Intermittent "Assertion failure: size_t(src - dst) >= nelem" in ecma_5/JSON/parse-mega-huge-array.js

RESOLVED WORKSFORME

Status

()

defect
--
critical
RESOLVED WORKSFORME
8 years ago
7 years ago

People

(Reporter: philor, Unassigned)

Tracking

({intermittent-failure})

Trunk
x86_64
macOS
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

8 years ago
+++ This bug was initially created as a clone of Bug #710965 +++

May very well just be bug 710965, but I have no way to judge.

https://tbpl.mozilla.org/php/getParsedLog.php?id=7956447&tree=Mozilla-Inbound
Rev4 MacOSX Snow Leopard 10.6 mozilla-inbound debug test jsreftest on 2011-12-15 09:39:01 PST for push 36fa9b176a91

REFTEST TEST-START | file:///Users/cltbld/talos-slave/test/build/jsreftest/tests/jsreftest.html?test=ecma_5/JSON/parse-mega-huge-array.js | 1411 / 3380 (41%)
++DOMWINDOW == 46 (0x1229e7f18) [serial = 2738] [outer = 0x119d20080]
667527: JSON.parse should parse arrays of essentially unlimited size
Assertion failure: size_t(src - dst) >= nelem, at /builds/slave/m-in-osx64-dbg/build/js/src/jsutil.h:316
TEST-UNEXPECTED-FAIL | file:///Users/cltbld/talos-slave/test/build/jsreftest/tests/jsreftest.html?test=ecma_5/JSON/parse-mega-huge-array.js | Exited with code 1 during test run
INFO | automation.py | Application ran for: 0:05:02.233257
INFO | automation.py | Reading PID log: /var/folders/Hs/HsDn6a9SG8idoIya6p9mtE+++TI/-Tmp-/tmp123cDypidlog
PROCESS-CRASH | file:///Users/cltbld/talos-slave/test/build/jsreftest/tests/jsreftest.html?test=ecma_5/JSON/parse-mega-huge-array.js | application crashed (minidump found)
Crash dump filename: /var/folders/Hs/HsDn6a9SG8idoIya6p9mtE+++TI/-Tmp-/tmpPGqzOK/minidumps/01BD7820-7D58-4163-BB5E-7C0A2A901544.dmp
Operating system: Mac OS X
                  10.6.8 10K549
CPU: amd64
     family 6 model 23 stepping 10
     2 CPUs

Crash reason:  EXC_BAD_ACCESS / KERN_INVALID_ADDRESS
Crash address: 0x0

Thread 0 (crashed)
 0  XUL + 0x1a824
    rbx = 0xe8f7894c   r12 = 0x8858948f   r13 = 0x419e4ec0   r14 = 0x4527a1c6
    r15 = 0x44b251c0   rip = 0x0101a824   rsp = 0x5fbfb800   rbp = 0x5fbfb800
    Found by: given as instruction pointer in context
...
That looks like it's in PodCopy -- someone's copying data from one place to another, thinking the two places don't overlap, when they actually do.
Mass marking whiteboard:[orange] bugs WFM (to clean up TBPL bug suggestions) that:
* Haven't changed in > 6months
* Whose whiteboard contains none of the strings: {disabled,marked,random,fuzzy,todo,fails,failing,annotated,leave open,time-bomb}
* Passed a (quick) manual inspection of bug summary/whiteboard to ensure they weren't a false positive.

I've also gone through and searched for cases where the whiteboard wasn't labelled correctly after test disabling, by using attachment description & basic comment searches. However if the test for which this bug was about has in fact been disabled/annotated/..., please accept my apologies & reopen/mark the whiteboard appropriately so this doesn't get re-closed in the future (and please ping me via IRC or email so I can try to tweak the saved searches to avoid more edge cases).

Sorry for the spam! Filter on: #FFA500
Status: NEW → RESOLVED
Last Resolved: 7 years ago
Resolution: --- → WORKSFORME
Whiteboard: [orange]
You need to log in before you can comment on or make changes to this bug.