Closed
Bug 904492
Opened 11 years ago
Closed 5 years ago
Crash in [@ js::Shape::search ]
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
WORKSFORME
| Tracking | Status | |
|---|---|---|
| firefox45 | --- | affected |
People
(Reporter: scoobidiver, Unassigned)
References
Details
(Keywords: crash, Whiteboard: ShutDownKill)
Crash Data
It's #31 browser crasher in 23.0, #21 in 24.0b1, #114 in 25.0a2, and #155 in 26.0a1. Stack traces are various: Frame Module Signature Source 0 mozjs.dll js::Shape::search(js::ExclusiveContext *,js::Shape *,int,js::Shape * * *,bool) js/src/vm/Shape.h 1 mozjs.dll js::ObjectImpl::nativeLookup(js::ExclusiveContext *,int) js/src/vm/ObjectImpl.cpp 2 mozjs.dll js::GetPropertyHelper(JSContext *,JS::Handle<JSObject *>,JS::Handle<int>,unsigned int,JS::MutableHandle<JS::Value>) js/src/jsobj.cpp 3 mozjs.dll GetPropertyOperation(JSContext *,js::StackFrame *,JS::Handle<JSScript *>,unsigned char *,JS::MutableHandle<JS::Value>,JS::MutableHandle<JS::Value>) js/src/vm/Interpreter.cpp 4 mozjs.dll Interpret js/src/vm/Interpreter.cpp 5 mozjs.dll js::RunScript(JSContext *,js::RunState &) js/src/vm/Interpreter.cpp 6 mozjs.dll js::ExecuteKernel(JSContext *,JS::Handle<JSScript *>,JSObject &,JS::Value const &,js::ExecuteType,js::AbstractFramePtr,JS::Value *) js/src/vm/Interpreter.cpp ... Frame Module Signature Source 0 mozjs.dll js::Shape::search(js::ExclusiveContext *,js::Shape *,int,js::Shape * * *,bool) js/src/vm/Shape.h 1 mozjs.dll js::ObjectImpl::nativeLookup(js::ExclusiveContext *,int) js/src/vm/ObjectImpl.cpp 2 mozjs.dll js::ion::OperatorIn(JSContext *,JS::Handle<JS::Value>,JS::Handle<JSObject *>,bool *) js/src/jit/VMFunctions.cpp 3 xul.dll nsIFrame::BuildDisplayListForChild(nsDisplayListBuilder *,nsIFrame *,nsRect const &,nsDisplayListSet const &,unsigned int) layout/generic/nsFrame.cpp 4 mozglue.dll imalloc memory/mozjemalloc/jemalloc.c 5 mozglue.dll je_malloc memory/mozjemalloc/jemalloc.c 6 xul.dll XPCStringConvert::ReadableToJSVal(JSContext *,nsAString_internal const &,nsStringBuffer * *) js/xpconnect/src/XPCString.cpp ... Frame Module Signature Source 0 mozjs.dll js::Shape::search(js::ExclusiveContext *,js::Shape *,int,js::Shape * * *,bool) js/src/vm/Shape.h 1 mozjs.dll js::ObjectImpl::nativeLookup(js::ExclusiveContext *,int) js/src/vm/ObjectImpl.cpp 2 mozjs.dll JS_ForwardGetPropertyTo(JSContext *,JSObject *,int,JSObject *,JS::MutableHandle<JS::Value>) js/src/jsapi.cpp 3 mozjs.dll js::ObjectImpl::nativeLookup(js::ExclusiveContext *,int) js/src/vm/ObjectImpl.cpp 4 mozjs.dll JS_GetProperty(JSContext *,JSObject *,char const *,JS::MutableHandle<JS::Value>) js/src/jsapi.cpp 5 xul.dll nsXPCWrappedJSClass::CallMethod(nsXPCWrappedJS *,unsigned short,XPTMethodDescriptor const *,nsXPTCMiniVariant *) js/xpconnect/src/XPCWrappedJSClass.cpp 6 xul.dll nsXPCWrappedJS::CallMethod(unsigned short,XPTMethodDescriptor const *,nsXPTCMiniVariant *) js/xpconnect/src/XPCWrappedJS.cpp 7 xul.dll PrepareAndDispatch xpcom/reflect/xptcall/src/md/win32/xptcstubs.cpp Frame Module Signature Source 0 mozjs.dll js::Shape::search(js::ExclusiveContext *,js::Shape *,int,js::Shape * * *,bool) js/src/vm/Shape.h 1 mozjs.dll js::ObjectImpl::nativeLookup(js::ExclusiveContext *,int) js/src/vm/ObjectImpl.cpp 2 mozjs.dll js::ion::OperatorIn(JSContext *,JS::Handle<JS::Value>,JS::Handle<JSObject *>,bool *) js/src/jit/VMFunctions.cpp 3 mozjs.dll js::ion::DoInFallback js/src/jit/BaselineIC.cpp 4 @0x4395abf ... More reports at: https://crash-stats.mozilla.com/report/list?product=Firefox&signature=js%3A%3AShape%3A%3Asearch%28JSContext*%2C+js%3A%3AShape*%2C+int%2C+js%3A%3AShape***%2C+bool%29 https://crash-stats.mozilla.com/report/list?product=Firefox&signature=js%3A%3AShape%3A%3Asearch%28js%3A%3AExclusiveContext*%2C+js%3A%3AShape*%2C+int%2C+js%3A%3AShape***%2C+bool%29
|
Assignee | |
Updated•10 years ago
|
Assignee: general → nobody
|
||
Updated•9 years ago
|
Crash Signature: [@ js::Shape::search(JSContext*, js::Shape*, int, js::Shape***, bool)]
[@ js::Shape::search(js::ExclusiveContext*, js::Shape*, int, js::Shape***, bool)] → [@ js::Shape::search(JSContext*, js::Shape*, int, js::Shape***, bool)]
[@ js::Shape::search(js::ExclusiveContext*, js::Shape*, int, js::Shape***, bool)]
[@ js::Shape::search]
|
||
Comment 2•8 years ago
|
||
https://crash-stats.mozilla.com/report/index/93130169-03a6-4c50-8939-a478f2160106 Win7, 64bit, FF45.0a1, 64bit Crashing Thread (0) Frame Module Signature Source 0 xul.dll js::Shape::search(js::ExclusiveContext*, js::Shape*, jsid, js::ShapeTable::Entry**, bool) js/src/vm/Shape-inl.h 1 xul.dll js::NativeLookupOwnProperty<0>(js::ExclusiveContext*, js::NativeObject*, jsid, js::FakeMutableHandle<js::Shape*>) js/src/vm/NativeObject.cpp 2 xul.dll js::obj_hasOwnProperty(JSContext*, unsigned int, JS::Value*) js/src/builtin/Object.cpp 3 @0x37087953fa6
Blocks: shutdownkill
status-firefox45:
--- → affected
OS: Windows XP → Windows
Hardware: x86 → All
Summary: crash in js::Shape::search → Crash in [@ js::Shape::search ]
Whiteboard: ShutDownKill
Version: Trunk → 45 Branch
From the crash signature (js::Shape::search), the current affected versions are: - Beta: 44.0b1, 44.0b99, 45.0b1, 45.0b2
No longer blocks: shutdownkill
|
||
Comment 4•5 years ago
|
||
Closing because no crashes reported for 12 weeks.
Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•