Open
Bug 1888797
Opened 2 months ago
Updated 2 months ago
Crash in [@ JS::Realm::enter]
Categories
(Core :: JavaScript Engine, defect, P3)
Tracking
()
NEW
Tracking | Status | |
---|---|---|
firefox126 | --- | affected |
People
(Reporter: release-mgmt-account-bot, Unassigned)
References
(Blocks 1 open bug)
Details
(Keywords: crash)
Crash Data
Crash report: https://crash-stats.mozilla.org/report/index/785192f0-a285-4910-9f33-f209e0240327
Reason: EXCEPTION_ACCESS_VIOLATION_WRITE
Top 10 frames of crashing thread:
0 xul.dll JS::Realm::enter js/src/vm/Realm.h:543
0 xul.dll JSContext::enterRealm js/src/vm/JSContext-inl.h:285
0 xul.dll JSContext::enterRealmOf js/src/vm/JSContext-inl.h:298
0 xul.dll JSAutoRealm::JSAutoRealm js/src/jsapi.cpp:519
0 xul.dll xpc::XrayTraits::resolveOwnProperty js/xpconnect/wrappers/XrayWrapper.cpp:1632
1 xul.dll xpc::JSXrayTraits::resolveOwnProperty js/xpconnect/wrappers/XrayWrapper.cpp:509
2 xul.dll xpc::XrayWrapper<js::CrossCompartmentWrapper, xpc::JSXrayTraits>::getOwnPropertyDescriptor const js/xpconnect/wrappers/XrayWrapper.cpp:1909
3 xul.dll js::BaseProxyHandler::hasOwn const js/src/proxy/BaseProxyHandler.cpp:71
4 xul.dll js::Proxy::hasOwn js/src/proxy/Proxy.cpp:460
4 xul.dll js::HasOwnProperty js/src/vm/JSObject.cpp:1707
By querying Nightly crashes reported within the last 2 months, here are some insights about the signature:
- First crash report: 2024-02-21
- Process type: Content
- Is startup crash: No
- Has user comments: No
- Is null crash: Yes - 2 out of 4 crashes happened on null or near null memory address
Reporter | ||
Comment 1•2 months ago
|
||
The Bugbug bot thinks this bug should belong to the 'Core::JavaScript Engine' component, and is moving the bug to that component. Please correct in case you think the bot is wrong.
Component: General → JavaScript Engine
Comment 2•2 months ago
|
||
There's a whole diversity of proto signatures that make this perhaps a less useful signature for this bug.
The specific crash report does suggest one possible road. This could be the result of getTargetObject
returning nullptr; while the holder object is null checked, the target is not.
Severity: -- → S3
Priority: -- → P3
You need to log in
before you can comment on or make changes to this bug.
Description
•