Crash in [@ mozilla::dom::ScriptLoader::EncodeBytecode]
Categories
(Core :: DOM: Core & HTML, defect)
Tracking
()
People
(Reporter: sg, Unassigned)
References
(Regression)
Details
(4 keywords)
Crash Data
This bug is for crash report bp-8969564a-c117-4a97-b765-3d67d0200701.
Top 10 frames of crashing thread:
0 xul.dll mozilla::dom::ScriptLoader::EncodeBytecode dom/script/ScriptLoader.cpp:3102
1 xul.dll mozilla::detail::RunnableMethodImpl< xpcom/threads/nsThreadUtils.h:1240
2 xul.dll nsThread::ProcessNextEvent xpcom/threads/nsThread.cpp:1234
3 xul.dll NS_ProcessNextEvent xpcom/threads/nsThreadUtils.cpp:513
4 xul.dll mozilla::ipc::MessagePump::Run ipc/glue/MessagePump.cpp:87
5 xul.dll MessageLoop::RunHandler ipc/chromium/src/base/message_loop.cc:327
6 xul.dll MessageLoop::Run ipc/chromium/src/base/message_loop.cc:309
7 xul.dll nsBaseAppShell::Run widget/nsBaseAppShell.cpp:137
8 xul.dll nsAppShell::Run widget/windows/nsAppShell.cpp:430
9 xul.dll XRE_RunAppShell toolkit/xre/nsEmbedFunctions.cpp:913
This started with build id 20200610214041, so this might be related to Bug 1606652 which landed shortly before that?
Reporter | ||
Updated•4 years ago
|
Updated•4 years ago
|
Comment 1•4 years ago
|
||
Denis, this null-ish pointer crash in https://hg.mozilla.org/mozilla-central/file/47f18d1138df7f10a4d6a0a92d00e5b7cfc8ca42/dom/script/ScriptLoader.cpp#l3102 seems related to your changes. Can you take a look when you have a chance? I can also help out if you don't have any obvious ideas.
Updated•4 years ago
|
Comment 2•4 years ago
|
||
Looking, although the line number seems wrong. firefox79 is also probably not affected as bug 1606652 is enabled on nightly only for now.
Comment 3•4 years ago
|
||
Simon: are you worried this could be something other than a nullptr crash, that if it's a race some other wild value could be put there? Otherwise this particular stack doesn't look dangerous.
Reporter | ||
Comment 4•4 years ago
|
||
(In reply to Daniel Veditz [:dveditz] from comment #3)
Simon: are you worried this could be something other than a nullptr crash, that if it's a race some other wild value could be put there? Otherwise this particular stack doesn't look dangerous.
I have no specific indication. However, the state of the LinkedList
seems to have become inconsistent, being !isEmpty()
but getFirst()
still returning nullptr
, which seems to violate its invariants. The origin for this might be a race, but from the crash report I cannot tell.
Updated•4 years ago
|
Updated•4 years ago
|
Updated•4 years ago
|
Updated•4 years ago
|
Reporter | ||
Comment 6•4 years ago
|
||
Adding signature [@ mozilla::dom::ScriptLoader::GiveUpBytecodeEncoding ]
here as these crashes look very similar and started at a similar point of time.
Updated•4 years ago
|
Description
•