Closed
Bug 603525
Opened 14 years ago
Closed 14 years ago
Reproducable 4.0b6 Crash [@ small_free_list_remove_ptr | small_malloc_from_free_list | szone_malloc ]
Categories
(Core :: DOM: HTML Parser, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 600974
People
(Reporter: chofmann, Unassigned)
Details
(Keywords: compat, crash, Whiteboard: [sg:dupe 600974])
Crash Data
I ran across this reproducable crash while looking at crash urls someone on working on css2.1 testing crashed http://crash-stats.mozilla.com/report/index/0f786218-81ac-448e-a139-0086f2101001 201010011529 201010011529 10662 Firefox 4.0b6 on my first visit to the crash url http://test.csswg.org/suites/css2.1/20100917/html4/first-letter-punct-before-035.htm resulted in hang that required force quit, but then subsequent visits crashed several times in a row. http://crash-stats.mozilla.com/report/index/99f688a5-a6cb-4a82-b141-7aac02101011 Frame Module Signature [Expand] Source 0 libSystem.B.dylib small_free_list_remove_ptr 1 libSystem.B.dylib small_malloc_from_free_list 2 libSystem.B.dylib szone_malloc 3 libSystem.B.dylib malloc_zone_malloc 4 libSystem.B.dylib malloc 5 libmozalloc.dylib moz_xmalloc memory/mozalloc/mozalloc.cpp:98 6 XUL nsHtml5UTF16Buffer::nsHtml5UTF16Buffer loc.h:238 7 XUL nsHtml5StreamParser::WriteStreamBytes parser/html/nsHtml5StreamParser.cpp:535 8 XUL nsHtml5StreamParser::DoDataAvailable parser/html/nsHtml5StreamParser.cpp:680 9 XUL nsHtml5DataAvailable::Run parser/html/nsHtml5StreamParser.cpp:720 10 XUL nsThread::ProcessNextEvent xpcom/threads/nsThread.cpp:547 11 XUL NS_ProcessNextEvent_P nsThreadUtils.cpp:250 12 XUL nsThread::ThreadFunc xpcom/threads/nsThread.cpp:263 13 libnspr4.dylib _pt_root nsprpub/pr/src/pthreads/ptthread.c:228 14 libSystem.B.dylib _pthread_start 15 libSystem.B.dylib thread_star using Build identifier: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.5; rv:2.0b6) Gecko/20100101 Firefox/4.0b6
Reporter | ||
Comment 1•14 years ago
|
||
2 of 3 stacks look like comment 0 one of the other stacks I got while testing this is different. could have been something else going on with loading other pages in session restore. http://crash-stats.mozilla.com/report/index/bp-f20bdeda-56e1-445f-86c6-5b39b2101011 Frame Module Signature [Expand] Source 0 libSystem.B.dylib small_free_list_remove_ptr 1 libSystem.B.dylib szone_free 2 libSystem.B.dylib free 3 XUL nanojit::Allocator::reset js/src/nanojit/Allocator.cpp:62 4 XUL js::TraceRecorder::~TraceRecorder js/src/jstracer.cpp:2442 5 XUL js::TraceRecorder::closeLoop js/src/jstracer.cpp:2445 6 XUL js::TraceRecorder::closeLoop js/src/jstracer.cpp:4867 7 XUL js::TraceRecorder::checkTraceEnd js/src/jstracer.cpp:4859 8 XUL js::TraceRecorder::relational js/src/jstracer.cpp:9241 9 XUL js::TraceRecorder::monitorRecording js/src/jstracer.cpp:10816 10 XUL js::Interpret js/src/jsinterp.cpp:2456 11 XUL js::InvokeCommon<JSBool > js/src/jsinterp.cpp:577 12 XUL js::Invoke js/src/jsinterp.cpp:696 13 XUL js::InternalInvoke js/src/jsinterp.cpp:736 14 XUL JS_CallFunctionValue js/src/jsinterp.h:651 15 XUL nsXPCWrappedJSClass::CallMethod
Reporter | ||
Updated•14 years ago
|
blocking2.0: --- → ?
Reporter | ||
Comment 2•14 years ago
|
||
safari 5.0.2 (5533.18.5) and chrome 6.0.472.63 seem to handle the test case ok
Group: core-security
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → DUPLICATE
Reporter | ||
Updated•14 years ago
|
blocking2.0: ? → ---
Assignee | ||
Updated•13 years ago
|
Crash Signature: [@ small_free_list_remove_ptr | small_malloc_from_free_list | szone_malloc ]
Updated•13 years ago
|
Group: core-security
Whiteboard: [sg:dupe 600974]
You need to log in
before you can comment on or make changes to this bug.
Description
•