Tested with: OS: Ubuntu 12.04 Firefox: ASAN build from https://ftp.mozilla.org/pub/mozilla.org/firefox/tinderbox-builds/mozilla-central-linux64-asan/1380880923/ ASAN:SIGSEGV ================================================================= ==4951==ERROR: AddressSanitizer: SEGV on unknown address 0x7f376ad00000 (pc 0x7f37944834c0 sp 0x7fff9aa890e0 bp 0x7fff9aa891b0 T0) AddressSanitizer can not provide additional info. #0 0x7f37944834bf in AppendUTF16toUTF8(nsAString_internal const&, nsACString_internal&) /builds/slave/m-cen-l64-asan-ntly-0000000000/build/obj-firefox/xpcom/string/src/../../../dist/include/nsUTF8Utils.h:574:0 #1 0x7f3791026b01 in nsContentUtils::NewURIWithDocumentCharset(nsIURI**, nsAString_internal const&, nsIDocument*, nsIURI*) /builds/slave/m-cen-l64-asan-ntly-0000000000/build/obj-firefox/content/base/src/../../../dist/include/nsString.h:135:0 #2 0x7f3791cd3c94 in (anonymous namespace)::ChannelFromScriptURL(nsIPrincipal*, nsIURI*, nsIDocument*, nsILoadGroup*, nsIIOService*, nsIScriptSecurityManager*, nsAString_internal const&, bool, nsIChannel**) /builds/slave/m-cen-l64-asan-ntly-0000000000/build/dom/workers/ScriptLoader.cpp:62:0 #3 0x7f3791cd3a51 in mozilla::dom::workers::scriptloader::ChannelFromScriptURLMainThread(nsIPrincipal*, nsIURI*, nsIDocument*, nsAString_internal const&, nsIChannel**) /builds/slave/m-cen-l64-asan-ntly-0000000000/build/dom/workers/ScriptLoader.cpp:819:0 #4 0x7f3791cf4042 in mozilla::dom::workers::WorkerPrivate::GetLoadInfo(JSContext*, nsPIDOMWindow*, mozilla::dom::workers::WorkerPrivate*, nsAString_internal const&, bool, mozilla::dom::workers::WorkerPrivateParent<mozilla::dom::workers::WorkerPrivate>::LoadInfo*) /builds/slave/m-cen-l64-asan-ntly-0000000000/build/dom/workers/WorkerPrivate.cpp:3460:0 #5 0x7f3791cf23ab in mozilla::dom::workers::WorkerPrivate::Create(JSContext*, JS::Handle<JSObject*>, mozilla::dom::workers::WorkerPrivate*, nsAString_internal const&, bool, bool, nsAString_internal const&, mozilla::dom::workers::WorkerPrivateParent<mozilla::dom::workers::WorkerPrivate>::LoadInfo*) /builds/slave/m-cen-l64-asan-ntly-0000000000/build/dom/workers/WorkerPrivate.cpp:3240:0 #6 0x7f3791ce9444 in (anonymous namespace)::Worker::ConstructInternal(JSContext*, JS::CallArgs, bool) /builds/slave/m-cen-l64-asan-ntly-0000000000/build/dom/workers/Worker.cpp:588:0 . . .

This does not require ASan builds, a Nightly build crashes too (somewhere else): bp-cd01212f-d20e-4ab3-8f63-459a82131008 Maybe a lifetime issue, with the Blob going away when the page is reloaded?

Going to start the blame-game with Ben because of Workers, but the bug could be elsewhere.

Patch in bug 925070 should fix this.

Note that this was filed before bug 925070, the newer one just happened to get attention first, so the patch ended up there.

Should be fixed in bug 925070.

verified with Nightly build 20131024030204