New Firefox 3.5.6 Crash in [@ arena_dalloc_small | arena_dalloc | free | TableRowsCollection::`scalar deleting destructor''(unsigned int) ]

RESOLVED WORKSFORME

Status

()

Core
DOM: Core & HTML
--
critical
RESOLVED WORKSFORME
9 years ago
7 years ago

People

(Reporter: chris hofmann, Unassigned)

Tracking

({crash})

Trunk
x86
Windows NT
crash
Points:
---

Firefox Tracking Flags

(status1.9.1 wanted)

Details

(crash signature)

(Reporter)

Description

9 years ago
There is a new crash not seen before in 3.5.6.  could be a regression or just morfed signature

http://crash-stats.mozilla.com/report/index/363bf825-60f1-4c3c-804d-65e0a2091207

Frame  	Module  	Signature [Expand]  	Source
0 	mozcrt19.dll 	arena_dalloc_small 	obj-firefox/memory/jemalloc/src/jemalloc.c:4442
1 	mozcrt19.dll 	arena_dalloc 	obj-firefox/memory/jemalloc/src/jemalloc.c:4565
2 	mozcrt19.dll 	free 	obj-firefox/memory/jemalloc/src/jemalloc.c:6404
3 	xul.dll 	TableRowsCollection::`scalar deleting destructor' 	
4 	xul.dll 	TableRowsCollection::Release 	content/html/content/src/nsHTMLTableElement.cpp:155
5 	xul.dll 	nsCycleCollector::CollectWhite 	xpcom/base/nsCycleCollector.cpp:1734
6 	xul.dll 	nsCycleCollector::FinishCollection 	xpcom/base/nsCycleCollector.cpp:2570
7 	xul.dll 	XPCCycleCollectGCCallback 	js/src/xpconnect/src/nsXPConnect.cpp:403
8 	js3250.dll 	js_GC 	js/src/jsgc.cpp:3792
9 	js3250.dll 	js3250.dll@0x6085f 	
10 	xul.dll 	nsDocShell::QueryInterface 	docshell/base/nsDocShell.cpp:445
11 	xul.dll 	nsDocumentOpenInfo::OnStartRequest 	uriloader/base/nsURILoader.cpp:246

only one report on this so far in early RC testing, but more reports might appear in this query

http://crash-stats.mozilla.com/report/list?product=Firefox&version=Firefox%3A3.5.6&query_search=signature&query_type=exact&date=&range_value=1&range_unit=weeks&do_query=1&signature=arena_dalloc_small%20|%20arena_dalloc%20|%20free%20|%20TableRowsCollection%3A%3A%60scalar%20deleting%20destructor%27%27%28unsigned%20int%29

http://hg.mozilla.org/releases/mozilla-1.9.1/annotate/a31ccbb61076/content/html/content/src/nsHTMLTableElement.cpp near the top of the stack was touched during 3.5.6 with a couple of changes recently

c468036cf17f
2008-11-28 11:10 +0100	Blake Kaplan - Bug 465626 - Fix GCC warning about using rv uninitialized. r+sr=jst, a191=beltzner.

66aa5b4d2b31
2008-11-03 11:31 +0100	Peter Van der Beken - Fix for bug 457897 (Remove QI on 'this' object when calling from JS to C++). Patch by jorendorff and me, r/sr=jst.
(Reporter)

Comment 1

9 years ago
still only 1 of these crashes with 363k users now on 3.6.5 pre-release builds.  continuing to watch.
Those changes you listed were from 2008...

I'm guessing this is just a morphed change. This doesn't look critical, but we should investigate for 3.5.7 to see if it's something newly introduced.
status1.9.1: --- → wanted

Comment 3

8 years ago
Chris, shall we close this? I'm not seeing this signature on crash stats or anything close.
Severity: normal → critical
Keywords: crash
(Reporter)

Comment 4

8 years ago
ok
Status: NEW → RESOLVED
Last Resolved: 8 years ago
Resolution: --- → WORKSFORME
(Assignee)

Updated

7 years ago
Crash Signature: [@ arena_dalloc_small | arena_dalloc | free | TableRowsCollection::`scalar deleting destructor''(unsigned int) ]
You need to log in before you can comment on or make changes to this bug.