Closed Bug 951333 Opened 11 years ago Closed 8 years ago

null-pointer crash in XPCCallContext::XPCCallContext probably-OOM from mWrapper->GetFlatJSObject()

Categories

(Core :: XPConnect, defect)

Product:
Core
Component:
XPConnect
Platform:
x86
Windows NT
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED FIXED
Tracking Flags:
Tracking Status
firefox47 --- affected
firefox48 --- affected
firefox49 --- affected
firefox-esr45 --- affected
firefox50 --- affected

People

(Reporter: benjamin, Unassigned)

References

Details

(Keywords: crash)

Crash Data

This bug was filed from the Socorro interface and is 
report bp-97115403-ff52-415f-b50d-161652131217.

This was reported in bug 930797 as a consequence of running out of memory. It's not a topcrash but bholleys says that GetFlatJSObject used to null-check and now it doesn't, and we probably should.

http://hg.mozilla.org/releases/mozilla-beta/annotate/63df4b1287c0/js/xpconnect/src/XPCCallContext.cpp#l80
Crash Signature: [@ XPCCallContext::XPCCallContext(XPCContext::LangType, JSContext*, JS::Handle<JSObject*>, JS::Handle<JSObject*>, JS::Handle<int>, unsigned int, JS::Value*, JS::Value*)] → [@ XPCCallContext::XPCCallContext(XPCContext::LangType, JSContext*, JS::Handle<JSObject*>, JS::Handle<JSObject*>, JS::Handle<int>, unsigned int, JS::Value*, JS::Value*)] [@ XPCCallContext::XPCCallContext]
Crash volume for signature 'XPCCallContext::XPCCallContext':
 - nightly (version 50): 1 crash from 2016-06-06.
 - aurora  (version 49): 2 crashes from 2016-06-07.
 - beta    (version 48): 11 crashes from 2016-06-06.
 - release (version 47): 30 crashes from 2016-05-31.
 - esr     (version 45): 4 crashes from 2016-04-07.

Crash volume on the last weeks:
             Week N-1   Week N-2   Week N-3   Week N-4   Week N-5   Week N-6   Week N-7
 - nightly          0          0          0          0          0          0          0
 - aurora           0          1          0          1          0          0          0
 - beta             1          2          1          2          3          2          0
 - release          9          2          6          1          2          3          4
 - esr              0          2          0          2          0          0          0

Affected platforms: Windows, Linux
status-firefox47: --- → affected
status-firefox48: --- → affected
status-firefox49: --- → affected
status-firefox50: --- → affected
status-firefox-esr45: --- → affected
(In reply to Benjamin Smedberg [:bsmedberg] from comment #0)
> This bug was filed from the Socorro interface and is 
> report bp-97115403-ff52-415f-b50d-161652131217.
> 
> This was reported in bug 930797 as a consequence of running out of memory.
> It's not a topcrash but bholleys says that GetFlatJSObject used to
> null-check and now it doesn't, and we probably should.

GetFlatJSObject was removed in bug 1006629
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.