Crash in [@ js::ValueToId<T>]
Categories
(Core :: JavaScript Engine, defect, P1)
Tracking
()
Tracking | Status | |
---|---|---|
firefox-esr60 | --- | unaffected |
firefox-esr68 | --- | unaffected |
firefox67 | --- | unaffected |
firefox68 | --- | unaffected |
firefox69 | --- | unaffected |
firefox70 | --- | unaffected |
firefox71 | --- | fixed |
People
(Reporter: pascalc, Assigned: iain)
References
(Regression)
Details
(Keywords: crash, regression)
Crash Data
This bug is for crash report bp-eb4ef511-d319-43dd-9f2c-f5b390190930.
Top 10 frames of crashing thread:
0 libxul.so bool js::ValueToId< js/src/vm/JSAtom-inl.h
1 libxul.so mozilla::Result<mozilla::Ok, JS::TranscodeResult> js::XDRObjectLiteral< js/src/vm/JSObject.cpp:1667
2 libxul.so mozilla::Result<mozilla::Ok, JS::TranscodeResult> js::PrivateScriptData::XDR< js/src/vm/JSScript.cpp:456
3 libxul.so mozilla::Result<mozilla::Ok, JS::TranscodeResult> js::XDRScript< js/src/vm/JSScript.cpp:1176
4 libxul.so js::XDRState< js/src/vm/Xdr.cpp:311
5 libxul.so JS::DecodeScript js/src/jsapi.cpp:5876
6 libxul.so nsJSUtils::ExecutionContext::Decode dom/base/nsJSUtils.cpp:294
7 libxul.so mozilla::dom::ScriptLoader::EvaluateScript dom/script/ScriptLoader.cpp:2783
8 libxul.so mozilla::dom::ScriptLoader::ProcessRequest dom/script/ScriptLoader.cpp:2315
9 libxul.so mozilla::dom::ScriptLoader::ProcessExternalScript dom/script/ScriptLoader.cpp:1745
Reporter | ||
Updated•5 years ago
|
Comment 1•5 years ago
|
||
Not all of the crashes are in XDR decoding, but some are. Could there be a bug in XDRScriptConst
, such that it produces a bad Value
on invalid input?
I don't see that any of this has been touched recently. Iain?
Updated•5 years ago
|
Assignee | ||
Comment 2•5 years ago
|
||
This spike is consistent with being caused by the atom deduplication code we backed out. There's only been 1 nightly crash since the 1008 build when the backout landed.
Updated•5 years ago
|
Reporter | ||
Comment 4•5 years ago
|
||
No crash on Nightly over the last 6 days so I'll mark 71 as fixed by the backout. We have crashes with these signatures on other channels in low volume probably for other reasons so I am not closing the bug.
Reporter | ||
Comment 5•5 years ago
|
||
I opened this bug because of the spike in Nightly, let's mark the bug fixed now as the backout in bug 1584820 solved the issue. I'll file a separate bug for the recurring low-volume crashes across channels with this signature that do not depend on the recent atom deduplication code changes in Nightly.
Updated•5 years ago
|
Reporter | ||
Updated•5 years ago
|
Updated•3 years ago
|
Description
•