Closed
Bug 682598
Opened 13 years ago
Closed 13 years ago
Crash, null pointer deref [@ GraphWalker<scanVisitor>::DoWalk ]
Categories
(Core :: XPCOM, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 500105
People
(Reporter: bjacob, Unassigned)
Details
(Keywords: crash)
Crash Data
Attachments
(1 file)
|
963 bytes,
patch
|
mccr8
:
review-
|
Details | Diff | Splinter Review |
I was just looking at the list of top crashers for Firefox 9.0a1 / Linux. This one is ranking 30th with... 2 crashes last week. https://crash-stats.mozilla.com/report/list?product=Firefox&version=Firefox%3A9.0a1&platform=linux&query_search=signature&query_type=contains&reason_type=contains&date=&range_value=1&range_unit=weeks&hang_type=any&process_type=any&do_query=1&signature=GraphWalker%3CscanVisitor%3E%3A%3ADoWalk Here's one of the crashes: https://crash-stats.mozilla.com/report/index/beb2c20e-600a-4478-a7e3-4017f2110825 It's crashing here with a null deref, suggesting that |pi| is null: http://hg.mozilla.org/mozilla-central/annotate/7eb1a56eaaf1/xpcom/base/nsCycleCollector.cpp#l1886 The DoWalk function has been inlined, but it seems that the |pi| pointer is null here: http://hg.mozilla.org/mozilla-central/annotate/7eb1a56eaaf1/xpcom/base/nsCycleCollector.cpp#l1336
|
Reporter | |
Comment 1•13 years ago
|
||
Is this the right fix? I don't want to hide a bug, if the real bug is that a null pointer was there in the first place.
Attachment #556291 -
Flags: review?(jwalden+bmo)
|
||
Comment 2•13 years ago
|
||
https://crash-stats.mozilla.com/report/list?range_value=4&range_unit=weeks&signature=GraphWalker%3CscanVisitor%3E::DoWalk says this a cross-Firefox-version (since 4) crash on both Linux and Mac.
|
||
Comment 3•13 years ago
|
||
Yeah, this looks like the same thing as bug 500105, which happens on all platforms. About half of these crashes show up as null dereferences, but I think pi shouldn't be null here. I'm not sure if there is just sometimes an extra null being stored, so we could skip over it and all would be fine, or of this means we've totally gone off the rails, and null-checking will just make us crash later.
Assignee: general → nobody
Component: JavaScript Engine → XPCOM
QA Contact: general → xpcom
|
|
||
Updated•13 years ago
|
Attachment #556291 -
Flags: review?(jwalden+bmo) → review?(continuation)
|
|
||
Comment 4•13 years ago
|
||
Comment on attachment 556291 [details] [diff] [review] avoid null deref So, Peter agrees with me, that a null showing up here is a violation of some basic CC invariant, so things are probably haywire anyways. He is suspicious of the nsDeque, so maybe we'll try out the JS queue for a few weeks to see if that helps this.
Attachment #556291 -
Flags: review?(continuation) → review-
|
|
||
Updated•13 years ago
|
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → DUPLICATE
Version: unspecified → Trunk
You need to log in
before you can comment on or make changes to this bug.
Description
•