Bug 997908 - crash in ReleaseSliceNow(unsigned int, void*) accessing memory at 0x5a5a5a5a5a5a5a5a, test patch. r=nfroyd
authorSteven Michaud <smichaud@pobox.com>
Wed, 29 Oct 2014 21:50:29 -0500
changeset 237372 b56b9aa70d22803fd0d9f8a68e043dc863c2efe3
parent 237371 de7878c31f764b45d6525283a7069ce2083a97c7
child 237373 ac0d7bf37abced5397e34e1f1a5ccc3413c0a115
push id4311
push userraliiev@mozilla.com
push dateMon, 12 Jan 2015 19:37:41 +0000
treeherdermozilla-beta@150c9fed433b [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersnfroyd
bugs997908
milestone36.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 997908 - crash in ReleaseSliceNow(unsigned int, void*) accessing memory at 0x5a5a5a5a5a5a5a5a, test patch. r=nfroyd
xpcom/base/CycleCollectedJSRuntime.cpp
--- a/xpcom/base/CycleCollectedJSRuntime.cpp
+++ b/xpcom/base/CycleCollectedJSRuntime.cpp
@@ -1055,16 +1055,28 @@ CycleCollectedJSRuntime::DeferredFinaliz
   if (!hadThingArray) {
     mDeferredFinalizerTable.Put(aFunc, thingArray);
   }
 }
 
 void
 CycleCollectedJSRuntime::DeferredFinalize(nsISupports* aSupports)
 {
+#if defined(XP_MACOSX) && defined(__LP64__)
+  // We'll crash here if aSupports is poisoned (== 0x5a5a5a5a5a5a5a5a).  This
+  // is better (more informative) than crashing in ReleaseSliceNow().  See
+  // bug 997908.  This patch should get backed out when bug 997908 gets fixed,
+  // or if it doesn't actually help diagnose that bug.
+  __asm__ __volatile__("push %%rax;"
+                       "push %%rdx;"
+                       "movq %0, %%rax;"
+                       "movq (%%rax), %%rdx;"
+                       "pop %%rdx;"
+                       "pop %%rax;" : : "g" (aSupports));
+#endif
   mDeferredSupports.AppendElement(aSupports);
 }
 
 void
 CycleCollectedJSRuntime::DumpJSHeap(FILE* aFile)
 {
   js::DumpHeapComplete(Runtime(), aFile, js::CollectNurseryBeforeDump);
 }