Closed Bug 633803 Opened 15 years ago Closed 15 years ago

Crash in JSStackFrame::initDummyFrame [@ memset ]

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Platform:
x86
Windows 7
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED DUPLICATE of bug 632358
Tracking Flags:
Tracking Status
blocking2.0 --- .x+

People

(Reporter: scoobidiver, Unassigned)

References

Details

(Keywords: crash, regression)

Crash Data

It is a new crash signature that first appeared in 4.0b12pre/20110212. It is #7 top crasher in this build. It is probably related to bug 633802. Signature memset UUID 811179ae-5fe1-4e37-9a86-2045a2110212 Time 2011-02-12 20:51:08.13797 Uptime 19 Last Crash 186587 seconds (2.2 days) before submission Install Age 1655 seconds (27.6 minutes) since version was first installed. Product Firefox Version 4.0b12pre Build ID 20110212030346 Branch 2.0 OS Windows NT OS Version 6.1.7600 CPU x86 CPU Info GenuineIntel family 6 model 26 stepping 5 Crash Reason EXCEPTION_ACCESS_VIOLATION_WRITE Crash Address 0x20 App Notes AdapterVendorID: 1002, AdapterDeviceID: 68b8, AdapterDriverVersion: 8.700.0.0 Frame Module Signature [Expand] Source 0 mozcrt19.dll memset memset.asm:127 1 mozjs.dll JSStackFrame::initDummyFrame js/src/jsinterpinlines.h:233 2 mozjs.dll js::StackSpace::pushDummyFrame js/src/jscntxt.cpp:376 3 mozjs.dll js::AutoCompartment::enter js/src/jswrapper.cpp:386 4 mozjs.dll JSAutoEnterCompartment::enter js/src/jsapi.cpp:1225 5 xul.dll xpc::WrapperFactory::PrepareForWrapping js/src/xpconnect/wrappers/WrapperFactory.cpp:189 6 mozjs.dll JSCompartment::wrap js/src/jscompartment.cpp:242 7 mozjs.dll JSContext::wrapPendingException js/src/jscntxt.cpp:2029 8 mozjs.dll JSContext::resetCompartment js/src/jscntxt.cpp:2007 9 mozjs.dll JSContext::popSegmentAndFrame js/src/jscntxt.cpp:2061 10 mozjs.dll JS_LeaveCrossCompartmentCall js/src/jsapi.cpp:1213 11 mozjs.dll JSAutoEnterCompartment::~JSAutoEnterCompartment js/src/jsapi.h:1036 12 xul.dll nsXPCWrappedJSClass::CallMethod js/src/xpconnect/src/xpcwrappedjsclass.cpp:1911 13 @0x0 The regression range for the spike is: http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=1ed3464aaa92&tochange=9698ac3f1c61 More reports at: https://crash-stats.mozilla.com/report/list?product=Firefox&range_value=4&range_unit=weeks&signature=memset
Looking at the stack, I think this should be fixed by bug 632358, which is currently fixed on tracemonkey. The same may go for bug 633802.
Depends on: 632358
FWIW, bug 633862 has a trivial-to-reproduce testcase (open javascript:alert(1) and then navigate).
Fwiw, I reproduced in a debug build and got "Assertion failure: invokeArgEnd"
Thanks for pointing that out! I tried the STR on my linux TM debug build (i.e., with the patch from bug 632358) and had no problem.
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → DUPLICATE
blocking2.0: ? → .x
No longer depends on: 632358
Crash Signature: [@ memset ]
You need to log in before you can comment on or make changes to this bug.