Closed Bug 928020 Opened 11 years ago Closed 11 years ago

crash in mozalloc_abort(char const* const) | xul.dll@0xdd757f | xul.dll@0x8a76f4 | xul.dll@0x6af6ce | xul.dll@0x12c618 | xul.dll@0x10b4f0 | js::Invoke(JSContext*, JS::Value const&, JS::Value const&, unsigned int, JS::Value*, JS::MutableHandle<JS::Value>)

Categories

(Core :: JavaScript Engine, defect)

25 Branch
x86
Windows NT
defect
Not set
critical

Tracking

()

RESOLVED DUPLICATE of bug 767343

People

(Reporter: u279076, Unassigned)

References

Details

(Keywords: crash, topcrash, topcrash-win)

Crash Data

This bug was filed from the Socorro interface and is 
report bp-b46dae37-ea81-4f2f-bae4-8fe232131016.
=============================================================
0 	mozalloc.dll 	mozalloc_abort(char const * const) 	memory/mozalloc/mozalloc_abort.cpp
1 	xul.dll 	xul.dll@0xdd757f 	
2 	xul.dll 	xul.dll@0x8a76f4 	
3 	xul.dll 	xul.dll@0x6af6ce 	
4 	xul.dll 	xul.dll@0x12c618 	
5 	xul.dll 	xul.dll@0x10b4f0 	
6 	mozjs.dll 	js::Invoke(JSContext *,JS::Value const &,JS::Value const &,unsigned int,JS::Value *,JS::MutableHandle<JS::Value>) 	js/src/vm/Interpreter.cpp
7 	mozjs.dll 	js::Shape::set(JSContext *,JS::Handle<JSObject *>,JS::Handle<JSObject *>,bool,JS::MutableHandle<JS::Value>) 	js/src/vm/Shape-inl.h
8 	mozjs.dll 	js_NativeSet(JSContext *,JS::Handle<JSObject *>,JS::Handle<JSObject *>,JS::Handle<js::Shape *>,bool,JS::MutableHandle<JS::Value>) 	js/src/jsobj.cpp
9 	mozjs.dll 	js::baseops::SetPropertyHelper(JSContext *,JS::Handle<JSObject *>,JS::Handle<JSObject *>,JS::Handle<int>,unsigned int,JS::MutableHandle<JS::Value>,int) 	js/src/jsobj.cpp
10 	mozjs.dll 	SetPropertyOperation(JSContext *,JS::Handle<JSScript *>,unsigned char *,JS::Handle<JS::Value>,JS::Handle<JS::Value>) 	js/src/vm/Interpreter.cpp
11 	mozjs.dll 	Interpret 	js/src/vm/Interpreter.cpp
12 	xul.dll 	xul.dll@0x106ed5

Currently #17 in Beta and our third explosive Fx 25 crasher as per:
https://crash-analysis.mozilla.com/rkaiser/2013-10-16/2013-10-16.firefox.25.explosiveness.html

All reports indicate Firefox 25.0b7 so it's possibily being caused by something we uplifted there. Unfortunately I see no useful correlations or comments.
I suppose this might be similar or a dupe of bug 926207 with a slightly different signature. Can someone please advise?
Adding signatures for Firefox 24 (dupe bug 926207) and Firefox 26 (see comment 2).
Crash Signature: [@ mozalloc_abort(char const* const) | xul.dll@0xdd757f | xul.dll@0x8a76f4 | xul.dll@0x6af6ce | xul.dll@0x12c618 | xul.dll@0x10b4f0 | js::Invoke(JSContext*, JS::Value const&, JS::Value const&, unsigned int, JS::Value*, JS::MutableHandle<JS::Value>)] → [@ mozalloc_abort(char const* const) | xul.dll@0xdd757f | xul.dll@0x8a76f4 | xul.dll@0x6af6ce | xul.dll@0x12c618 | xul.dll@0x10b4f0 | js::Invoke(JSContext*, JS::Value const&, JS::Value const&, unsigned int, JS::Value*, JS::MutableHandle<JS::Value>)] [@ m…
From KaiRo on IRC:
> I'm not sure why we get unsymbolized libxul frames there at all,
> but you can take it for granted that the signature for this will
> change with every build and have slightly different addresses in
> the libxul frames. The important piece here is there is actually 
> an abort message:
> 
> "xpcom_runtime_abort(###!!! ABORT: OOM: file 
>  e:\builds\moz2_slave\rel-m-beta-w32_bld-00000000000\build\xpcom\string\src\nsTSubstring.cpp, line 349)"
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.