Closed Bug 1658979 Opened 5 years ago Closed 2 years ago

Crash in [@ js::gc::ClearEdgesTracer::onStringEdge]

Tracking

()

Status:

RESOLVED WORKSFORME

People

(Reporter: sefeng211, Unassigned)

References

(Blocks 1 open bug)

Details

(Keywords: crash)

Crash Data

Sean Feng [:sefeng211]

Reporter

Description

•

5 years ago

This bug is for crash report bp-deacc5d2-116a-4e50-a1c7-6b4570200813.

Top 8 frames of crashing thread:

0 XUL js::gc::ClearEdgesTracer::onStringEdge js/src/gc/GC.cpp:8809
1 XUL <name omitted> js/src/gc/Marking.cpp:1360
2 XUL js::GCManagedDeletePolicy<js::FunctionScope::AbstractData<JSAtom> >::operator js/src/gc/DeletePolicy.h:33
3 libmozglue.dylib zone_pressure_relief memory/build/zone.c:214
4 XUL .str.33.llvm.15840453967683012990 
5 XUL mozilla::Result<mozilla::Ok, JS::TranscodeResult> js::FunctionScope::XDR< js/src/vm/Scope.cpp:880
6 XUL js::NewObjectWithClassProto js/src/vm/JSObject.cpp:923
7 XUL mozilla::Result<mozilla::Ok, JS::TranscodeResult> js::XDRScript< js/src/vm/JSScript.cpp:1127

This is a low frequent crash. Looking at the crash address, they seem legit because the addresses tend to be consistent.

Jon Coppeard (:jonco)

Comment 1

•

5 years ago

Looks like a problem with clearing string edges on error during XDR decoding. I can't immediately see anything wrong with the code though.

Severity: -- → S4

Priority: -- → P5

Nicolas B. Pierron [:nbp]

Updated

•

4 years ago

Blocks: sm-defects-crashes

BugBot [:suhaib / :marco/ :calixte]

Comment 2

•

2 years ago

Closing because no crashes reported for 12 weeks.

Status: NEW → RESOLVED

Closed: 2 years ago

Resolution: --- → WORKSFORME

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Crash in [@ js::gc::ClearEdgesTracer::onStringEdge]

Categories

(Core :: JavaScript: GC, defect, P5)