Closed Bug 901346 Opened 11 years ago Closed 11 years ago

crash in mozalloc_abort(char const* const) | js::Invoke(JSContext*, JS::CallArgs, js::MaybeConstruct)

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Platform:
x86
Windows NT
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED DUPLICATE of bug 767343

People

(Reporter: marcia, Unassigned)

Details

(Keywords: crash)

Crash Data

This bug was filed from the Socorro interface and is report bp-bbcd2299-e75d-4e2c-b07d-c84dc2130804 . ============================================================= Seen while looking at crash stats - Currently #23 top crash in Firefox 23.0b10 and no bug was associated with it. All crashes occur in Firefox 23.0b10 according to the signature summary. Link to crashes: https://crash-stats.mozilla.com/report/list?signature=mozalloc_abort%28char%20const*%20const%29%20|%20xul.dll@0xcf48f0%20|%20xul.dll@0x7023bd%20|%20xul.dll@0x533fdd%20|%20xul.dll@0x199b07%20|%20xul.dll@0x1b7890%20|%20js::Invoke%28JSContext*,%20JS::CallArgs,%20js::MaybeConstruct%29 Frame Module Signature Source 0 mozalloc.dll mozalloc_abort(char const * const) memory/mozalloc/mozalloc_abort.cpp 1 xul.dll xul.dll@0xcf48f0 2 xul.dll xul.dll@0x7023bd 3 xul.dll xul.dll@0x533fdd 4 xul.dll xul.dll@0x199b07 5 xul.dll xul.dll@0x1b7890 6 mozjs.dll js::Invoke(JSContext *,JS::CallArgs,js::MaybeConstruct) js/src/jsinterp.cpp 7 mozjs.dll js::Invoke(JSContext *,JS::Value const &,JS::Value const &,unsigned int,JS::Value *,JS::Value *) js/src/jsinterp.cpp 8 mozjs.dll js::Shape::set(JSContext *,JS::Handle<JSObject *>,JS::Handle<JSObject *>,bool,JS::MutableHandle<JS::Value>) js/src/vm/Shape-inl.h 9 mozjs.dll js_NativeSet(JSContext *,JS::Handle<JSObject *>,JS::Handle<JSObject *>,JS::Handle<js::Shape *>,bool,JS::MutableHandle<JS::Value>) js/src/jsobj.cpp 10 mozjs.dll js::baseops::SetPropertyHelper(JSContext *,JS::Handle<JSObject *>,JS::Handle<JSObject *>,JS::Handle<int>,unsigned int,JS::MutableHandle<JS::Value>,int) js/src/jsobj.cpp 11 mozjs.dll js::SetPropertyOperation(JSContext *,unsigned char *,JS::Handle<JS::Value>,JS::Handle<JS::Value>) js/src/jsinterpinlines.h 12 mozjs.dll js::Interpret(JSContext *,js::StackFrame *,js::InterpMode,bool) js/src/jsinterp.cpp 13 mozjs.dll js::RunScript(JSContext *,js::StackFrame *) js/src/jsinterp.cpp 14 xul.dll xul.dll@0x10ac390
Feel free to add the moving signature to the right bug for each Beta and Release.
Status: NEW → RESOLVED
Crash Signature: [@ ]mozalloc_abort(char const* const) | xul.dll@0xcf48f0 | xul.dll@0x7023bd | xul.dll@0x533fdd | xul.dll@0x199b07 | xul.dll@0x1b7890 | js::Invoke(JSContext*, JS::CallArgs, js::MaybeConstruct) → [@ mozalloc_abort(char const* const) | xul.dll@0xcf48f0 | xul.dll@0x7023bd | xul.dll@0x533fdd | xul.dll@0x199b07 | xul.dll@0x1b7890 | js::Invoke(JSContext*, JS::CallArgs, js::MaybeConstruct)]
Closed: 11 years ago
Resolution: --- → DUPLICATE
(In reply to Scoobidiver from comment #1) > Feel free to add the moving signature to the right bug for each Beta and > Release. > > *** This bug has been marked as a duplicate of bug 767343 *** Doesn't come up when I file the bug in Bugzilla, so this is difficult.
According to the abort message which is reported the failure is in nsTSubstring_CharT::Assign( const self_type& str ) located in xpcom/string/src/nsTSubstring.cpp And this seems to be an OOM. Also it started on July 31, so I will suggest looking there, and try to get one crash stat with the symbols. The unknown pointers are just that we do not have the symbols of xul.dll, can we have a stack, because there are many ways we can go from js::Invoke to nsTSubstring_CharT::Assign, and this might not even be a JavaScript bug.
You need to log in before you can comment on or make changes to this bug.