Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 1328045 - [GCC6] crash at DispatchToTracer() - null this
Summary: [GCC6] crash at DispatchToTracer() - null this
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: firefox
Version: 24
Hardware: Unspecified
OS: Linux
unspecified
unspecified
Target Milestone: ---
Assignee: Martin Stransky
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard: AcceptedFreezeException
Depends On:
Blocks: F24BetaFreezeException
TreeView+ depends on / blocked
 
Reported: 2016-04-18 09:54 UTC by Martin Stransky
Modified: 2018-12-13 10:51 UTC (History)
7 users (show)

Fixed In Version: firefox-45.0.2-2.fc24
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-04-23 23:46:33 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)

Description Martin Stransky 2016-04-18 09:54:08 UTC 
FF crashes in JS engine due to null-this optimization made by gcc6.

Thread 1 "js" received signal SIGSEGV, Segmentation fault.
DispatchToTracer<JSObject*> (trc=0x7ffff3c75410, thingp=0x0, name=0x555555dd43dc "parser.object")
    at /home/komat/CVS/firefox/firefox-45.0.2/firefox-45.0.2/js/src/gc/Marking.cpp:596
596	        return DoMarking(static_cast<GCMarker*>(trc), *thingp);

(gdb) bt
#0  DispatchToTracer<JSObject*> (trc=0x7ffff3c75410, thingp=0x0, name=0x555555dd43dc "parser.object")
    at /home/komat/CVS/firefox/firefox-45.0.2/firefox-45.0.2/js/src/gc/Marking.cpp:596
#1  0x0000555555cdaa83 in js::TraceRoot<JSObject*> (trc=<optimized out>, thingp=<optimized out>, name=<optimized out>)
    at /home/komat/CVS/firefox/firefox-45.0.2/firefox-45.0.2/js/src/gc/Marking.cpp:432
#2  0x0000555555ca8a46 in js::frontend::ObjectBox::trace (this=<optimized out>, trc=trc@entry=0x7ffff3c75410)
    at /home/komat/CVS/firefox/firefox-45.0.2/firefox-45.0.2/js/src/frontend/ParseNode.cpp:1170
Comment 1 Fedora Update System 2016-04-18 19:31:59 UTC 
firefox-45.0.2-2.fc24 has been submitted as an update to Fedora 24. https://bodhi.fedoraproject.org/updates/FEDORA-2016-cebfb38250
Comment 2 Fedora Update System 2016-04-19 20:26:04 UTC 
firefox-45.0.2-2.fc24 has been pushed to the Fedora 24 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-cebfb38250
Comment 3 Adam Williamson 2016-04-22 18:29:17 UTC 
Proposing as a Beta freeze exception. Note this is a kind of proxy for many "Firefox crashes occasionally" bugs filed by various people for F24, many/all of which should be fixed by this update.

I filed one of them, and Firefox does seem to have been less crash-y since this update came along. Others explicitly mentioned in the update are https://bugzilla.redhat.com/show_bug.cgi?id=1327817 and https://bugzilla.redhat.com/show_bug.cgi?id=1324161 .

Firefox is, obviously, on most of the desktop live images, and it'd be a good thing if it was as un-crashy as possible in the lives and immediately after install.
Comment 4 Dennis Gilmore 2016-04-22 18:30:30 UTC 
+1 FE
Comment 5 Tim Flink 2016-04-22 18:31:46 UTC 
+1 FE
Comment 6 Kevin Fenzi 2016-04-22 18:34:25 UTC 
+1 FE
Comment 7 Adam Williamson 2016-04-22 18:36:10 UTC 
The Cabal has spoken, marked accepted.

Also, there is no cabal.
Comment 8 Fedora Update System 2016-04-23 23:46:25 UTC 
firefox-45.0.2-2.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.
Comment 9 Jakub Jelinek 2018-12-12 11:01:43 UTC 
Has this been fixed upstream?  E.g. a -fsanitize=undefined build should catch all such bugs.
Comment 10 Martin Stransky 2018-12-13 10:51:35 UTC 
Yes, it's fixed upstream already.
Note You need to log in before you can comment on or make changes to this bug.