Open
Bug 1880580
Opened 3 months ago
Updated 3 months ago
Crash in [@ js::FunctionFlags::hasFlags]
Categories
(Core :: JavaScript Engine, defect, P3)
Tracking
()
NEW
| Tracking | Status | |
|---|---|---|
| firefox124 | --- | affected |
People
(Reporter: release-mgmt-account-bot, Unassigned)
References
(Blocks 2 open bugs)
Details
(Keywords: crash)
Crash Data
Crash report: https://crash-stats.mozilla.org/report/index/a58b7de8-457e-45b0-a7dc-1fe9a0240215
Reason: SIGSEGV / SI_KERNEL
Top 10 frames of crashing thread:
0 libxul.so js::FunctionFlags::hasFlags const js/src/vm/FunctionFlags.h:213
0 libxul.so js::FunctionFlags::hasSelfHostedLazyScript const js/src/vm/FunctionFlags.h:348
0 libxul.so JSFunction::hasSelfHostedLazyScript const js/src/vm/JSFunction.h:221
0 libxul.so JSFunction::getOrCreateScript js/src/vm/JSFunction.h:483
0 libxul.so JSFunction::delazifyLazilyInterpretedFunction js/src/vm/JSFunction.cpp:1181
1 libxul.so JSFunction::getOrCreateScript js/src/vm/JSFunction.h:493
1 libxul.so js::Interpret js/src/vm/Interpreter.cpp:3074
2 libxul.so MaybeEnterInterpreterTrampoline js/src/vm/Interpreter.cpp:394
2 libxul.so js::RunScript js/src/vm/Interpreter.cpp:452
3 libxul.so js::ExecuteKernel js/src/vm/Interpreter.cpp:839
By querying Nightly crashes reported within the last 2 months, here are some insights about the signature:
- First crash report: 2023-12-19
- Process type: Content
- Is startup crash: No
- Has user comments: No
- Is null crash: Yes - 1 out of 6 crashes happened on null or near null memory address
|
||
Updated•3 months ago
|
Component: General → JavaScript Engine
|
||
Comment 1•3 months ago
|
||
The linked crash is likely hardware; there are some null pointer derefs under this signature however -- makes me wonder if it's worthwhile to just add an assert around here to make sure that we've gotten a real canonical function.
|
|
||
Updated•3 months ago
|
You need to log in
before you can comment on or make changes to this bug.
Description
•