Closed
Bug 653296
Opened 13 years ago
Closed 7 years ago
Firefox 6.0a1 Crash Report [@ JSObject::putProperty(JSContext*, int, int (*)(JSContext*, JSObject*, int, js::Value*), int (*)(JSContext*, JSObject*, int, int, js::Value*), unsigned int, unsigned int, unsigned int, int) ]
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
WORKSFORME
People
(Reporter: marcia, Unassigned)
Details
(Keywords: crash)
Crash Data
Seen while reviewing trunk crash stats. Started showing up in crash stats using the 2011042700 build. Reports so far: http://tinyurl.com/3hoyp4w https://crash-stats.mozilla.com/report/index/9da54869-918b-454a-8810-0656f2110427 Possible pushlog regression: http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=c5e8cc100248&tochange=c833fb1623ca Frame Module Signature [Expand] Source 0 mozjs.dll JSObject::putProperty js/src/jsscope.cpp:835 1 mozjs.dll js_DefineNativeProperty js/src/jsobj.cpp:4767 2 mozjs.dll js_DefineProperty js/src/jsobj.cpp:4611 3 mozjs.dll JS_DefineUCProperty js/src/jsapi.cpp:3434 4 xul.dll nsDOMConstructor::Install dom/base/nsDOMClassInfo.cpp:5879 5 xul.dll ResolvePrototype dom/base/nsDOMClassInfo.cpp:6276 6 xul.dll nsDOMClassInfo::PostCreatePrototype dom/base/nsDOMClassInfo.cpp:4966 7 mozjs.dll mozjs.dll@0xdcc5f
|
Reporter | |
Comment 1•13 years ago
|
||
Further examination shows this stack shows up in other versions as well - http://tinyurl.com/3kum64l shows it across other versions in the last week. So the pushlog regression range in Comment 0 is definitely incorrect.
|
|
Reporter | |
Comment 2•13 years ago
|
||
It also seems there was a small spike in this crash on the trunk using the 20110427 build.
|
||
Comment 3•13 years ago
|
||
It rose to 30 crashes on 2011-04-27, 75 and 102 the next two days, 53 and 56 this weekend (April 30 / May 1). That's based on crash date, but it looks like build IDs show a similar picture. The vast majority of those are 6.0a1, so there must be some regression between the April 26 and 27 builds that made us hit this way more frequently. It's the #1 crash on trunk now.
|
|
||
Comment 4•13 years ago
|
||
Oh, and https://crash-stats.mozilla.com/report/list?signature=JSObject%3A%3AputProperty%28JSContext%2A%2C%20__int64%2C%20int%20%28%2A%29%28JSContext%2A%2C%20JSObject%2A%2C%20__int64%2C%20js%3A%3AValue%2A%29%2C%20int%20%28%2A%29%28JSContext%2A%2C%20JSObject%2A%2C%20__int64%2C%20int%2C%20js%3A%3AValue%2A%29%2C%20unsigned%20int%2C%20unsigned%20int%2C%20unsigned%20int%2C%20int%29 looks like it's the same on 64bit, btw, and is the #4 topcrash on trunk.
|
|
Reporter | |
Comment 5•13 years ago
|
||
[@ JSObject::putProperty(JSContext*, __int64, int (*)(JSContext*, JSObject*, __int64, js::Value*), int (*)(JSContext*, JSObject*, __int64, int, js::Value*), unsigned int, unsigned int, unsigned int, int) ] is the stack that Kairo references in Comment 4.
|
Assignee | |
Updated•13 years ago
|
Crash Signature: [@ JSObject::putProperty(JSContext*, int, int (*)(JSContext*, JSObject*, int, js::Value*), int (*)(JSContext*, JSObject*, int, int, js::Value*), unsigned int, unsigned int, unsigned int, int) ]
|
|
Assignee | |
Updated•10 years ago
|
Assignee: general → nobody
|
||
Updated•9 years ago
|
Crash Signature: [@ JSObject::putProperty(JSContext*, int, int (*)(JSContext*, JSObject*, int, js::Value*), int (*)(JSContext*, JSObject*, int, int, js::Value*), unsigned int, unsigned int, unsigned int, int) ] → [@ JSObject::putProperty(JSContext*, int, int (*)(JSContext*, JSObject*, int, js::Value*), int (*)(JSContext*, JSObject*, int, int, js::Value*), unsigned int, unsigned int, unsigned int, int) ]
[@ JSObject::putProperty ]
|
||
Comment 6•7 years ago
|
||
I'm marking this bug as WORKSFORME as bug crashlog signature didn't appear from a long time (over half year) in Firefox (except some obsolete Fx <27).
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•