla::ThrottledEventQueue::Inner::ExecuteRunnable xpcom/threads/ThrottledEventQueue.cpp:193

=============================================================