Skip to content

Promise destructor can crash when clearing TLS list of rooted promises #21331

Closed
#21988
Closed
Promise destructor can crash when clearing TLS list of rooted promises#21331
#21988
Labels
A-content/bindingsThe DOM bindingsB-high-valueRepresents work that would have a big impactI-crashNo impact; the issue is one of maintainability or tidiness.
@jdm

Description

@jdm
jdm
opened on Aug 2, 2018

When I load https://archiveofourown.org/works/15287346 and then reload it after it's finished, I get the following crash:

********** Crash dump: **********
Build fingerprint: 'google/sailfish/sailfish:8.1.0/OPM4.171019.021.P1/4820305:user/release-keys'
pid: 17521, tid: 18019, name: ScriptThread Pi  >>> com.mozilla.servo <<<
signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0xc143d2e0
Stack frame #00 pc 0005e71c  /system/bin/linker (__dl_syscall+32)
Stack frame #01 pc 00019053  /system/bin/linker (__dl__ZL13resend_signalP7siginfob+54)
Stack frame #02 pc 00018eaf  /system/bin/linker (__dl__ZL24debuggerd_signal_handleriP7siginfoPv+774)
Stack frame #03 pc 00002261  /system/bin/app_process32 (art::SignalChain::Handler(int, siginfo*, void*)+220)
Stack frame #04 pc 000189a0  /system/lib/libc.so
Stack frame #05 pc 03fde5cc  /data/app/com.mozilla.servo-Pd8K4Nyb469-H45rei4XCg==/lib/arm/libsimpleservo.so: Routine JS_IsNative(JSObject*) at /Users/jdm/.cargo/registry/src/github.com-1ecc6299db9ec823/mozjs_sys-0.51.4/mozjs/js/src/jsapi.cpp:1931

Metadata

Metadata

Assignees

No one assigned

    Labels

    A-content/bindingsThe DOM bindingsB-high-valueRepresents work that would have a big impactI-crashNo impact; the issue is one of maintainability or tidiness.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions