Open
Bug 1878586
Opened 1 year ago
Updated 11 months ago
Crash in [@ js::BaseProxyHandler::hasSecurityPolicy]
Categories
(Core :: JavaScript Engine, defect, P5)
Tracking
()
NEW
| Tracking | Status | |
|---|---|---|
| firefox124 | --- | affected |
People
(Reporter: release-mgmt-account-bot, Unassigned)
References
(Blocks 2 open bugs)
Details
(Keywords: crash)
Crash Data
Crash report: https://crash-stats.mozilla.org/report/index/84fbd6f8-7c86-44e2-af7c-399280240204
Reason: EXCEPTION_ACCESS_VIOLATION_READ
Top 10 frames of crashing thread:
0 xul.dll js::BaseProxyHandler::hasSecurityPolicy const js/public/Proxy.h:208
0 xul.dll js::AutoEnterPolicy::AutoEnterPolicy js/public/Proxy.h:619
0 xul.dll js::Proxy::has js/src/proxy/Proxy.cpp:392
1 xul.dll js::gc::HeaderWord::get const js/src/gc/Cell.h:106
1 xul.dll js::gc::CellWithTenuredGCPointer<js::gc::Cell, js::Shape>::headerPtr const js/src/gc/Cell.h:798
1 xul.dll JSObject::shape const js/src/vm/JSObject.h:93
1 xul.dll JSObject::getClass const js/src/vm/JSObject.h:114
1 xul.dll JSObject::getOpsHasProperty const js/src/vm/JSObject.h:124
1 xul.dll js::HasProperty js/src/vm/ObjectOperations-inl.h:85
1 xul.dll js::Proxy::has js/src/proxy/Proxy.cpp:416
By querying Nightly crashes reported within the last 2 months, here are some insights about the signature:
- First crash report: 2023-11-27
- Process type: Content
- Is startup crash: No
- Has user comments: No
- Is null crash: Yes - 2 out of 4 crashes happened on null or near null memory address
|
||
Updated•11 months ago
|
Component: General → JavaScript Engine
|
||
Comment 1•11 months ago
|
||
The proto-signature are all over the place, thus there does not seems to be a single source of corruption of the ProxyObject's handler.
What is surprising is that a lot of small values. These are all supposed to be pointers for a BaseProxyHandler stored in a ProxyDataLayout.
You need to log in
before you can comment on or make changes to this bug.
Description
•