Closed Bug 536809 Opened 15 years ago Closed 15 years ago

Assertion failure: (cx)->requestDepth || (cx)->thread == (cx)->runtime->gcThread

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Version:
1.9.1 Branch
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED DUPLICATE of bug 536478

People

(Reporter: cbook, Unassigned)

References

(
URL
)

Details

(Keywords: assertion, Whiteboard: [crashkill][crash-automation]) 

Assertion failure: (cx)->requestDepth || (cx)->thread == (cx)->runtime->gcThread
, at c:/work/mozilla/builds/1.9.1/mozilla/js/src/jsapi.cpp:1194

Steps to reproduce:
-> Latest 1.9.1 Debug Build
-> Load http://www.nytimes.com/timesskimmer/
after 104 seconds or less
--> Assertion failure: (cx)->requestDepth || (cx)->thread == (cx)->runtime->gcThread
, at c:/work/mozilla/builds/1.9.1/mozilla/js/src/jsapi.cpp:1194

(950.e58): Break instruction exception - code 80000003 (!!! second chance !!!)
eax=00000090 ebx=0736dfb0 ecx=1cdab88d edx=10313d38 esi=0ab7ff50 edi=00d103c0
eip=7c90120e esp=0ab7fdf0 ebp=0ab7fdf4 iopl=0         nv up ei pl nz na po nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000202

Exploitability Classification: UNKNOWN
Recommended Bug Title: Breakpoint starting at ntdll!DbgBreakPoint+0x000000000000
0000 called from js3250!JS_SetGlobalObject+0x000000000000003a (Hash=0x5f347532.0
x26206037)

While a breakpoint itself is probably not exploitable, it may also be an indicat
ion that an attacker is testing a target. In either case breakpoints should not
exist in production code.
ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
0ab7fdf4 004a7a1a ntdll!DbgBreakPoint
0ab7fe08 01eb27c2 js3250!JS_SetGlobalObject+0x3a
0ab7fe30 0030036a gklayout!nsDOMWorkerRunnable::Run+0x122
0ab7feac 0030601a xpcom_core!nsThreadPool::Run+0x2aa
0ab7fee8 00296b63 xpcom_core!nsThread::ProcessNextEvent+0x1fa
0ab7ff04 003050ee xpcom_core!NS_ProcessNextEvent_P+0x53
0ab7ff44 00453807 xpcom_core!nsThread::ThreadFunc+0xce
0ab7ff58 00458d53 nspr4!_PR_NativeRunThread+0xf7
0ab7ff6c 102048d1 nspr4!pr_root+0x23
0ab7ffa8 10204877 MSVCR80D!beginthreadex+0x221
0ab7ffb4 7c80b729 MSVCR80D!beginthreadex+0x1c7
0ab7ffec 00000000 kernel32!GetModuleFileNameA+0x1ba
quit:
Uh, ben, that's this bug.
...I think bent meant bug 536478.  :-)
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → DUPLICATE
blocking1.9.1: ? → ---
Group: core-security
You need to log in before you can comment on or make changes to this bug.