Closed Bug 1601260 Opened 5 years ago Closed 4 years ago

Crash in [@ OOM | unknown | js::AutoEnterOOMUnsafeRegion::crash | js::irregexp::RegExpBuilder::AddCharacter]

Categories

(Core :: JavaScript Engine, defect, P2)

Product:
Core
Component:
JavaScript Engine
Platform:
x86
Windows 7
Type:
defect

Tracking

()

Status:
RESOLVED INCOMPLETE
Tracking Flags:
Tracking Status
firefox-esr68 --- wontfix
firefox71 --- wontfix
firefox72 --- wontfix

People

(Reporter: pascalc, Unassigned)

Details

(Keywords: crash)

Crash Data

This bug is for crash report bp-490126df-9b6f-4f21-816f-c168e0191203.

Top 10 frames of crashing thread:

0 xul.dll js::AutoEnterOOMUnsafeRegion::crash js/src/vm/JSContext.cpp:1523
1 xul.dll void js::irregexp::RegExpBuilder::AddCharacter js/src/irregexp/RegExpParser.cpp:105
2 xul.dll class js::irregexp::RegExpTree* js::irregexp::RegExpParser<unsigned char>::ParseDisjunction js/src/irregexp/RegExpParser.cpp:1884
3 xul.dll js::irregexp::ParsePatternSyntax js/src/irregexp/RegExpParser.cpp:2003
4 xul.dll js::RegExpObject::create js/src/vm/RegExpObject.cpp:247
5 xul.dll js::RegExpObject::create<char16_t> js/src/vm/RegExpObject.cpp:215
6 xul.dll class js::frontend::RegExpLiteral* js::frontend::Parser<js::frontend::FullParseHandler, char16_t>::newRegExp js/src/frontend/Parser.cpp:9571
7 xul.dll class js::frontend::ParseNode* js::frontend::GeneralParser<js::frontend::FullParseHandler, mozilla::Utf8Unit>::memberExpr js/src/frontend/Parser.cpp:9156
8 xul.dll class js::frontend::ParseNode* js::frontend::GeneralParser<js::frontend::FullParseHandler, mozilla::Utf8Unit>::unaryExpr js/src/frontend/Parser.cpp:8945
9 xul.dll js::frontend::GeneralParser<js::frontend::FullParseHandler, mozilla::Utf8Unit>::assignExpr js/src/frontend/Parser.cpp:8589

Iain, this another regexp engine OOM, do you think you could take a quick look at it?

Flags: needinfo?(iireland)
Priority: -- → P2

It looks like this only occurs on a single build (70.0.1, Windows). The code in question hasn't changed in a long time. I would say that it's just a different inlining decision for the build, except that the increase seems to have happened after 70.0.1 had been released for a while. It also doesn't line up with the timing of bug 1597119, which is otherwise very similar.

My best guess is that some popular website pushed an update with an especially big regexp. I'll take a closer look at crashstats to see if I can find corroborating evidence.

Flags: needinfo?(iireland)

No URL except Facebook was submitted more than once. Might be a problem with Facebook, might just be a random problem that is reported on Facebook because so much browsing time happens there.

I don't think there's anything productive to be done here.

(In reply to Iain Ireland [:iain] from comment #3)

...
I don't think there's anything productive to be done here.

And now in the last month, no crashes, since version 75.

Status: NEW → RESOLVED
Closed: 4 years ago
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.