Closed Bug 830654 Opened 12 years ago Closed 12 years ago

crash in js::ObjectImpl::getPrivate

Categories

(Core :: JavaScript Engine, defect)

20 Branch
All
Windows 7
defect
Not set
critical

Tracking

()

VERIFIED FIXED
mozilla21
Tracking Status
firefox19 --- unaffected
firefox20 + verified
firefox21 + verified

People

(Reporter: scoobidiver, Assigned: dvander)

References

Details

(4 keywords)

Crash Data

It's #12 top browser crasher in 20.0a2 and #28 in 21.0a1. It first showed up in 20.0a1/20121228. The regression range is: http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=d29b182e169e&tochange=f2a500997116 Although it has a stack trace similar to the one of bug 806820, their regression ranges are different so I don't think it's a duplicate. Signature js::ObjectImpl::getPrivate() More Reports Search UUID f4dab735-bc2e-45ee-95f1-67d6e2130114 Date Processed 2013-01-14 21:21:11 Uptime 1949 Last Crash 2.0 days before submission Install Age 1.1 days since version was first installed. Install Time 2013-01-13 18:15:29 Product Firefox Version 21.0a1 Build ID 20130113031019 Release Channel nightly OS Windows NT OS Version 6.1.7601 Service Pack 1 Build Architecture x86 Build Architecture Info GenuineIntel family 6 model 37 stepping 5 Crash Reason EXCEPTION_ACCESS_VIOLATION_READ Crash Address 0xffffffffdadadae2 App Notes AdapterVendorID: 0x8086, AdapterDeviceID: 0x0046, AdapterSubsysID: 08461854, AdapterDriverVersion: 8.15.10.2509 D2D? D2D+ DWrite? DWrite+ D3D10 Layers? D3D10 Layers+ EMCheckCompatibility True Adapter Vendor ID 0x8086 Adapter Device ID 0x0046 Total Virtual Memory 2147352576 Available Virtual Memory 909783040 System Memory Use Percentage 51 Available Page File 4572995584 Available Physical Memory 1539563520 Frame Module Signature Source 0 mozjs.dll js::ObjectImpl::getPrivate js/src/vm/ObjectImpl-inl.h:459 1 mozjs.dll SuppressDeletedPropertyHelper<IndexRangePredicate> js/src/jsiter.cpp:1080 2 mozjs.dll js_SuppressDeletedElements js/src/jsiter.cpp:1199 3 mozjs.dll array_splice js/src/jsarray.cpp:1881 4 mozjs.dll js::InvokeKernel js/src/jsinterp.cpp:391 5 mozjs.dll js::Interpret js/src/jsinterp.cpp:2385 6 mozjs.dll js::ion::CanEnter js/src/ion/Ion.cpp:1511 7 mozjs.dll js::RunScript js/src/jsinterp.cpp:348 8 mozjs.dll js::InvokeKernel js/src/jsinterp.cpp:406 9 mozjs.dll js::Invoke js/src/jsinterp.h:112 10 mozjs.dll js_fun_call js/src/jsfun.cpp:855 11 mozjs.dll js::InvokeKernel js/src/jsinterp.cpp:391 12 mozjs.dll js::Interpret js/src/jsinterp.cpp:2385 13 mozjs.dll js::RunScript js/src/jsinterp.cpp:340 14 mozjs.dll js::InvokeKernel js/src/jsinterp.cpp:406 15 mozjs.dll js::Invoke js/src/jsinterp.h:112 16 mozjs.dll js_fun_apply js/src/jsfun.cpp:967 17 mozjs.dll js::InvokeKernel js/src/jsinterp.cpp:391 18 mozjs.dll js::Interpret js/src/jsinterp.cpp:2385 19 mozjs.dll js::RunScript js/src/jsinterp.cpp:340 20 xul.dll nsScriptSecurityManager::LookupPolicy caps/src/nsScriptSecurityManager.cpp:1192 21 xul.dll nsJSContext::ConvertSupportsTojsvals dom/base/nsJSEnvironment.cpp:2179 More reports at: https://crash-stats.mozilla.com/report/list?signature=js%3A%3AObjectImpl%3A%3AgetPrivate%28%29
It has mostly the Facebook main page and a few YouTube URLs, not posting a list because the front pages of those services will not be what we can use for reproduction anyhow, unfortunately.
Keywords: needURLs
Naveed/David - any recent changes in this code?
Depends on: 831626
No crashes on trunk like this since bug 831626 landed (the 1/25 build).
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla21
Yeah, looking at the crash stack this is definitely the same thing.
This may be related to cx->enumerator fragility that David is working on. Assigning to him so he can weigh in.
Assignee: general → dvander
There are no crashes in Soccoro in last 14days.
There are only one Firefox 20a1 and one Firefox 20a2 crashes in Socorro for the last 4 weeks.
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.