Crash in [@ InvalidArrayIndex_CRASH | CrashReporter::(anonymous namespace)::ThreadLocalDestructor]
Categories
(Toolkit :: Crash Reporting, defect)
Tracking
()
People
(Reporter: mccr8, Unassigned)
Details
(Keywords: crash, Whiteboard: [not-a-fission-bug])
Crash Data
Maybe Fission related. (DOMFissionEnabled=1)
Crash report: https://crash-stats.mozilla.org/report/index/2bccd0b6-c90d-4c99-9bf8-2d6e00210415
MOZ_CRASH Reason: ElementAt(aIndex = 18446744073709551615, aLength = 7)
Top 5 frames of crashing thread:
0 XUL InvalidArrayIndex_CRASH xpcom/ds/nsTArray.cpp:28
1 XUL CrashReporter:: toolkit/crashreporter/ThreadAnnotation.cpp:196
2 libnss3.dylib _pt_root nsprpub/pr/src/pthreads/ptthread.c:248
3 libsystem_pthread.dylib libsystem_pthread.dylib@0x67a7
4 libsystem_pthread.dylib libsystem_pthread.dylib@0x22e2
There are a couple of these crashes. They all have aIndex = -1. I'm not sure what could be going wrong. It looks like some index value is -1, but I don't know how we'd call the destructor callback without initializing it. Unless _pr_tpd_highwater is overflowing?
|
||
Comment 1•3 years ago
|
||
The crashes seem to be coming from just one machine (everything is the same save for the Firefox version) and they're happening in the rdd process. The fact that it happens both on the release channel and on nightly makes it look like a valid issue nonetheless.
|
||
Comment 2•3 years ago
|
||
This crash doesn't look Fission-related, even though a couple crash reports have the DOMFissionEnabled=1 flag set.
|
|
||
Comment 3•3 years ago
|
||
This might be an issue similar to bug 1713773 comment 0.
|
|
||
Comment 4•3 years ago
|
||
I had a look at the last few crashes on file and the stacks are all different, plus they apply only to older versions. Closing this.
|
||
Updated•3 years ago
|
Description
•