Open
Bug 1913655
Opened 4 months ago
Updated 3 months ago
Crash in [@ js::gc::TenuredCellWithFlags::setHeaderFlagBits]
Categories
(Core :: JavaScript: GC, defect, P3)
Tracking
()
NEW
Tracking | Status | |
---|---|---|
firefox131 | --- | affected |
People
(Reporter: release-mgmt-account-bot, Unassigned)
References
(Blocks 2 open bugs)
Details
(Keywords: crash)
Crash Data
Crash report: https://crash-stats.mozilla.org/report/index/407167e8-5100-4616-9142-d95b40240816
Reason: EXCEPTION_ACCESS_VIOLATION_READ
Top 10 frames of crashing thread:
0 xul.dll js::gc::TenuredCellWithFlags::setHeaderFlagBits js/src/gc/Cell.h:727
0 xul.dll js::SharedPropMap::setHadDictionaryConversion js/src/vm/PropMap.h:613
0 xul.dll js::SharedPropMap::toDictionaryMap js/src/vm/PropMap.cpp:102
0 xul.dll js::NativeObject::toDictionaryMode js/src/vm/Shape.cpp:110
1 xul.dll js::NativeObject::maybeConvertToDictionaryForAdd js/src/vm/Shape.cpp:166
1 xul.dll js::NativeObject::addProperty js/src/vm/Shape.cpp:320
2 xul.dll js::AddDataPropertyToPlainObject js/src/vm/NativeObject-inl.h:902
2 xul.dll NewPlainObjectWithProperties js/src/vm/PlainObject.cpp:307
2 xul.dll js::NewPlainObjectWithMaybeDuplicateKeys js/src/vm/PlainObject.cpp:330
2 xul.dll js::JSONFullParseHandlerAnyChar::finishObject js/src/vm/JSONParser.cpp:692
By querying Nightly crashes reported within the last 2 months, here are some insights about the signature:
- First crash report: 2024-07-27
- Process type: Content
- Is startup crash: No
- Has user comments: No
- Is null crash: Yes - 2 out of 3 crashes happened on null or near null memory address
Reporter | ||
Comment 1•4 months ago
|
||
The Bugbug bot thinks this bug should belong to the 'Core::JavaScript: GC' component, and is moving the bug to that component. Please correct in case you think the bot is wrong.
Component: General → JavaScript: GC
Updated•3 months ago
|
You need to log in
before you can comment on or make changes to this bug.
Description
•