Closed Bug 673977 Opened 9 years ago Closed 2 years ago

crash in DestroyScript

Categories

(Core :: JavaScript Engine, defect)

x86
Windows NT
defect
Not set
critical

Tracking

()

RESOLVED WONTFIX

People

(Reporter: kairo, Unassigned)

Details

(Keywords: crash)

Crash Data

This bug was filed from the Socorro interface and is 
report bp-f405af85-c167-4170-a497-e35432110725 .
============================================================= 

This is crashing in http://hg.mozilla.org/mozilla-central/annotate/19348341366b/js/src/jsscript.cpp#l1317 which is a line added for bug 671113.

More similar crashes are at https://crash-stats.mozilla.com/report/list?signature=DestroyScript - Bill, is this your instrumentation showing what's actually going on? Related to bug 670702?
BTW, this bug is for the rise of such cases in 8.0a1 starting with the 20110722 build IDs - there is a residual crash in this function since Firefox 4, which probably is a different thing, I guess.
Yes, all the ones crashing with address 0x0 are intentional crashes. They're places where memory is getting corrupted somehow--usually when we try to free a script twice. I'm trying to get additional data in bug 673625 to track down the cause.
Assignee: general → nobody
Closing because no crash reported since 12 weeks.
Status: NEW → RESOLVED
Closed: 2 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.