Closed Bug 485799 Opened 16 years ago Closed 15 years ago

crash [@ memmove - nsTArray_base::ShiftData - XPCJSRuntime::GCCallback ]

Categories

(Core :: DOM: Core & HTML, defect)

Product:
Core
Component:
DOM: Core & HTML
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED INCOMPLETE

People

(Reporter: xtc4uall, Unassigned)

Details

(Keywords: crash, Whiteboard: [sg:needinfo])

Crash Data

Attachments

(1 file)

memmove crashes on fx3.5b4
4.29 KB, text/plain
Details
similar to Bug 454626. Signature memmove UUID c18051b3-0d54-4109-9bca-8977c2090329 Time 2009-03-29 09:23:33.240263 Uptime 20 Last Crash 1007344 seconds before submission Product Firefox Version 3.6a1pre Build ID 20090329050451 Branch 1.9.2 OS Windows NT OS Version 5.1.2600 Service Pack 3 CPU x86 CPU Info GenuineIntel family 15 model 2 stepping 9 Crash Reason EXCEPTION_ACCESS_VIOLATION Crash Address 0x10a20000 Frame Module Signature Source 0 mozcrt19.dll memmove MEMCPY.ASM:188 1 xul.dll nsTArray_base::ShiftData(unsigned int,unsigned int,unsigned int,unsigned int) obj-firefox/xpcom/build/nsTArray.cpp:173 2 xul.dll XPCJSRuntime::GCCallback(JSContext*,JSGCStatus) js/src/xpconnect/src/xpcjsruntime.cpp:773 i was updating a nightly build and on restart a weave extension update to version 0.2.119 was found and updated. then crash on the ongoing loading of Fx.
similiar reports found via http://crash-stats.mozilla.com/report/list?product=Firefox&version=Firefox%3A3.6a1pre&query_search=signature&query_type=contains&query=memmove&date=&range_value=2&range_unit=weeks&do_query=1&signature=memmove Signature memmove UUID 883ba42b-ca4e-4773-8e57-17a282090405 Time 2009-04-05 05:33:01.769077 Uptime 3542 Last Crash 342761 seconds before submission Product Firefox Version 3.6a1pre Build ID 20090329050451 Branch 1.9.2 OS Windows NT OS Version 6.0.6001 Service Pack 1 CPU x86 CPU Info GenuineIntel family 6 model 15 stepping 13 Crash Reason EXCEPTION_ACCESS_VIOLATION Crash Address 0x6edc0000 Frame Module Signature Source 0 mozcrt19.dll memmove MEMCPY.ASM:188 1 xul.dll nsTArray_base::ShiftData(unsigned int,unsigned int,unsigned int,unsigned int) obj-firefox/xpcom/build/nsTArray.cpp:173 2 xul.dll XPCJSRuntime::GCCallback(JSContext*,JSGCStatus) js/src/xpconnect/src/xpcjsruntime.cpp:773 3 xul.dll nsCycleCollector::FinishCollection() xpcom/base/nsCycleCollector.cpp:2461 4 xul.dll DOMGCCallback dom/base/nsJSEnvironment.cpp:3606 5 js3250.dll js_GC js/src/jsgc.cpp:3849 recent trunk builds (win only) still affected. setting NEW for now.
Status: UNCONFIRMED → NEW
Ever confirmed: true
I think this has been around for a while and has moved up in the top crash ranking. its current ranked #11 for fx3.5b4 It seems like the problem might have a larger visibility amoung international users.
I just filed bug 494617 which seems to have a similar stacktrace as what this bug is about.
http://crash-stats.mozilla.com/report/index/33d5f035-0c9e-41dc-bb8c-14d7a2090720 I just received this which is similar to this bug, but I got the crash while in Private Browsing mode. I don't have any traces. I don't even know if I can reproduce this again.
ngamer01: no, please use another bug (there is one)
Summary: crash [@ memmove - nsTArray_base::ShiftData] → crash [@ memmove - nsTArray_base::ShiftData - XPCJSRuntime::GCCallback]
So, is this bug's signature being covered by later on filed bugreports like Bug 507114 or Bug 519771 due to splitting them up by Bug 520678?! Somehow it's confusing following the chain of reports and moreover some are still marked security sensitive .... FWIW, there are still low volume crashes for the signature XPCJSRuntime::GCCallback(JSContext*, JSGCStatus), what isn't yet covered by a report. trunk http://crash-stats.mozilla.com/report/list?product=Firefox&branch=1.9.3&query_search=signature&query_type=contains&query=XPCJSRuntime%3A%3AGCCallback&date=&range_value=1&range_unit=weeks&do_query=1&signature=XPCJSRuntime%3A%3AGCCallback%28JSContext*%2C%20JSGCStatus%29 1.9.2 branch: http://crash-stats.mozilla.com/query/query?product=Firefox&version=ALL%3AALL&branch=1.9.2&date=&range_value=1&range_unit=weeks&query_search=signature&query_type=contains&query=XPCJSRuntime%3A%3AGCCallback&do_query=1
Summary: crash [@ memmove - nsTArray_base::ShiftData - XPCJSRuntime::GCCallback] → crash [@ memmove - nsTArray_base::ShiftData - XPCJSRuntime::GCCallback ]
Whiteboard: [sg:critical?]
Group: core-security
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → INCOMPLETE
still seems to be happening, but possible possibly at a lower level signature list 133 memmove | nsTArray_base::ShiftData(unsigned int, unsigned int, unsigned int, unsigned int) Correlation to releases checking --- memmove...nsTArray_base::ShiftData 20100411-crashdata.csv found in: 3.6.3 3.5.9 3.1b3 3.5 3.5b99 3.6.2 3.5b4 3.5.4 3.5.3 3.5.2 3.5.6 3.5.5 3.5.1 3.6b1 3.6.3plugin1 3.5.7 release total-crashes memmove...nsTArray_base::ShiftData crashes pct. all 309235 133 0.000430094 3.6.3 212615 53 0.000249277 3.5.9 28010 28 0.000999643 3.1b3 709 16 0.022567 3.5 984 7 0.00711382 3.5b99 146 5 0.0342466 3.6.2 10376 3 0.000289129 3.5b4 584 3 0.00513699 3.5.4 890 6 0.00674157 3.5.3 1158 3 0.00259067 3.5.2 960 3 0.003125 3.5.6 905 2 0.00220994 3.5.5 1650 2 0.00121212 3.5.1 391 2 0.00511509 3.6b1 425 1 0.00235294 3.6.3plugin1 1304 1 0.000766871 3.5.7 1985 1 0.000503778 os breakdown memmove...nsTArray_base::ShiftDataTotal 133 Win5.1 0.70 Win6.0 0.23 Win6.1 0.07
Crash Signature: [@ memmove - nsTArray_base::ShiftData - XPCJSRuntime::GCCallback ]
Group: core-security
Whiteboard: [sg:critical?] → [sg:needinfo]
Component: DOM → DOM: Core & HTML
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: