Closed Bug 711152 Opened 13 years ago Closed 12 years ago

Intermittent "Assertion failure: size_t(src - dst) >= nelem" in ecma_5/JSON/parse-mega-huge-array.js

Categories

(Core :: JavaScript Engine, defect)

x86_64
macOS
defect
Not set
critical

Tracking

()

RESOLVED WORKSFORME

People

(Reporter: philor, Unassigned)

References

Details

(Keywords: intermittent-failure)

+++ This bug was initially created as a clone of Bug #710965 +++ May very well just be bug 710965, but I have no way to judge. https://tbpl.mozilla.org/php/getParsedLog.php?id=7956447&tree=Mozilla-Inbound Rev4 MacOSX Snow Leopard 10.6 mozilla-inbound debug test jsreftest on 2011-12-15 09:39:01 PST for push 36fa9b176a91 REFTEST TEST-START | file:///Users/cltbld/talos-slave/test/build/jsreftest/tests/jsreftest.html?test=ecma_5/JSON/parse-mega-huge-array.js | 1411 / 3380 (41%) ++DOMWINDOW == 46 (0x1229e7f18) [serial = 2738] [outer = 0x119d20080] 667527: JSON.parse should parse arrays of essentially unlimited size Assertion failure: size_t(src - dst) >= nelem, at /builds/slave/m-in-osx64-dbg/build/js/src/jsutil.h:316 TEST-UNEXPECTED-FAIL | file:///Users/cltbld/talos-slave/test/build/jsreftest/tests/jsreftest.html?test=ecma_5/JSON/parse-mega-huge-array.js | Exited with code 1 during test run INFO | automation.py | Application ran for: 0:05:02.233257 INFO | automation.py | Reading PID log: /var/folders/Hs/HsDn6a9SG8idoIya6p9mtE+++TI/-Tmp-/tmp123cDypidlog PROCESS-CRASH | file:///Users/cltbld/talos-slave/test/build/jsreftest/tests/jsreftest.html?test=ecma_5/JSON/parse-mega-huge-array.js | application crashed (minidump found) Crash dump filename: /var/folders/Hs/HsDn6a9SG8idoIya6p9mtE+++TI/-Tmp-/tmpPGqzOK/minidumps/01BD7820-7D58-4163-BB5E-7C0A2A901544.dmp Operating system: Mac OS X 10.6.8 10K549 CPU: amd64 family 6 model 23 stepping 10 2 CPUs Crash reason: EXC_BAD_ACCESS / KERN_INVALID_ADDRESS Crash address: 0x0 Thread 0 (crashed) 0 XUL + 0x1a824 rbx = 0xe8f7894c r12 = 0x8858948f r13 = 0x419e4ec0 r14 = 0x4527a1c6 r15 = 0x44b251c0 rip = 0x0101a824 rsp = 0x5fbfb800 rbp = 0x5fbfb800 Found by: given as instruction pointer in context ...
That looks like it's in PodCopy -- someone's copying data from one place to another, thinking the two places don't overlap, when they actually do.
Mass marking whiteboard:[orange] bugs WFM (to clean up TBPL bug suggestions) that: * Haven't changed in > 6months * Whose whiteboard contains none of the strings: {disabled,marked,random,fuzzy,todo,fails,failing,annotated,leave open,time-bomb} * Passed a (quick) manual inspection of bug summary/whiteboard to ensure they weren't a false positive. I've also gone through and searched for cases where the whiteboard wasn't labelled correctly after test disabling, by using attachment description & basic comment searches. However if the test for which this bug was about has in fact been disabled/annotated/..., please accept my apologies & reopen/mark the whiteboard appropriately so this doesn't get re-closed in the future (and please ping me via IRC or email so I can try to tweak the saved searches to avoid more edge cases). Sorry for the spam! Filter on: #FFA500
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → WORKSFORME
Whiteboard: [orange]
You need to log in before you can comment on or make changes to this bug.