null-pointer crash in XPCCallContext::XPCCallContext probably-OOM from mWrapper->GetFlatJSObject()

RESOLVED FIXED

Status

()

--
critical
RESOLVED FIXED
5 years ago
2 years ago

People

(Reporter: benjamin, Unassigned)

Tracking

(Blocks: 1 bug, {crash})

unspecified
x86
Windows NT
crash
Points:
---

Firefox Tracking Flags

(firefox47 affected, firefox48 affected, firefox49 affected, firefox-esr45 affected, firefox50 affected)

Details

(crash signature)

(Reporter)

Description

5 years ago
This bug was filed from the Socorro interface and is 
report bp-97115403-ff52-415f-b50d-161652131217.

This was reported in bug 930797 as a consequence of running out of memory. It's not a topcrash but bholleys says that GetFlatJSObject used to null-check and now it doesn't, and we probably should.

http://hg.mozilla.org/releases/mozilla-beta/annotate/63df4b1287c0/js/xpconnect/src/XPCCallContext.cpp#l80

Updated

3 years ago
Crash Signature: [@ XPCCallContext::XPCCallContext(XPCContext::LangType, JSContext*, JS::Handle<JSObject*>, JS::Handle<JSObject*>, JS::Handle<int>, unsigned int, JS::Value*, JS::Value*)] → [@ XPCCallContext::XPCCallContext(XPCContext::LangType, JSContext*, JS::Handle<JSObject*>, JS::Handle<JSObject*>, JS::Handle<int>, unsigned int, JS::Value*, JS::Value*)] [@ XPCCallContext::XPCCallContext]
Crash volume for signature 'XPCCallContext::XPCCallContext':
 - nightly (version 50): 1 crash from 2016-06-06.
 - aurora  (version 49): 2 crashes from 2016-06-07.
 - beta    (version 48): 11 crashes from 2016-06-06.
 - release (version 47): 30 crashes from 2016-05-31.
 - esr     (version 45): 4 crashes from 2016-04-07.

Crash volume on the last weeks:
             Week N-1   Week N-2   Week N-3   Week N-4   Week N-5   Week N-6   Week N-7
 - nightly          0          0          0          0          0          0          0
 - aurora           0          1          0          1          0          0          0
 - beta             1          2          1          2          3          2          0
 - release          9          2          6          1          2          3          4
 - esr              0          2          0          2          0          0          0

Affected platforms: Windows, Linux
status-firefox47: --- → affected
status-firefox48: --- → affected
status-firefox49: --- → affected
status-firefox50: --- → affected
status-firefox-esr45: --- → affected

Comment 2

2 years ago
(In reply to Benjamin Smedberg [:bsmedberg] from comment #0)
> This bug was filed from the Socorro interface and is 
> report bp-97115403-ff52-415f-b50d-161652131217.
> 
> This was reported in bug 930797 as a consequence of running out of memory.
> It's not a topcrash but bholleys says that GetFlatJSObject used to
> null-check and now it doesn't, and we probably should.

GetFlatJSObject was removed in bug 1006629
Status: NEW → RESOLVED
Last Resolved: 2 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.