Closed Bug 1584814 Opened 2 months ago Closed 2 months ago

Crash in [@ JSRope::flattenInternal<T>]

Categories

(Core :: JavaScript Engine, defect, critical)

Unspecified
Windows 10
defect
Not set
critical

Tracking

()

RESOLVED DUPLICATE of bug 1584820
Tracking Status
firefox-esr60 --- wontfix
firefox69 --- wontfix
firefox70 --- wontfix
firefox71 blocking fixed

People

(Reporter: pascalc, Unassigned)

Details

(Keywords: crash)

Crash Data

This bug is for crash report bp-1eb601c4-e63f-4cbe-9b53-1e3d60190928.

Top 10 frames of crashing thread:

0 xul.dll class JSFlatString* JSRope::flattenInternal<JSRope::NoBarrier, unsigned char> js/src/vm/StringType.cpp:670
1 xul.dll JSRope::flatten js/src/vm/StringType.cpp:859
2 xul.dll static bool Quote js/src/builtin/JSON.cpp:156
3 xul.dll static bool Str js/src/builtin/JSON.cpp:657
4 xul.dll static bool Str js/src/builtin/JSON.cpp:708
5 xul.dll static bool Str js/src/builtin/JSON.cpp:708
6 xul.dll js::Stringify js/src/builtin/JSON.cpp:879
7 xul.dll static bool json_stringify js/src/builtin/JSON.cpp:1079
8 xul.dll js::InternalCallOrConstruct js/src/vm/Interpreter.cpp:551
9 xul.dll static bool Interpret js/src/vm/Interpreter.cpp:3113

This signature exploded over the week end on Nightly (from a couple of crashes per week to hundreds in yesterday's build), marking as a blocker.

Iain, might this be related to the XDR atoms work in Bug 1575370? Some sort of missing GC marks perhaps.

Flags: needinfo?(iireland)

I think this might be the same issue as bug 1584820.

Flags: needinfo?(iireland)

Crashes stopped after the revert in bug 1584820 so I am duping it to this bug.

Status: NEW → RESOLVED
Closed: 2 months ago
Resolution: --- → DUPLICATE
Duplicate of bug: 1584820
You need to log in before you can comment on or make changes to this bug.