Closed
Bug 1505857
Opened 6 years ago
Closed 2 years ago
Firefox Crash: SIGSEGV in js::DecompressStringChunk
Categories
(Core :: JavaScript Engine, defect, P3)
Tracking
()
RESOLVED
FIXED
114 Branch
Tracking | Status | |
---|---|---|
firefox114 | --- | fixed |
People
(Reporter: andreadari91, Assigned: tcampbell)
Details
Crash Data
Attachments
(1 file)
This bug was filed from the Socorro interface and is
report bp-9de0315f-2ee9-4557-8deb-e53390181108.
=============================================================
Top 10 frames of crashing thread:
0 libxul.so js::DecompressStringChunk /build/firefox-v14lEw/firefox-63.0+build2/js/src/vm/Compression.cpp:267
1 libxul.so js::ScriptSource::chunkChars /build/firefox-v14lEw/firefox-63.0+build2/js/src/vm/JSScript.cpp:1598
2 libxul.so js::ScriptSource::chars /build/firefox-v14lEw/firefox-63.0+build2/js/src/vm/JSScript.cpp:1688
3 libxul.so js::ScriptSource::PinnedChars::PinnedChars /build/firefox-v14lEw/firefox-63.0+build2/js/src/vm/JSScript.cpp:1671
4 libxul.so JSFunction::createScriptForLazilyInterpretedFunction /build/firefox-v14lEw/firefox-63.0+build2/js/src/vm/JSFunction.cpp:1636
5 libxul.so JSFunction::createScriptForLazilyInterpretedFunction /build/firefox-v14lEw/firefox-63.0+build2/js/src/vm/JSFunction.h:536
6 libxul.so js::InternalCallOrConstruct /build/firefox-v14lEw/firefox-63.0+build2/js/src/vm/JSFunction.h:536
7 libxul.so js::CallFromStack /build/firefox-v14lEw/firefox-63.0+build2/js/src/vm/Interpreter.cpp:588
8 libxul.so DoCallFallback /build/firefox-v14lEw/firefox-63.0+build2/js/src/jit/BaselineIC.cpp:3608
9 @0x35bee55c
=============================================================
Comment 1•6 years ago
|
||
Jan, 36% of these crashes have these assertions [1] being reported. As you investigated these assertions in the past (Bug 1305570), is there anything way to get more information out of these crashes?
Status: UNCONFIRMED → NEW
Ever confirmed: true
Priority: -- → P3
Updated•2 years ago
|
Severity: critical → S2
Assignee | ||
Updated•2 years ago
|
Severity: S2 → S3
Assignee | ||
Comment 2•2 years ago
|
||
Updated•2 years ago
|
Assignee: nobody → tcampbell
Status: NEW → ASSIGNED
Assignee | ||
Comment 3•2 years ago
|
||
This is a low volume release assert so user impact is not S2. I've put up a diagnostic patch to use volatile int ret
so that the specific return code from zlib is preserved in crash reports.
It is also possible that these are just examples of memory corruption since the zlib decoding would fail if the bytestream had issues. The actual return codes will help us better understand this, so seems worth landing the diagnostic patch.
Pushed by tcampbell@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/738cafb0f0f3
Preserve return value when DecompressStringChunk crashes. r=nbp
Comment 5•2 years ago
|
||
bugherder |
Status: ASSIGNED → RESOLVED
Closed: 2 years ago
status-firefox114:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 114 Branch
You need to log in
before you can comment on or make changes to this bug.
Description
•