Closed Bug 852865 Opened 11 years ago Closed 11 years ago

crash in js::JSONParser::trace @ MarkValueInternal

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Version:
22 Branch
Platform:
x86
Windows 7
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla22
Tracking Flags:
Tracking Status
firefox21 --- unaffected
firefox22 --- fixed

People

(Reporter: scoobidiver, Unassigned)

References

Details

(Keywords: crash, regression)

Crash Data

With the below stack trace, it first showed up in 22.0a1/20130318. The regression range might be (updates stopped during a few days):
http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=0b052daa913c&tochange=b03bb3ce8cee
Based on the stack trace, it's likely a regression from bug 836968.

Signature 	MarkValueInternal More Reports Search
UUID	d8d38781-65cf-4eda-8648-ded102130320
Date Processed	2013-03-20 06:51:31
Uptime	25
Last Crash	10.0 hours before submission
Install Age	2.4 hours since version was first installed.
Install Time	2013-03-20 04:29:07
Product	Firefox
Version	22.0a1
Build ID	20130319030939
Release Channel	nightly
OS	Windows NT
OS Version	6.2.9200
Build Architecture	x86
Build Architecture Info	GenuineIntel family 6 model 23 stepping 6
Crash Reason	EXCEPTION_ACCESS_VIOLATION_READ
Crash Address	0x0
App Notes 	
AdapterVendorID: 0x10de, AdapterDeviceID: 0x0611, AdapterSubsysID: 053c10de, AdapterDriverVersion: 9.18.13.529
D2D? D2D+ DWrite? DWrite+ D3D10 Layers? D3D10 Layers+ 
Processor Notes 	sp-processor01.phx1.mozilla.com_19509:2008
EMCheckCompatibility	True
Adapter Vendor ID	0x10de
Adapter Device ID	0x0611
Total Virtual Memory	2147352576
Available Virtual Memory	1313587200
System Memory Use Percentage	40
Available Page File	3298566144
Available Physical Memory	2060578816

Frame 	Module 	Signature 	Source
0 	mozjs.dll 	MarkValueInternal 	js/src/gc/Marking.cpp:475
1 	mozjs.dll 	js::gc::MarkValue 	js/src/gc/Marking.cpp:508
2 	mozjs.dll 	js::JSONParser::trace 	js/src/jsonparser.cpp:47
3 	mozjs.dll 	JS::AutoGCRooter::trace 	js/src/gc/RootMarking.cpp:626
4 	mozjs.dll 	JS::AutoGCRooter::traceAll 	js/src/gc/RootMarking.cpp:639
5 	mozjs.dll 	js::gc::MarkRuntime 	js/src/gc/RootMarking.cpp:687
6 	mozjs.dll 	BeginMarkPhase 	js/src/jsgc.cpp:2873
7 	mozjs.dll 	IncrementalCollectSlice 	js/src/jsgc.cpp:4285
8 	mozjs.dll 	GCCycle 	js/src/jsgc.cpp:4463
9 	mozjs.dll 	Collect 	js/src/jsgc.cpp:4591
10 	mozjs.dll 	js::GC 	js/src/jsgc.cpp:4613
11 	mozjs.dll 	RunLastDitchGC 	js/src/jsgc.cpp:1504
12 	mozjs.dll 	js::gc::ArenaLists::refillFreeList<1> 	js/src/jsgc.cpp:1533
13 	mozjs.dll 	js_NewStringCopyN<1> 	js/src/jsstr.cpp:3579
14 	mozjs.dll 	js::JSONParser::readString<1> 	js/src/jsonparser.cpp:95
15 	mozjs.dll 	js::JSONParser::parse 	js/src/jsonparser.cpp:681
16 	mozjs.dll 	js::ParseJSONWithReviver 	js/src/json.cpp:863
17 	mozjs.dll 	js_json_parse 	js/src/json.cpp:76
18 	mozjs.dll 	js::InvokeKernel 	js/src/jsinterp.cpp:384
19 	mozjs.dll 	js::Interpret 	js/src/jsinterp.cpp:2397
20 	mozjs.dll 	js::RunScript 	js/src/jsinterp.cpp:341
...

More reports at:
https://crash-stats.mozilla.com/report/list?signature=MarkValueInternal
This should be fixed by bug 852563, which is on inbound, though also see bug 852912.
There have been no crashes since 22.0a1/20130321.
Status: NEW → RESOLVED
Closed: 11 years ago
status-firefox22: affectedfixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla22
You need to log in before you can comment on or make changes to this bug.