Closed Bug 915687 Opened 11 years ago Closed 11 years ago

crash in js::WorkerThreadState::finishParseTask(JSContext*, JSRuntime*, void*)

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Version:
26 Branch
Platform:
x86
Windows 8
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla26

People

(Reporter: tracy, Assigned: bhackett1024)

References

Details

(Keywords: crash)

Crash Data

Attachments

(1 file)

potential patch
1.06 KB, patch
billm
: review+
Details | Diff | Splinter Review 
This bug was filed from the Socorro interface and is 
report bp-d250916d-8cde-4b73-b3de-8653a2130912.
=============================================================

Startup crasher in Nightly on Windows x86 builds. First appeared in 20130911030258

Frame 	Module 	Signature 	Source
0 	mozjs.dll 	js::WorkerThreadState::finishParseTask(JSContext *,JSRuntime *,void *) 	js/src/jsworkers.cpp
1 	mozjs.dll 	JS::FinishOffThreadScript(JSContext *,JSRuntime *,void *) 	js/src/jsapi.cpp
2 	xul.dll 	NotifyOffThreadScriptCompletedRunnable::Run() 	content/xul/content/src/nsXULElement.cpp
3 	xul.dll 	mozilla::HangMonitor::NotifyActivity(mozilla::HangMonitor::ActivityType) 	xpcom/threads/HangMonitor.cpp
4 	nss3.dll 	PR_Unlock 	nsprpub/pr/src/threads/combined/prulock.c
5 	xul.dll 	NS_ProcessNextEvent(nsIThread *,bool) 	obj-firefox/xpcom/build/nsThreadUtils.cpp
6 	xul.dll 	MessageLoop::RunHandler()
Blocks: 906371
Attached patch potential patchSplinter Review 
Judging from the 0x5 crashing address and stack, I think the problem here is that finishing a parse task doesn't account for type objects in the parse compartment with a lazy proto.
Attachment #804048 - Flags: review?(wmccloskey)
Attachment #804048 - Flags: review?(wmccloskey) → review+
https://hg.mozilla.org/mozilla-central/rev/7d020f55e9fc
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla26
Assignee: general → bhackett1024
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: