Closed Bug 536809 Opened 15 years ago Closed 15 years ago

Assertion failure: (cx)->requestDepth || (cx)->thread == (cx)->runtime->gcThread

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Version:
1.9.1 Branch
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED DUPLICATE of bug 536478

People

(Reporter: cbook, Unassigned)

References

(
URL
)

Details

(Keywords: assertion, Whiteboard: [crashkill][crash-automation])

Assertion failure: (cx)->requestDepth || (cx)->thread == (cx)->runtime->gcThread , at c:/work/mozilla/builds/1.9.1/mozilla/js/src/jsapi.cpp:1194 Steps to reproduce: -> Latest 1.9.1 Debug Build -> Load http://www.nytimes.com/timesskimmer/ after 104 seconds or less --> Assertion failure: (cx)->requestDepth || (cx)->thread == (cx)->runtime->gcThread , at c:/work/mozilla/builds/1.9.1/mozilla/js/src/jsapi.cpp:1194 (950.e58): Break instruction exception - code 80000003 (!!! second chance !!!) eax=00000090 ebx=0736dfb0 ecx=1cdab88d edx=10313d38 esi=0ab7ff50 edi=00d103c0 eip=7c90120e esp=0ab7fdf0 ebp=0ab7fdf4 iopl=0 nv up ei pl nz na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202 Exploitability Classification: UNKNOWN Recommended Bug Title: Breakpoint starting at ntdll!DbgBreakPoint+0x000000000000 0000 called from js3250!JS_SetGlobalObject+0x000000000000003a (Hash=0x5f347532.0 x26206037) While a breakpoint itself is probably not exploitable, it may also be an indicat ion that an attacker is testing a target. In either case breakpoints should not exist in production code. ChildEBP RetAddr WARNING: Stack unwind information not available. Following frames may be wrong. 0ab7fdf4 004a7a1a ntdll!DbgBreakPoint 0ab7fe08 01eb27c2 js3250!JS_SetGlobalObject+0x3a 0ab7fe30 0030036a gklayout!nsDOMWorkerRunnable::Run+0x122 0ab7feac 0030601a xpcom_core!nsThreadPool::Run+0x2aa 0ab7fee8 00296b63 xpcom_core!nsThread::ProcessNextEvent+0x1fa 0ab7ff04 003050ee xpcom_core!NS_ProcessNextEvent_P+0x53 0ab7ff44 00453807 xpcom_core!nsThread::ThreadFunc+0xce 0ab7ff58 00458d53 nspr4!_PR_NativeRunThread+0xf7 0ab7ff6c 102048d1 nspr4!pr_root+0x23 0ab7ffa8 10204877 MSVCR80D!beginthreadex+0x221 0ab7ffb4 7c80b729 MSVCR80D!beginthreadex+0x1c7 0ab7ffec 00000000 kernel32!GetModuleFileNameA+0x1ba quit:
Uh, ben, that's this bug.
...I think bent meant bug 536478. :-)
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → DUPLICATE
blocking1.9.1: ? → ---
Group: core-security
You need to log in before you can comment on or make changes to this bug.