Closed
Bug 643947
Opened 13 years ago
Closed 7 years ago
Firefox 4.0 Crash Report @ isalloc | realloc | JSContext::realloc_
Categories
(Core :: Memory Allocator, defect)
Tracking
()
RESOLVED
WORKSFORME
People
(Reporter: marcia, Unassigned)
References
Details
(Keywords: crash)
Crash Data
Seen while reviewing the top changers: https://crash-stats.mozilla.com/report/list?range_value=7&range_unit=days&signature=isalloc&version=Firefox%3A4.0 Sample report: https://crash-stats.mozilla.com/report/index/ab11d0fc-8579-4136-a50b-4e0382110318 Frame Module Signature [Expand] Source 0 mozcrt19.dll isalloc obj-firefox/memory/jemalloc/crtsrc/jemalloc.c:4123 1 mozcrt19.dll realloc obj-firefox/memory/jemalloc/crtsrc/jemalloc.c:6076 2 mozjs.dll JSContext::realloc js/src/jscntxt.h:2045 3 mozjs.dll JSObject::growSlots js/src/jsobj.cpp:4074 4 mozjs.dll JSObject::allocSlot js/src/jsobj.cpp:4409 5 mozjs.dll JSObject::getChildProperty js/src/jsscope.cpp:548 6 mozjs.dll JSObject::addPropertyInternal js/src/jsscope.cpp:812 7 mozjs.dll JSObject::putProperty js/src/jsscope.cpp:899 8 mozjs.dll js_SetPropertyHelper js/src/jsobj.cpp:5765 9 mozjs.dll js_SetProperty js/src/jsobj.cpp:5802 10 mozjs.dll js::mjit::stubs::SetElem<0> js/src/methodjit/StubCalls.cpp:567
|
||
Comment 1•13 years ago
|
||
#120 long term, #80 rank last 2 days the stacks very considerably bp-713de451-5afd-47ba-a9a0-ab9002110322 GrowStuff EXCEPTION_ACCESS_VIOLATION_READ 0x14 0 mozcrt19.dll isalloc obj-firefox/memory/jemalloc/crtsrc/jemalloc.c:4123 1 mozcrt19.dll realloc obj-firefox/memory/jemalloc/crtsrc/jemalloc.c:6076 2 xul.dll NS_Realloc_P xpcom/base/nsMemoryImpl.cpp:224 3 xul.dll GrowStuff obj-firefox/xpcom/build/nsTextFormatter.cpp:1220 4 xul.dll fill2 obj-firefox/xpcom/build/nsTextFormatter.cpp:150 5 @0x933cf3f 6 xul.dll nsStringBundle::FormatString intl/strres/src/nsStringBundle.cpp:404 bp-aa67f624-837b-45f7-bb4d-c01a02110321 JSObject::shrinkSlots EXCEPTION_ACCESS_VIOLATION_READ 0x8000 0 mozcrt19.dll isalloc obj-firefox/memory/jemalloc/crtsrc/jemalloc.c:4123 1 mozcrt19.dll realloc obj-firefox/memory/jemalloc/crtsrc/jemalloc.c:6076 2 mozjs.dll JSContext::realloc js/src/jscntxt.h:2041 3 mozjs.dll JSObject::shrinkSlots js/src/jsobj.cpp:4104 4 mozjs.dll js_TraceObject js/src/jsobj.cpp:6536 5 mozjs.dll js::gc::MarkChildren js/src/jsgcinlines.h:289 6 mozjs.dll js::gc::MarkKind js/src/jsgcinlines.h:579 7 mozjs.dll exn_trace js/src/jsexn.cpp:414 bp-30e500c6-5d0b-4ae1-840e-e2d492110319 moz_xrealloc nsTArray_base<nsTArrayDefaultAllocator>::EnsureCapacity EXCEPTION_ACCESS_VIOLATION_READ 0x14 0 mozcrt19.dll isalloc obj-firefox/memory/jemalloc/crtsrc/jemalloc.c:4123 1 mozcrt19.dll realloc obj-firefox/memory/jemalloc/crtsrc/jemalloc.c:6076 2 mozalloc.dll moz_xrealloc memory/mozalloc/mozalloc.cpp:130 3 xul.dll nsTArray_base<nsTArrayDefaultAllocator>::EnsureCapacity obj-firefox/dist/include/nsTArray-inl.h:106 4 xul.dll nsEventListenerManager::AddEventListener content/events/src/nsEventListenerManager.cpp:457 5 xul.dll nsEventListenerManager::AddEventListenerByType content/events/src/nsEventListenerManager.cpp:596
|
|
||
Comment 2•13 years ago
|
||
a63ac10c-c3a8-4832-b72e-da7a32110318 EXCEPTION_ACCESS_VIOLATION_READ 0x0 0 mozcrt19.dll isalloc obj-firefox/memory/jemalloc/crtsrc/jemalloc.c:4123 1 mozcrt19.dll realloc obj-firefox/memory/jemalloc/crtsrc/jemalloc.c:6076 2 mozalloc.dll moz_xrealloc memory/mozalloc/mozalloc.cpp:130 3 xul.dll nsTArray_base<nsTArrayDefaultAllocator>::EnsureCapacity obj-firefox/dist/include/nsTArray-inl.h:106 4 xul.dll HasSyntheticBold gfx/thebes/gfxFont.cpp:3371 5 xul.dll nsTArray<nsRefPtr<gfxFontFamily>,nsTArrayDefaultAllocator>::AppendElements<gfxFontFamily*> obj-firefox/dist/include/nsTArray.h:770 6 xul.dll PrefFontCallbackData::AddFontFamilyEntry gfx/thebes/gfxFont.cpp:2692 7 xul.dll HasSyntheticBold gfx/thebes/gfxFont.cpp:3371 8 xul.dll gfxTextRun::Draw 9 d3d10_1core.dll CLayeredObject<CTexture3D<6> >::_InternalQueryInterface 10 dxgi.dll ATL::CComObjectRootBase::_Delegate 11 d3d10_1core.dll CLayeredObject<CDevice>::CContainedObject::AddRef 12 mozcrt19.dll arena_malloc_small obj-firefox/memory/jemalloc/crtsrc/jemalloc.c:3792 13 xul.dll _moz_cairo_region_create_rectangle gfx/cairo/cairo/src/cairo-region.c:223 14 xul.dll _cairo_path_fixed_fill_rectilinear_to_region gfx/cairo/cairo/src/cairo-path-fill.c:258 15 xul.dll _cairo_gstate_fill gfx/cairo/cairo/src/cairo-gstate.c:1184 16 mozcrt19.dll free obj-firefox/memory/jemalloc/crtsrc/jemalloc.c:6130 17 xul.dll gfxSurfaceDrawable::Draw gfx/thebes/gfxDrawable.cpp:183 none of 4.0 stacks mentioned above match to FF 3.6 crashes. example bp-098b8b03-7173-4aa8-aec6-48a532110319 EXCEPTION_ACCESS_VIOLATION_READ 0x14 0 mozcrt19.dll isalloc obj-firefox/memory/jemalloc/crtsrc/jemalloc.c:4065 1 mozcrt19.dll realloc obj-firefox/memory/jemalloc/crtsrc/jemalloc.c:5969 2 js3250.dll JSScope::add js/src/jsscope.cpp:1291 3 js3250.dll js_DefineNativeProperty js/src/jsobj.cpp:3694 4 js3250.dll js_DefineProperty js/src/jsobj.cpp:3566 5 js3250.dll JS_DefinePropertyById js/src/jsapi.cpp:3106 6 xul.dll nsXPCComponents_Interfaces::NewResolve js/src/xpconnect/src/xpccomponents.cpp:374 7 xul.dll XPC_WN_Helper_NewResolve js/src/xpconnect/src/xpcwrappednativejsops.cpp:1165 None of the FF stacks match to Thunderbird 3.x crashes, 3/4 are startup crashes, and most are like bp-d801a476-7b8e-4e28-ad6f-4e91f2101214 js_ShrinkSlots EXCEPTION_ACCESS_VIOLATION_READ 0x14 0 mozcrt19.dll isalloc objdir-tb/mozilla/memory/jemalloc/crtsrc/jemalloc.c:4065 1 mozcrt19.dll realloc objdir-tb/mozilla/memory/jemalloc/crtsrc/jemalloc.c:5969 2 js3250.dll JSContext::realloc js/src/jscntxt.h:1223 3 js3250.dll js_ShrinkSlots js/src/jsobj.cpp:3087 4 js3250.dll js_TraceObject js/src/jsobj.cpp:5663 5 js3250.dll JS_TraceChildren js/src/jsgc.cpp:2384 6 js3250.dll JS_CallTracer js/src/jsgc.cpp:2653 7 js3250.dll js_TraceObject js/src/jsobj.cpp:5704 8 js3250.dll JS_TraceChildren js/src/jsgc.cpp:2384 9 js3250.dll JS_CallTracer js/src/jsgc.cpp:2653 10 thunderbird.exe TraceScopeJSObjects js/src/xpconnect/src/xpcwrappednativejsops.cpp:713 11 thunderbird.exe XPC_WN_Shared_Proto_Trace js/src/xpconnect/src/xpcwrappednativejsops.cpp:1857 12 js3250.dll js_TraceObject js/src/jsobj.cpp:5679 13 js3250.dll JS_TraceChildren js/src/jsgc.cpp:2384 14 js3250.dll JS_CallTracer js/src/jsgc.cpp:2653 8 js3250.dll js_LookupPropertyWithFlags js/src/jsobj.cpp:3802
|
Assignee | |
Updated•13 years ago
|
Crash Signature: [@ isalloc ]
|
||
Comment 3•13 years ago
|
||
My brother saw this on his current 6 beta build: https://crash-stats.mozilla.com/report/index/bp-0dc5fe58-3874-4b94-b992-fd6ad2110727
|
||
Comment 4•12 years ago
|
||
I restricted this meta crash to the stack in comment 0.
Crash Signature: [@ isalloc ] → [@ isalloc]
[@ isalloc | realloc | JSContext::realloc_(void*, unsigned int, unsigned int)]
Summary: Firefox 4.0 Crash Report [@ isalloc ] → Firefox 4.0 Crash Report @ isalloc | realloc | JSContext::realloc_
|
||
Updated•9 years ago
|
Crash Signature: [@ isalloc]
[@ isalloc | realloc | JSContext::realloc_(void*, unsigned int, unsigned int)] → [@ isalloc]
[@ isalloc | realloc | JSContext::realloc_(void*, unsigned int, unsigned int)]
[@ isalloc | realloc | JSContext::realloc_]
|
||
Comment 5•7 years ago
|
||
I'm marking this bug as WORKSFORME as bug crashlog signature didn't appear from a long time (over half year) in Firefox (except some obsolete Fx <49).
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•