Closed
Bug 1689497
Opened 3 years ago
Closed 3 years ago
Release assert crash in [@ JSScript::innermostScope]
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
FIXED
87 Branch
Tracking | Status | |
---|---|---|
firefox-esr78 | --- | unaffected |
firefox85 | --- | unaffected |
firefox86 | --- | unaffected |
firefox87 | --- | fixed |
People
(Reporter: mccr8, Unassigned)
References
(Regression)
Details
(Keywords: crash, regression)
Crash Data
Maybe Fission related. (DOMFissionEnabled=1)
Crash report: https://crash-stats.mozilla.org/report/index/cbf1e24b-7607-4a02-bfcb-ce5df0210128
MOZ_CRASH Reason: MOZ_RELEASE_ASSERT(idx < storage_.size())
Top 10 frames of crashing thread:
0 XUL JSScript::innermostScope const js/src/vm/JSScript.cpp:4829
1 XUL js::EnvironmentIter::EnvironmentIter js/src/vm/EnvironmentObject.cpp:1284
2 XUL js::InterpreterFrame::epilogue js/src/vm/Stack.cpp:220
3 XUL Interpret js/src/vm/Interpreter.cpp:4561
4 XUL js::InternalCallOrConstruct js/src/vm/Interpreter.cpp:619
5 XUL JS_CallFunctionValue js/src/jsapi.cpp:2798
6 XUL nsXPCWrappedJS::CallMethod js/xpconnect/src/XPCWrappedJSClass.cpp:970
7 XUL PrepareAndDispatch xpcom/reflect/xptcall/md/unix/xptcstubs_x86_64_darwin.cpp:117
8 XUL SharedStub
9 XUL mozilla::dom:: dom/base/Document.cpp:16034
The crash volume is low, but there's a release assert so I'd figured I'd file it. Only about a third of the crashes with this signature have the assert.
Comment 1•3 years ago
|
||
The new crashes look related to the crash in Bug 1689505.
Regressed by: 1627111
Updated•3 years ago
|
Has Regression Range: --- → yes
Comment 2•3 years ago
|
||
Fixed by backout:
https://hg.mozilla.org/mozilla-central/rev/751ecfca72b1fd7e210cfa845e008e6e5d9ca107
Status: NEW → RESOLVED
Closed: 3 years ago
Resolution: --- → FIXED
Target Milestone: --- → 87 Branch
Updated•3 years ago
|
status-firefox87:
--- → fixed
Updated•3 years ago
|
status-firefox85:
--- → unaffected
status-firefox86:
--- → unaffected
status-firefox-esr78:
--- → unaffected
Updated•3 years ago
|
Keywords: regression
You need to log in
before you can comment on or make changes to this bug.
Description
•