Crash in [@ JS::AddAssociatedMemory]
Categories
(Core :: JavaScript Engine, defect, P1)
Tracking
()
People
(Reporter: wsmwk, Assigned: jonco)
Details
(Keywords: crash)
Crash Data
Attachments
(1 file)
47 bytes,
text/x-phabricator-request
|
pascalc
:
approval-mozilla-beta+
pascalc
:
approval-mozilla-esr68+
|
Details | Review |
I've recently seen several of these in "idle" tabs.
This bug is for crash report bp-e843afd4-5f36-4cd8-81b6-eb7730191118.
Top 10 frames of crashing thread:
0 xul.dll JS::AddAssociatedMemory js/src/jsapi.cpp:1230
1 xul.dll void mozilla::dom::BindingJSObjectCreator<mozilla::dom::CanvasRenderingContext2D>::CreateObject dom/bindings/BindingUtils.h:2609
2 xul.dll mozilla::dom::CanvasRenderingContext2D_Binding::Wrap dom/bindings/CanvasRenderingContext2DBinding.cpp:7642
3 xul.dll mozilla::dom::CanvasRenderingContext2D::WrapObject dom/canvas/CanvasRenderingContext2D.cpp:997
4 xul.dll mozilla::dom::XPCOMObjectToJsval dom/bindings/BindingUtils.cpp:1123
5 xul.dll static bool mozilla::dom::HTMLCanvasElement_Binding::getContext dom/bindings/HTMLCanvasElementBinding.cpp:293
6 xul.dll mozilla::dom::binding_detail::GenericMethod<mozilla::dom::binding_detail::NormalThisPolicy, mozilla::dom::binding_detail::ThrowExceptions> dom/bindings/BindingUtils.cpp:3236
7 xul.dll js::InternalCallOrConstruct js/src/vm/Interpreter.cpp:539
8 xul.dll Interpret js/src/vm/Interpreter.cpp:3084
9 xul.dll js::RunScript js/src/vm/Interpreter.cpp:424
Assignee | ||
Updated•5 years ago
|
Assignee | ||
Comment 1•5 years ago
|
||
The problem is we're still calling JS::AddAssociatedMemory with a null object pointer. There's an asssertion for this in the JS engine but this doesn't happen in our tests.
Pushed by jcoppeard@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/668e9d7ed1b1 Don't try and associate memory if we failed to create the reflector object r=bzbarsky
Comment 3•5 years ago
|
||
bugherder |
Comment 4•5 years ago
|
||
Is this something we should consider uplifting to Beta/ESR? It grafts cleanly as-landed.
Assignee | ||
Comment 5•5 years ago
|
||
Comment on attachment 9109974 [details]
Bug 1597543 - Don't try and associate memory if we failed to create the reflector object r?bzbarsky
Beta/Release Uplift Approval Request
- User impact if declined: Possible crash on OOM.
- Is this code covered by automated tests?: Yes
- Has the fix been verified in Nightly?: Yes
- Needs manual test from QE?: No
- If yes, steps to reproduce:
- List of other uplifts needed: None
- Risk to taking this patch: Low
- Why is the change risky/not risky? (and alternatives if risky): This is a very simple fix to avoid a null-pointer deref on OOM.
- String changes made/needed:
ESR Uplift Approval Request
- If this is not a sec:{high,crit} bug, please state case for ESR consideration: Fixes a crash.
- User impact if declined: Possible crash on OOM.
- Fix Landed on Version: 72
- Risk to taking this patch: Low
- Why is the change risky/not risky? (and alternatives if risky): This is a very simple fix to avoid a null-pointer deref on OOM.
- String or UUID changes made by this patch:
Comment 6•5 years ago
|
||
Comment on attachment 9109974 [details]
Bug 1597543 - Don't try and associate memory if we failed to create the reflector object r?bzbarsky
Low risk patch for some rare crashes, patch is not changing logic and looks low risk, approved for our last beta and esr, thanks.
Comment 7•5 years ago
|
||
bugherder uplift |
Comment 8•5 years ago
|
||
bugherder uplift |
Description
•