1545989 - Crash in [@ js::PrivateScriptData::XDR<T>]

Status: RESOLVED DUPLICATE of bug 1407651

(Core :: JavaScript Engine, defect)

Description

[[:philipp]]

This bug is for crash report bp-3334c582-8bd4-4007-a7e2-3806a0190420.

Top 10 frames of crashing thread:

0 xul.dll class mozilla::Result<mozilla::Ok, JS::TranscodeResult> js::PrivateScriptData::XDR<js::XDR_DECODE> js/src/vm/JSScript.cpp
1 xul.dll class mozilla::Result<mozilla::Ok, JS::TranscodeResult> js::XDRScript<js::XDR_DECODE> js/src/vm/JSScript.cpp:995
2 xul.dll class mozilla::Result<mozilla::Ok, JS::TranscodeResult> js::XDRState<js::XDR_DECODE>::codeScript js/src/vm/Xdr.cpp:208
3 xul.dll js::ScriptDecodeTask::parse js/src/vm/HelperThreads.cpp:563
4 xul.dll js::HelperThread::handleParseWorkload js/src/vm/HelperThreads.cpp:2154
5 xul.dll js::HelperThread::threadLoop js/src/vm/HelperThreads.cpp:2471
6 xul.dll static unsigned int js::detail::ThreadTrampoline<void  js/src/threading/Thread.h:232
7 ucrtbase.dll _o____lc_collate_cp_func 
8 kernel32.dll BaseThreadInitThunk 
9 mozglue.dll static void patched_BaseThreadInitThunk mozglue/build/WindowsDllBlocklist.cpp:712

these crash reports are starting to show up in firefox 67 on windows - most commonly from 32bit installations and with MOZ_RELEASE_ASSERT(idx < storage_.size()).

Comment 1

[Ted Campbell [:tcampbell]]

This is a signature change from 66 to 67. The code here used to be part of XDRScript. There are different reasons that the old signature shows up in crash stats, so reason needs to be matched as well.

The crash reason is the release assert of the use of mozilla::Span.

Duping to general tracking bug for this corruption issues.