Open
Bug 1941192
Opened 7 months ago
Updated 4 months ago
With semispace nursery enabled, crash with a large image input on https://stefan-oltmann.de/exif-viewer/
Categories
(Core :: JavaScript Engine, defect, P3)
Core
JavaScript Engine
Tracking
()
NEW
| Tracking | Status | |
|---|---|---|
| firefox-esr115 | --- | unaffected |
| firefox-esr128 | --- | disabled |
| firefox134 | --- | disabled |
| firefox135 | --- | disabled |
| firefox136 | --- | disabled |
People
(Reporter: mayankleoboy1, Unassigned, NeedInfo)
References
(Blocks 1 open bug, Regression, )
Details
(Keywords: regression)
Attachments
(3 files)
Enable semispace nurser by setting javascript.options.mem.gc_experimental_semispace_nursery = true
Restart Firefox
Go to https://stefan-oltmann.de/exif-viewer/
Select the attached image (or use a 30MB+ local .PNG file as input)
AR: Crash. https://crash-stats.mozilla.org/report/index/910f72be-f1d4-45ad-af5b-a8e000250112#tab-bugzilla
ER: Not so
Flags: needinfo?(jcoppeard)
|
Reporter | |
Comment 1•7 months ago
|
||
|
|
Reporter | |
Comment 2•7 months ago
|
||
|
|
Reporter | |
Comment 3•7 months ago
|
||
|
|
Reporter | |
Updated•7 months ago
|
|
||
Comment 4•7 months ago
|
||
Set release status flags based on info from the regressing bug 1787526
status-firefox134:
--- → affected
status-firefox135:
--- → affected
status-firefox136:
--- → affected
status-firefox-esr128:
--- → affected
| Comment hidden (off-topic) |
|
||
Comment 6•7 months ago
|
||
This bug is not related to the topcrash signature since it requires enabling semispace nursery which is disabled by default.
Keywords: topcrash
|
|
Reporter | |
Comment 7•7 months ago
|
||
Sometimes the tab will just hang without using any CPU.
| Comment hidden (off-topic) |
|
||
Updated•7 months ago
|
|
||
Updated•7 months ago
|
Blocks: GC.stability
Severity: -- → S4
Crash Signature: [@ js::gc::InCollectedNurseryRegion ]
Keywords: topcrash,
topcrash-startup
Priority: -- → P3
Summary: With semispace nursery enabled, crash with a large image input on https://stefan-oltmann.de/exif-viewer/ [@ js::gc::InCollectedNurseryRegion ] → With semispace nursery enabled, crash with a large image input on https://stefan-oltmann.de/exif-viewer/
|
|
||
Comment 9•7 months ago
|
||
The stack shows this going through StoreBuffer::traceWasmAnyRefs so it may be a problem with postbarriers in Wasm.
|
|
Reporter | |
Updated•4 months ago
|
Crash Signature: [@ js::gc::InCollectedNurseryRegion ]
|
|
Reporter | |
Updated•4 months ago
|
Crash Signature: [@ js::gc::InCollectedNurseryRegion ]
|
|
Reporter | |
Comment 10•4 months ago
|
||
still crashes.
You need to log in
before you can comment on or make changes to this bug.
Description
•