Closed
Bug 694820
Opened 13 years ago
Closed 13 years ago
GC related Crash [@ regexp_finalize ]
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
WORKSFORME
Tracking | Status | |
---|---|---|
firefox10 | --- | affected |
People
(Reporter: bc, Unassigned)
References
()
Details
(Keywords: crash, crashreportid, Whiteboard: js-triage-done)
Crash Data
This is not directly reproducible. 0. Run browser doing tons of stuff for ~11 hours (Nightly/Mac OS X 10.5). 1. Open http://www.usatoday.com/ in a new tab (url is probably irrelevant) 2. Crash [@ regexp_finalize ] bp-efcf7545-565f-4450-b581-a83a62111015 Build ID 20111015031037 Crash Address 0xffffffffffffff96 Frame Module Signature [Expand] Source 0 XUL regexp_finalize js/src/assembler/jit/ExecutableAllocator.h:126 1 XUL js::gc::FinalizeArenas js/src/jsobjinlines.h:199 2 XUL js::gc::ArenaLists::finalizeObjects js/src/jsgc.cpp:1362 3 XUL GCCycle js/src/jsgc.cpp:2463 4 XUL js_GC js/src/jsgc.cpp:2856 5 XUL JS_GC js/src/jsapi.cpp:2708 6 XUL nsXPConnect::Collect js/xpconnect/src/nsXPConnect.cpp:409 7 XUL nsXPConnect::GarbageCollect js/xpconnect/src/nsXPConnect.cpp:417 https://hg.mozilla.org/mozilla-central/annotate/6d5fd5a30c71/js/src/assembler/jit/ExecutableAllocator.h#l126 void release(bool willDestroy = false) { JS_ASSERT(m_refCount != 0); // XXX: disabled, see bug 654820. //JS_ASSERT_IF(willDestroy, m_refCount == 1); => if (--m_refCount == 0) { js::UnwantedForeground::delete_(this); } } Bad |this| ? Security Sensitive since this is gc and jit related. Not sure this bug will be helpful since I can't reproduce, but maybe it will give someone a clue.
Updated•13 years ago
|
Whiteboard: js-triage-needed
Comment 1•13 years ago
|
||
Bob, have you seen this anywhere else? I can't reproduce with the STR given.
Reporter | ||
Comment 2•13 years ago
|
||
Chris, no I've never seen it again.
Comment 3•13 years ago
|
||
Sounds like this bug isn't doing us much good. Should we close it WORKSFORME? unhide it but leave it open?
Reporter | ||
Comment 4•13 years ago
|
||
wfm and open it sound ok to me. cdleary?
Comment 5•13 years ago
|
||
Sounds good!
Updated•13 years ago
|
Whiteboard: js-triage-needed → js-triage-done
Reporter | ||
Comment 6•13 years ago
|
||
done.
Group: core-security
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•