Created attachment 464829 [details] gdb log 1. http://www.brideaccess.com/vendor-list?category_id=13 2. firefox-bin(76654,0xa013a720) malloc: *** error for object 0x77afbd27: Non-aligned pointer being freed I originally saw this due to a crash: Operating system: Mac OS X 10.5.8 9L34 CPU: x86 GenuineIntel family 6 model 26 stepping 5 1 CPU Crash reason: EXC_BAD_ACCESS / KERN_INVALID_ADDRESS Crash address: 0xffffffff80808080 Thread 0 (crashed) 0 libmozjs.dylib!JS_TraceChildren [jsgc.cpp : 2384 + 0x5] eip = 0x002ef242 esp = 0xbfff5090 ebp = 0xbfff50c8 ebx = 0x002ef208 esi = 0x00000000 edi = 0x00000008 eax = 0x80808080 ecx = 0x00000021 edx = 0xbfff50f8 efl = 0x00210282 but that may just be due to quicktime trashing memory.
fyi: I've now seen this twice in jseng with stacks looking like: JS_TraceChildren JS_CallTracer js_TraceObject JS_TraceChildren JS_CallTracer JS_TraceChildren JS_CallTracer JSScopeProperty::trace JSScope::trace js_TraceObject I haven't been able to reproduce locally though.
Can not reproduce with QuickTime 7.7 on Mac OS X 10.5 (crash or valgrind message) or Windows or QuickTime 10.0 on Mac OS X 10.6. I think the content has changed though so that the original issue is not being tested. None the less, also considering tracemonkey is no more I think this is wfm.