Cloudflare has decided to crash Pale Moon

[Scavengre]

Operating system: Windows 7
Browser version: 33.5.1
32-bit or 64-bit browser?: 64
Problem URL: Cloudflare. Used to work fine, and then it looped incessantly, and now it crashes Pale Moon.
Maybe I'm weird, but it seems to me that nothing a web page does should be capable of crashing the browser.

If possible, please include the output of help->troubleshooting information (as text):

Application Basics
------------------

Name: Pale Moon
Version: 33.5.1 (64-bit)
Build ID: 20250113194001
Update Channel: release
User Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:102.0) Gecko/20100101 Goanna/6.7 Firefox/102.0 PaleMoon/33.5.1
OS: Windows_NT 6.1
CPU Capabilities: SSE2 AVX AVX2
Safe Mode: false

Extensions
----------

Name: Adblock Latitude
Version: 5.0.9
Enabled: true
ID: adblocklatitude@addons.palemoon.org

Name: Dismiss The Overlay
Version: 1.0.7
Enabled: true
ID: behind-the-overlay-me@Off.JustOff

Name: Quickdial Tool & Speed Dial
Version: 5.0.0
Enabled: true
ID: {f227c673-0e00-447a-a486-40eb47bfa9bc}

Name: ηMatrix
Version: 5.1.1
Enabled: true
ID: eMatrix@vannilla.org

Graphics
--------

Features
Compositing: Direct3D 11
GPU Accelerated Windows: 1/1 Direct3D 11 (OMTC)
Asynchronous Pan/Zoom: none
WebGL 1 Driver WSI Info: EGL_VENDOR: Google Inc. (adapter LUID: 000000000000fcf2) EGL_VERSION: 1.4 (ANGLE 2.1.0.) EGL_EXTENSIONS: EGL_EXT_create_context_robustness EGL_ANGLE_d3d_share_handle_client_buffer EGL_ANGLE_surface_d3d_texture_2d_share_handle EGL_ANGLE_query_surface_pointer EGL_ANGLE_window_fixed_size EGL_ANGLE_keyed_mutex EGL_ANGLE_surface_orientation EGL_NV_post_sub_buffer EGL_KHR_create_context EGL_EXT_device_query EGL_KHR_image EGL_KHR_image_base EGL_KHR_gl_texture_2D_image EGL_KHR_gl_texture_cubemap_image EGL_KHR_gl_renderbuffer_image EGL_KHR_get_all_proc_addresses EGL_KHR_stream EGL_KHR_stream_consumer_gltexture EGL_NV_stream_consumer_gltexture_yuv EGL_ANGLE_flexible_surface_compatibility EGL_EXTENSIONS(nullptr): EGL_EXT_client_extensions EGL_EXT_platform_base EGL_EXT_platform_device EGL_ANGLE_platform_angle EGL_ANGLE_platform_angle_d3d EGL_ANGLE_device_creation EGL_ANGLE_device_creation_d3d11 EGL_ANGLE_experimental_present_path EGL_KHR_client_get_all_proc_addresses
WebGL 1 Driver Renderer: Google Inc. -- ANGLE (Intel(R) HD Graphics Family Direct3D11 vs_5_0 ps_5_0)
WebGL 1 Driver Version: OpenGL ES 2.0 (ANGLE 2.1.0.)
WebGL 1 Driver Extensions: GL_OES_element_index_uint GL_OES_packed_depth_stencil GL_OES_get_program_binary GL_OES_rgb8_rgba8 GL_EXT_texture_format_BGRA8888 GL_EXT_read_format_bgra GL_NV_pixel_buffer_object GL_OES_mapbuffer GL_EXT_map_buffer_range GL_EXT_color_buffer_half_float GL_OES_texture_half_float GL_OES_texture_half_float_linear GL_OES_texture_float GL_OES_texture_float_linear GL_EXT_texture_rg GL_EXT_texture_compression_dxt1 GL_ANGLE_texture_compression_dxt3 GL_ANGLE_texture_compression_dxt5 GL_OES_compressed_ETC1_RGB8_texture GL_EXT_sRGB GL_ANGLE_depth_texture GL_OES_depth32 GL_EXT_texture_storage GL_OES_texture_npot GL_EXT_draw_buffers GL_EXT_texture_filter_anisotropic GL_EXT_occlusion_query_boolean GL_NV_fence GL_EXT_disjoint_timer_query GL_EXT_robustness GL_EXT_blend_minmax GL_ANGLE_framebuffer_blit GL_ANGLE_framebuffer_multisample GL_ANGLE_instanced_arrays GL_ANGLE_pack_reverse_row_order GL_OES_standard_derivatives GL_EXT_shader_texture_lod GL_EXT_frag_depth GL_ANGLE_texture_usage GL_ANGLE_translated_shader_source GL_EXT_discard_framebuffer GL_EXT_debug_marker GL_OES_EGL_image GL_OES_EGL_image_external GL_NV_EGL_stream_consumer_external GL_EXT_unpack_subimage GL_NV_pack_subimage GL_OES_vertex_array_object GL_KHR_debug GL_ANGLE_lossy_etc_decode GL_CHROMIUM_bind_uniform_location GL_CHROMIUM_sync_query GL_CHROMIUM_copy_texture
WebGL 1 Extensions: ANGLE_instanced_arrays EXT_blend_minmax EXT_color_buffer_half_float EXT_frag_depth EXT_shader_texture_lod EXT_texture_filter_anisotropic EXT_disjoint_timer_query MOZ_debug_get OES_element_index_uint OES_standard_derivatives OES_texture_float OES_texture_float_linear OES_texture_half_float OES_texture_half_float_linear OES_vertex_array_object WEBGL_color_buffer_float WEBGL_compressed_texture_etc1 WEBGL_compressed_texture_s3tc WEBGL_debug_renderer_info WEBGL_debug_shaders WEBGL_depth_texture WEBGL_draw_buffers WEBGL_lose_context MOZ_WEBGL_lose_context MOZ_WEBGL_compressed_texture_s3tc MOZ_WEBGL_depth_texture
WebGL 2 Driver WSI Info: EGL_VENDOR: Google Inc. (adapter LUID: 000000000000fcf2) EGL_VERSION: 1.4 (ANGLE 2.1.0.) EGL_EXTENSIONS: EGL_EXT_create_context_robustness EGL_ANGLE_d3d_share_handle_client_buffer EGL_ANGLE_surface_d3d_texture_2d_share_handle EGL_ANGLE_query_surface_pointer EGL_ANGLE_window_fixed_size EGL_ANGLE_keyed_mutex EGL_ANGLE_surface_orientation EGL_NV_post_sub_buffer EGL_KHR_create_context EGL_EXT_device_query EGL_KHR_image EGL_KHR_image_base EGL_KHR_gl_texture_2D_image EGL_KHR_gl_texture_cubemap_image EGL_KHR_gl_renderbuffer_image EGL_KHR_get_all_proc_addresses EGL_KHR_stream EGL_KHR_stream_consumer_gltexture EGL_NV_stream_consumer_gltexture_yuv EGL_ANGLE_flexible_surface_compatibility EGL_EXTENSIONS(nullptr): EGL_EXT_client_extensions EGL_EXT_platform_base EGL_EXT_platform_device EGL_ANGLE_platform_angle EGL_ANGLE_platform_angle_d3d EGL_ANGLE_device_creation EGL_ANGLE_device_creation_d3d11 EGL_ANGLE_experimental_present_path EGL_KHR_client_get_all_proc_addresses
WebGL 2 Driver Renderer: Google Inc. -- ANGLE (Intel(R) HD Graphics Family Direct3D11 vs_5_0 ps_5_0)
WebGL 2 Driver Version: OpenGL ES 3.0 (ANGLE 2.1.0.)
WebGL 2 Driver Extensions: GL_OES_element_index_uint GL_OES_packed_depth_stencil GL_OES_get_program_binary GL_OES_rgb8_rgba8 GL_EXT_texture_format_BGRA8888 GL_EXT_read_format_bgra GL_NV_pixel_buffer_object GL_OES_mapbuffer GL_EXT_map_buffer_range GL_EXT_color_buffer_half_float GL_OES_texture_half_float GL_OES_texture_half_float_linear GL_OES_texture_float GL_OES_texture_float_linear GL_EXT_texture_rg GL_EXT_texture_compression_dxt1 GL_ANGLE_texture_compression_dxt3 GL_ANGLE_texture_compression_dxt5 GL_OES_compressed_ETC1_RGB8_texture GL_EXT_sRGB GL_ANGLE_depth_texture GL_OES_depth32 GL_EXT_texture_storage GL_OES_texture_npot GL_EXT_draw_buffers GL_EXT_texture_filter_anisotropic GL_EXT_occlusion_query_boolean GL_NV_fence GL_EXT_disjoint_timer_query GL_EXT_robustness GL_EXT_blend_minmax GL_ANGLE_framebuffer_blit GL_ANGLE_framebuffer_multisample GL_ANGLE_instanced_arrays GL_ANGLE_pack_reverse_row_order GL_OES_standard_derivatives GL_EXT_shader_texture_lod GL_EXT_frag_depth GL_ANGLE_texture_usage GL_ANGLE_translated_shader_source GL_EXT_discard_framebuffer GL_EXT_debug_marker GL_OES_EGL_image GL_OES_EGL_image_external GL_OES_EGL_image_external_essl3 GL_NV_EGL_stream_consumer_external GL_EXT_unpack_subimage GL_NV_pack_subimage GL_EXT_color_buffer_float GL_OES_vertex_array_object GL_KHR_debug GL_ANGLE_lossy_etc_decode GL_CHROMIUM_bind_uniform_location GL_CHROMIUM_sync_query GL_CHROMIUM_copy_texture GL_EXT_texture_norm16
WebGL 2 Extensions: EXT_color_buffer_float EXT_texture_filter_anisotropic EXT_disjoint_timer_query MOZ_debug_get OES_texture_float_linear WEBGL_compressed_texture_etc WEBGL_compressed_texture_etc1 WEBGL_compressed_texture_s3tc WEBGL_debug_renderer_info WEBGL_debug_shaders WEBGL_lose_context MOZ_WEBGL_lose_context MOZ_WEBGL_compressed_texture_s3tc
Hardware H264 Decoding: Yes; Using D3D9 API
Audio Backend: wasapi
Direct2D: true
DirectWrite: true (6.2.9200.22164)
GPU #1
Active: Yes
Description: Intel(R) HD Graphics Family
Vendor ID: 0x8086
Device ID: 0x0416
Driver Version: 10.18.10.3412
Driver Date: 1-29-2014
Drivers: igdumdim64 igd10iumd64 igd10iumd64 igdumdim32 igd10iumd32 igd10iumd32
Subsys ID: 221117aa
RAM: Unknown
GPU #2
Active: No
Description: NVIDIA Quadro K2100M
Vendor ID: 0x10de
Device ID: 0x11fc
Driver Version: 9.18.13.1269
Driver Date: 10-28-2013
Drivers: nvd3dumx,nvwgf2umx,nvwgf2umx nvd3dum,nvwgf2um,nvwgf2um
Subsys ID: 221117aa
RAM: 2048
Diagnostics
AzureCanvasAccelerated: 0
AzureCanvasBackend: direct2d 1.1
AzureContentBackend: direct2d 1.1
AzureFallbackCanvasBackend: cairo





Important Modified Preferences
------------------------------

accessibility.typeaheadfind.flashBar: 0
browser.cache.disk.capacity: 358400
browser.cache.disk.filesystem_reported: 1
browser.cache.disk.smart_size.first_run: false
browser.cache.disk.smart_size.use_old_max: false
browser.download.importedFromSqlite: true
browser.link.open_newwindow: 2
browser.places.smartBookmarksVersion: 4
browser.startup.homepage: chrome://quickdial-tool/content/fastdial.html
browser.startup.homepage_override.buildID: 20250113194001
browser.startup.homepage_override.mstone: 6.7.0
browser.tabs.warnOnOpen: false
browser.urlbar.suggest.bookmark: false
browser.urlbar.suggest.openpage: false
dom.disable_window_move_resize: true
dom.disable_window_open_feature.menubar: true
dom.disable_window_open_feature.personalbar: true
dom.disable_window_open_feature.scrollbars: true
dom.disable_window_open_feature.titlebar: true
dom.disable_window_open_feature.toolbar: true
dom.max_script_run_time: 0
extensions.lastAppVersion: 33.5.1
font.internaluseonly.changed: false
general.useragent.updates.lastupdated: 1738632405996
gfx.crash-guard.d3d11layers.appVersion: 33.5.1
gfx.crash-guard.d3d11layers.deviceID: 0x0416
gfx.crash-guard.d3d11layers.driverVersion: 10.18.10.3412
gfx.crash-guard.d3d11layers.feature-d2d: true
gfx.crash-guard.d3d11layers.feature-d3d11: true
gfx.crash-guard.status.d3d11layers: 2
gfx.crash-guard.status.d3d9video: 2
gfx.direct3d.last_used_feature_level_idx: 0
media.benchmark.vp9.fps: 214
media.benchmark.vp9.versioncheck: 3
media.gmp.storage.version.observed: 1
media.hardware-video-decoding.failed: false
network.cookie.prefsMigrated: true
places.database.lastMaintenance: 1738195274
places.history.expiration.transient_current_max_pages: 122949
plugin.importedState: true
plugin.state.flash: 1
plugin.state.npcomposerplayerwebplugin: 1
plugin.state.nppdfxeditplugin.x: 1
plugin.state.npvlc: 1
privacy.cpd.connectivityData: true
privacy.cpd.downloads: false
privacy.cpd.formdata: false
privacy.cpd.history: false
privacy.cpd.offlineApps: true
privacy.cpd.sessions: false
privacy.GPCheader.enabled: true
privacy.sanitize.migrateFx3Prefs: true
privacy.sanitize.timeSpan: 0
services.sync.declinedEngines:
storage.vacuum.last.index: 1
storage.vacuum.last.places.sqlite: 1737754465

Important Locked Preferences
----------------------------

Places Database
---------------

JavaScript
----------

Incremental GC: true

Accessibility
-------------

Activated: false
Prevent Accessibility: 1

Library Versions
----------------

NSPR
Expected minimum version: 4.35
Version in use: 4.35

NSS
Expected minimum version: 3.90.5
Version in use: 3.90.5

NSSSMIME
Expected minimum version: 3.90.5
Version in use: 3.90.5

NSSSSL
Expected minimum version: 3.90.5
Version in use: 3.90.5

NSSUTIL
Expected minimum version: 3.90.5
Version in use: 3.90.5


**PASTE troubleshooting information here**

[franstam]

hey, i was facing the same issue.
for example, https://www.cloudflare.com/learning/cdn ... t-network/.
i havent been able to do much testing or which link etc does this cos it crashes my browser in seconds.

there is no error message, nothing. Pale Moon process just disappears from taskmgr, as if someone did an end task or alt-f4 on the browser.

i tried visiting same page with a clean profile, same issue. how do we get any logs/traces of this behavior for further investigation?

[BenFenner]

See this currently active thread on all things Cloudflare:
viewtopic.php?f=3&t=32045

Maybe I'm weird, but it seems to me that nothing a web page does should be capable of crashing the browser.

I felt the same about Shopifly causing browser hangs since 2017, but so far is has not gone so well.
viewtopic.php?t=30623
And more:
viewtopic.php?f=70&t=31744&p=256523#p256523

[synthesizer_joe]

i had a crash too when i attempted to use this solution to the cloudflare problems
viewtopic.php?f=3&t=30950&p=250264#p250254
(didn't work)

[LuftWafflePilot]

I was JUST ABOUT to post a lauhing reply to the other/older thread saying the fucking check that previously stopped working was now crashing the entire browser when trying to open SteamDB, and apparently it's a global feature they implemented, because just preventing people from using their services noone asked for was not good enough, making their lives miserable was much better approach, lmao.

[billmcct]

I too, as of this morning, have crashed three times due to CloudFlare's captcha.
Error says can't read memory at "XXXXXXXXXXX" address.

[back2themoon]

hey, i was facing the same issue.
for example, https://www.cloudflare.com/learning/cdn ... t-network/.
i havent been able to do much testing or which link etc does this cos it crashes my browser in seconds.

I confirm this exact crash behaviour with the link above.

This seems different from the loop situation in the other thread. Those problem websites still keep looping/verifying with no crash.

Problem URL: Cloudflare.

That's not a URL, but I guess we got the idea and verified the issue.

[jouven]

I can confirm too, I'm getting a crash instead of the "not passing the challenge loop".

I understand if PM doesn't pass the challenge is a CF issue, but the whole browser crashing feels more like PM problem.

[FranklinDM]

for example, https://www.cloudflare.com/learning/cdn ... t-network/.

gdb bt indicates that the crashes might be related to either BigInt or StructuredClone:

Code: Select all

Thread 83 "DOM Worker" received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7e1c94eff6c0 (LWP 8743)]
0x00007e1ce8993fbc in JS::BigInt::isNegative (this=<optimized out>)
    at /mnt/win/dev/projects/uxp/platform/js/src/vm/BigIntType.h:81
81	  bool isNegative() const { return lengthSignAndReservedBits_ & SignBit; }
(gdb) bt
#0  0x00007e1ce8993fbc in JS::BigInt::isNegative (this=<optimized out>)
    at /mnt/win/dev/projects/uxp/platform/js/src/vm/BigIntType.h:81
#1  JSStructuredCloneWriter::writeBigInt
    (this=this@entry=0x7e1c94efbfa0, tag=tag@entry=4294901789, bi=0x0)
    at /mnt/win/dev/projects/uxp/platform/js/src/vm/StructuredClone.cpp:1082
#2  0x00007e1ce89978be in JSStructuredCloneWriter::startWrite
    (this=0x7e1c94efbfa0, v=...)
    at /mnt/win/dev/projects/uxp/platform/js/src/vm/StructuredClone.cpp:1498
#3  0x00007e1ce8997cca in JSStructuredCloneWriter::write
    (this=this@entry=0x7e1c94efbfa0, v=..., v@entry=...)
    at /mnt/win/dev/projects/uxp/platform/js/src/vm/StructuredClone.cpp:1676
#4  0x00007e1ce89986b3 in WriteStructuredClone
    (cx=cx@entry=0x7e1ca7fa0000, v=v@entry=..., bufp=bufp@entry=0x7e1ca80df888, scope=scope@entry=JS::StructuredCloneScope::SameProcessDifferentThread, cloneDataPolicy=..., cb=cb@entry=0x7e1ce9a73420 <mozilla::dom::StructuredCloneHolder::sCallbacks>, cbClosure=0x7e1ca7fc72f0, transferable=...)
    at /mnt/win/dev/projects/uxp/platform/js/src/vm/StructuredClone.cpp:558
#5  0x00007e1ce8998886 in JS_WriteStructuredClone
    (cx=0x7e1ca7fa0000, value=..., bufp=0x7e1ca80df888, scope=<optimized out>, cloneDataPolicy=..., optionalCallbacks=0x7e1ce9a73420 <mozilla::dom::StructuredCloneHolder::sCallbacks>, closure=0x7e1ca7fc72f0, transferable=...)
    at /mnt/win/dev/projects/uxp/platform/js/src/vm/StructuredClone.cpp:2661
#6  JSAutoStructuredCloneBuffer::write
    (this=0x7e1ca80df880, cx=cx@entry=0x7e1ca7fa0000, value=..., 
    value@entry=..., transferable=transferable@entry=..., cloneDataPolicy=cloneDataPolicy@entry=..., optionalCallbacks=optionalCallbacks@entry=0x7e1ce9a73420 <mozilla::dom::StructuredCloneHolder::sCallbacks>, closure=0x7e1ca7fc72f0) at /mnt/win/dev/projects/uxp/platform/js/src/vm/StructuredClone.cpp:2793
#7  0x00007e1ce6448be1 in mozilla::dom::StructuredCloneHolderBase::Write (this=this@entry=0x7e1ca7fc72f0, aCx=aCx@entry=0x7e1ca7fa0000, aValue=..., aTransfer=..., cloneDataPolicy=...)
    at /mnt/win/dev/projects/uxp/palemoon/obj-x86_64-pc-linux-gnu-gtk2/dist/include/mozilla/UniquePtr.h:325
#8  0x00007e1ce6448d49 in mozilla::dom::StructuredCloneHolder::Write (this=this@entry=0x7e1ca7fc72f0, aCx=aCx@entry=0x7e1ca7fa0000, aValue=..., aValue@entry=..., aTransfer=..., 
    aTransfer@entry=..., cloneDataPolicy=..., cloneDataPolicy@entry=..., aRv=...) at /mnt/win/dev/projects/uxp/platform/dom/base/StructuredCloneHolder.cpp:290
#9  0x00007e1ce7271764 in mozilla::dom::workers::WorkerPrivate::PostMessageToParentInternal (this=<optimized out>, aCx=aCx@entry=0x7e1ca7fa0000, aMessage=..., aTransferable=..., aRv=...)
    at /mnt/win/dev/projects/uxp/palemoon/obj-x86_64-pc-linux-gnu-gtk2/dist/include/js/RootingAPI.h:822
#10 0x00007e1ce7274600 in mozilla::dom::workers::WorkerPrivate::PostMessageToParent (this=<optimized out>, aCx=0x7e1ca7fa0000, aMessage=..., aTransferable=..., aRv=...)
    at /mnt/win/dev/projects/uxp/platform/dom/workers/WorkerPrivate.h:1203
#11 0x00007e1ce6a631f8 in mozilla::dom::DedicatedWorkerGlobalScopeBinding::postMessage (cx=0x7e1ca7fa0000, obj=..., self=0x7e1cda06c080, args=...)
    at /mnt/win/dev/projects/uxp/palemoon/obj-x86_64-pc-linux-gnu-gtk2/dist/include/js/RootingAPI.h:822
#12 0x00007e1ce6a1a6b3 in mozilla::dom::DedicatedWorkerGlobalScopeBinding::genericMethod (cx=cx@entry=0x7e1ca7fa0000, argc=<optimized out>, vp=<optimized out>)
    at /mnt/win/dev/projects/uxp/palemoon/obj-x86_64-pc-linux-gnu-gtk2/dist/include/js/RootingAPI.h:822
#13 0x00007e1ce893d848 in js::CallJSNative
    (cx=0x7e1ca7fa0000, native=0x7e1ce6a1a410 <mozilla::dom::DedicatedWorkerGlobalScopeBinding::genericMethod(JSContext*, unsigned int, JS::Value*)>, args=...)
    at /mnt/win/dev/projects/uxp/platform/js/src/jscntxtinlines.h:238
#14 js::InternalCallOrConstruct (cx=cx@entry=0x7e1ca7fa0000, args=..., construct=construct@entry=js::NO_CONSTRUCT) at /mnt/win/dev/projects/uxp/platform/js/src/vm/Interpreter.cpp:490
#15 0x00007e1ce893dc4c in InternalCall (cx=cx@entry=0x7e1ca7fa0000, args=...) at /mnt/win/dev/projects/uxp/platform/js/src/vm/Interpreter.cpp:535
#16 0x00007e1ce892fa7d in js::CallFromStack (cx=0x7e1ca7fa0000, args=...) at /mnt/win/dev/projects/uxp/platform/js/src/vm/Interpreter.cpp:541
#17 Interpret (cx=cx@entry=0x7e1ca7fa0000, state=...) at /mnt/win/dev/projects/uxp/platform/js/src/vm/Interpreter.cpp:2914
#18 0x00007e1ce893d33d in js::RunScript (cx=cx@entry=0x7e1ca7fa0000, state=...) at /mnt/win/dev/projects/uxp/platform/js/src/vm/Interpreter.cpp:422
#19 0x00007e1ce894a016 in js::ExecuteKernel (cx=cx@entry=0x7e1ca7fa0000, script=..., script@entry=..., envChainArg=<optimized out>, newTargetValue=..., evalInFrame=..., 
    evalInFrame@entry=..., result=result@entry=0x7e1ca8083088) at /mnt/win/dev/projects/uxp/platform/js/src/vm/Interpreter.cpp:722
#20 0x00007e1ce851e2ec in EvalKernel (cx=cx@entry=0x7e1ca7fa0000, v=v@entry=..., evalType=evalType@entry=DIRECT_EVAL, caller=..., env=env@entry=..., pc=<optimized out>, vp=...)
    at /mnt/win/dev/projects/uxp/palemoon/obj-x86_64-pc-linux-gnu-gtk2/dist/include/js/RootingAPI.h:822
#21 0x00007e1ce851eb25 in js::DirectEval (cx=cx@entry=0x7e1ca7fa0000, v=..., vp=...) at /mnt/win/dev/projects/uxp/platform/js/src/builtin/Eval.cpp:432
#22 0x00007e1ce8930d27 in Interpret (cx=cx@entry=0x7e1ca7fa0000, state=...) at /mnt/win/dev/projects/uxp/platform/js/src/vm/Interpreter.cpp:2827
#23 0x00007e1ce893d33d in js::RunScript (cx=cx@entry=0x7e1ca7fa0000, state=...) at /mnt/win/dev/projects/uxp/platform/js/src/vm/Interpreter.cpp:422
#24 0x00007e1ce893d97c in js::InternalCallOrConstruct (cx=cx@entry=0x7e1ca7fa0000, args=..., construct=construct@entry=js::NO_CONSTRUCT)
    at /mnt/win/dev/projects/uxp/platform/js/src/vm/Interpreter.cpp:508
#25 0x00007e1ce893dc4c in InternalCall (cx=cx@entry=0x7e1ca7fa0000, args=...) at /mnt/win/dev/projects/uxp/platform/js/src/vm/Interpreter.cpp:535
#26 0x00007e1ce893dca8 in js::Call (cx=cx@entry=0x7e1ca7fa0000, fval=..., fval@entry=..., thisv=..., thisv@entry=..., args=..., rval=...)
    at /mnt/win/dev/projects/uxp/platform/js/src/vm/Interpreter.cpp:554
#27 0x00007e1ce87a41cd in JS::Call (cx=cx@entry=0x7e1ca7fa0000, thisv=thisv@entry=..., fval=fval@entry=..., args=..., rval=..., rval@entry=...)
    at /mnt/win/dev/projects/uxp/platform/js/src/jsapi.cpp:2868
#28 0x00007e1ce6a6745a in mozilla::dom::EventHandlerNonNull::Call (this=this@entry=0x7e1ca4bad3d0, cx=0x7e1ca7fa0000, aThisVal=..., aThisVal@entry=..., event=..., aRetVal=..., 
    aRetVal@entry=..., aRv=...) at /mnt/win/dev/projects/uxp/palemoon/obj-x86_64-pc-linux-gnu-gtk2/dist/include/js/RootingAPI.h:822
#29 0x00007e1ce6d5ebee in mozilla::dom::EventHandlerNonNull::Call<nsISupports*>
    (this=0x7e1ca4bad3d0, thisVal=@0x7e1ca4bad410: 0x7e1cda06c080, event=..., aRetVal=..., aRv=..., aExecutionReason=0x7e1ce8d0dc77 "EventHandlerNonNull", aExceptionHandling=mozilla::dom::CallbackObject::eReportExceptions, aCompartment=0x0) at /mnt/win/dev/projects/uxp/palemoon/obj-x86_64-pc-linux-gnu-gtk2/dist/include/mozilla/dom/CallbackObject.h:288
#30 mozilla::JSEventHandler::HandleEvent (this=0x7e1ca4bad400, aEvent=<optimized out>) at /mnt/win/dev/projects/uxp/platform/dom/events/JSEventHandler.cpp:212
#31 0x00007e1ce6d6057d in mozilla::EventListenerManager::HandleEventSubType (this=this@entry=0x7e1ca7fc7110, aListener=<optimized out>, 
    aListener@entry=0x7e1ca7fc7138, aDOMEvent=0x7e1ca7fc7230, aCurrentTarget=<optimized out>, aCurrentTarget@entry=0x7e1cda06c080)
    at /mnt/win/dev/projects/uxp/platform/dom/events/EventListenerManager.cpp:1070
#32 0x00007e1ce6d60e47 in mozilla::EventListenerManager::HandleEventInternal
    (this=this@entry=0x7e1ca7fc7110, aPresContext=<optimized out>, aEvent=0x7e1ca80df780, aDOMEvent=aDOMEvent@entry=0x7e1c94efe240, aCurrentTarget=<optimized out>, aEventStatus=aEventStatus@entry=0x7e1c94efe248, aItemInShadowTree=<optimized out>) at /mnt/win/dev/projects/uxp/platform/dom/events/EventListenerManager.cpp:1259
#33 0x00007e1ce6d612fb in mozilla::EventListenerManager::HandleEvent
    (this=0x7e1ca7fc7110, aPresContext=<optimized out>, aEvent=<optimized out>, aDOMEvent=0x7e1c94efe240, aCurrentTarget=<optimized out>, aEventStatus=0x7e1c94efe248, aItemInShadowTree=<optimized out>) at /mnt/win/dev/projects/uxp/palemoon/obj-x86_64-pc-linux-gnu-gtk2/dist/include/mozilla/EventListenerManager.h:374
#34 mozilla::EventListenerManager::HandleEvent
    (this=0x7e1ca7fc7110, aPresContext=<optimized out>, aEvent=<optimized out>, aDOMEvent=0x7e1c94efe240, aCurrentTarget=<optimized out>, aEventStatus=0x7e1c94efe248, aItemInShadowTree=<optimized out>) at /mnt/win/dev/projects/uxp/palemoon/obj-x86_64-pc-linux-gnu-gtk2/dist/include/mozilla/EventListenerManager.h:349
#35 mozilla::EventTargetChainItem::HandleEvent (aCd=..., this=0x7e1ca80f1508, aVisitor=...) at /mnt/win/dev/projects/uxp/platform/dom/events/EventDispatcher.cpp:351
#36 mozilla::EventTargetChainItem::HandleEvent (this=0x7e1ca80f1508, aVisitor=..., aCd=...) at /mnt/win/dev/projects/uxp/platform/dom/events/EventDispatcher.cpp:328
#37 0x00007e1ce6d61964 in mozilla::EventTargetChainItem::HandleEventTargetChain (aChain=..., aVisitor=..., aCallback=0x0, aCd=...)
    at /mnt/win/dev/projects/uxp/platform/dom/events/EventDispatcher.cpp:528
#38 0x00007e1ce6d627a3 in mozilla::EventDispatcher::Dispatch
    (aTarget=aTarget@entry=0x7e1cda06c080, aPresContext=aPresContext@entry=0x0, aEvent=aEvent@entry=0x7e1ca80df780, aDOMEvent=aDOMEvent@entry=0x7e1ca7fc7230, aEventStatus=aEventStatus@entry=0x7e1c94efe400, aCallback=aCallback@entry=0x0, aTargets=<optimized out>) at /mnt/win/dev/projects/uxp/platform/dom/events/EventDispatcher.cpp:916
#39 0x00007e1ce6d62ab7 in mozilla::EventDispatcher::DispatchDOMEvent
    (aTarget=0x7e1cda06c080, aEvent=<optimized out>, aDOMEvent=0x7e1ca7fc7230, aPresContext=0x0, aEventStatus=0x7e1c94efe400)
    at /mnt/win/dev/projects/uxp/platform/dom/events/EventDispatcher.cpp:997
#40 0x00007e1ce72795ee in (anonymous namespace)::MessageEventRunnable::DispatchDOMEvent
    (this=<optimized out>, aCx=<optimized out>, aTarget=0x7e1cda06c080, aIsMainThread=<optimized out>, aWorkerPrivate=<optimized out>)
    at /mnt/win/dev/projects/uxp/palemoon/obj-x86_64-pc-linux-gnu-gtk2/dist/include/nsCOMPtr.h:739
#41 0x00007e1ce726ff77 in mozilla::dom::workers::WorkerRunnable::Run (this=0x7e1c98e22c50) at /mnt/win/dev/projects/uxp/platform/dom/workers/WorkerRunnable.cpp:393
#42 0x00007e1ce595dd91 in nsThread::ProcessNextEvent (this=0x7e1c9656ac80, aMayWait=false, aResult=0x7e1c94efe747)
    at /mnt/win/dev/projects/uxp/palemoon/obj-x86_64-pc-linux-gnu-gtk2/dist/include/nsCOMPtr.h:739
#43 nsThread::ProcessNextEvent (this=0x7e1c9656ac80, aMayWait=false, aResult=0x7e1c94efe747) at /mnt/win/dev/projects/uxp/platform/xpcom/threads/nsThread.cpp:1076
#44 0x00007e1ce5983328 in NS_ProcessNextEvent (aThread=<optimized out>, aThread@entry=0x7e1c9656ac80, aMayWait=aMayWait@entry=false)
    at /mnt/win/dev/projects/uxp/platform/xpcom/glue/nsThreadUtils.cpp:355
#45 0x00007e1ce727ea9a in mozilla::dom::workers::WorkerPrivate::DoRunLoop (this=0x7e1c8cf59800, aCx=aCx@entry=0x7e1ca7fa0000)
    at /mnt/win/dev/projects/uxp/platform/dom/workers/WorkerPrivate.cpp:4892
#46 0x00007e1ce722156a in (anonymous namespace)::WorkerThreadPrimaryRunnable::Run (this=0x7e1ca2242a00) at /mnt/win/dev/projects/uxp/platform/dom/workers/RuntimeService.cpp:2812
#47 0x00007e1ce595dd91 in nsThread::ProcessNextEvent (this=0x7e1c9656ac80, aMayWait=true, aResult=0x7e1c94efed77)
    at /mnt/win/dev/projects/uxp/palemoon/obj-x86_64-pc-linux-gnu-gtk2/dist/include/nsCOMPtr.h:739
#48 nsThread::ProcessNextEvent (this=0x7e1c9656ac80, aMayWait=true, aResult=0x7e1c94efed77) at /mnt/win/dev/projects/uxp/platform/xpcom/threads/nsThread.cpp:1076
#49 0x00007e1ce5983328 in NS_ProcessNextEvent (aThread=<optimized out>, aThread@entry=0x7e1c9656ac80, aMayWait=aMayWait@entry=true)
    at /mnt/win/dev/projects/uxp/platform/xpcom/glue/nsThreadUtils.cpp:355
#50 0x00007e1ce5cebb4a in mozilla::ipc::MessagePumpForNonMainThreads::Run (this=0x7e1ca4bf9680, aDelegate=0x7e1cda0134e0) at /mnt/win/dev/projects/uxp/platform/ipc/glue/MessagePump.cpp:367
#51 0x00007e1ce5cced19 in MessageLoop::RunInternal (this=0x7e1cda0134e0) at /mnt/win/dev/projects/uxp/palemoon/obj-x86_64-pc-linux-gnu-gtk2/dist/include/mozilla/RefPtr.h:275
#52 MessageLoop::RunHandler (this=0x7e1cda0134e0) at /mnt/win/dev/projects/uxp/platform/ipc/chromium/src/base/message_loop.cc:221
#53 MessageLoop::Run (this=this@entry=0x7e1cda0134e0) at /mnt/win/dev/projects/uxp/platform/ipc/chromium/src/base/message_loop.cc:201
#54 0x00007e1ce595e2dd in nsThread::ThreadFunc (aArg=0x7e1c9656ac80) at /mnt/win/dev/projects/uxp/platform/xpcom/threads/nsThread.cpp:458
#55 0x00007e1ceaacc64d in _pt_root (arg=0x7e1c966be540) at /mnt/win/dev/projects/uxp/platform/nsprpub/pr/src/pthreads/ptthread.c:201
#56 0x00007e1cea5b2ddb in ??? () at /usr/lib/libc.so.6
#57 0x00007e1cea633f7c in ??? () at /usr/lib/libc.so.6

[dinosaur]

for example, https://www.cloudflare.com/learning/cdn ... t-network/.

gdb bt indicates that the crashes might be related to either BigInt or StructuredClone:

Code: Select all

Thread 83 "DOM Worker" received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7e1c94eff6c0 (LWP 8743)]
0x00007e1ce8993fbc in JS::BigInt::isNegative (this=<optimized out>)
    at /mnt/win/dev/projects/uxp/platform/js/src/vm/BigIntType.h:81
81	  bool isNegative() const { return lengthSignAndReservedBits_ & SignBit; }
(gdb) bt
#0  0x00007e1ce8993fbc in JS::BigInt::isNegative (this=<optimized out>)
    at /mnt/win/dev/projects/uxp/platform/js/src/vm/BigIntType.h:81
#1  JSStructuredCloneWriter::writeBigInt
    (this=this@entry=0x7e1c94efbfa0, tag=tag@entry=4294901789, bi=0x0)
    at /mnt/win/dev/projects/uxp/platform/js/src/vm/StructuredClone.cpp:1082
#2  0x00007e1ce89978be in JSStructuredCloneWriter::startWrite
    (this=0x7e1c94efbfa0, v=...)
    at /mnt/win/dev/projects/uxp/platform/js/src/vm/StructuredClone.cpp:1498
#3  0x00007e1ce8997cca in JSStructuredCloneWriter::write
    (this=this@entry=0x7e1c94efbfa0, v=..., v@entry=...)
    at /mnt/win/dev/projects/uxp/platform/js/src/vm/StructuredClone.cpp:1676
#4  0x00007e1ce89986b3 in WriteStructuredClone
    (cx=cx@entry=0x7e1ca7fa0000, v=v@entry=..., bufp=bufp@entry=0x7e1ca80df888, scope=scope@entry=JS::StructuredCloneScope::SameProcessDifferentThread, cloneDataPolicy=..., cb=cb@entry=0x7e1ce9a73420 <mozilla::dom::StructuredCloneHolder::sCallbacks>, cbClosure=0x7e1ca7fc72f0, transferable=...)
    at /mnt/win/dev/projects/uxp/platform/js/src/vm/StructuredClone.cpp:558
#5  0x00007e1ce8998886 in JS_WriteStructuredClone
    (cx=0x7e1ca7fa0000, value=..., bufp=0x7e1ca80df888, scope=<optimized out>, cloneDataPolicy=..., optionalCallbacks=0x7e1ce9a73420 <mozilla::dom::StructuredCloneHolder::sCallbacks>, closure=0x7e1ca7fc72f0, transferable=...)
    at /mnt/win/dev/projects/uxp/platform/js/src/vm/StructuredClone.cpp:2661
#6  JSAutoStructuredCloneBuffer::write
    (this=0x7e1ca80df880, cx=cx@entry=0x7e1ca7fa0000, value=..., 
    value@entry=..., transferable=transferable@entry=..., cloneDataPolicy=cloneDataPolicy@entry=..., optionalCallbacks=optionalCallbacks@entry=0x7e1ce9a73420 <mozilla::dom::StructuredCloneHolder::sCallbacks>, closure=0x7e1ca7fc72f0) at /mnt/win/dev/projects/uxp/platform/js/src/vm/StructuredClone.cpp:2793
#7  0x00007e1ce6448be1 in mozilla::dom::StructuredCloneHolderBase::Write (this=this@entry=0x7e1ca7fc72f0, aCx=aCx@entry=0x7e1ca7fa0000, aValue=..., aTransfer=..., cloneDataPolicy=...)
    at /mnt/win/dev/projects/uxp/palemoon/obj-x86_64-pc-linux-gnu-gtk2/dist/include/mozilla/UniquePtr.h:325
#8  0x00007e1ce6448d49 in mozilla::dom::StructuredCloneHolder::Write (this=this@entry=0x7e1ca7fc72f0, aCx=aCx@entry=0x7e1ca7fa0000, aValue=..., aValue@entry=..., aTransfer=..., 
    aTransfer@entry=..., cloneDataPolicy=..., cloneDataPolicy@entry=..., aRv=...) at /mnt/win/dev/projects/uxp/platform/dom/base/StructuredCloneHolder.cpp:290
#9  0x00007e1ce7271764 in mozilla::dom::workers::WorkerPrivate::PostMessageToParentInternal (this=<optimized out>, aCx=aCx@entry=0x7e1ca7fa0000, aMessage=..., aTransferable=..., aRv=...)
    at /mnt/win/dev/projects/uxp/palemoon/obj-x86_64-pc-linux-gnu-gtk2/dist/include/js/RootingAPI.h:822
#10 0x00007e1ce7274600 in mozilla::dom::workers::WorkerPrivate::PostMessageToParent (this=<optimized out>, aCx=0x7e1ca7fa0000, aMessage=..., aTransferable=..., aRv=...)
    at /mnt/win/dev/projects/uxp/platform/dom/workers/WorkerPrivate.h:1203
#11 0x00007e1ce6a631f8 in mozilla::dom::DedicatedWorkerGlobalScopeBinding::postMessage (cx=0x7e1ca7fa0000, obj=..., self=0x7e1cda06c080, args=...)
    at /mnt/win/dev/projects/uxp/palemoon/obj-x86_64-pc-linux-gnu-gtk2/dist/include/js/RootingAPI.h:822
#12 0x00007e1ce6a1a6b3 in mozilla::dom::DedicatedWorkerGlobalScopeBinding::genericMethod (cx=cx@entry=0x7e1ca7fa0000, argc=<optimized out>, vp=<optimized out>)
    at /mnt/win/dev/projects/uxp/palemoon/obj-x86_64-pc-linux-gnu-gtk2/dist/include/js/RootingAPI.h:822
#13 0x00007e1ce893d848 in js::CallJSNative
    (cx=0x7e1ca7fa0000, native=0x7e1ce6a1a410 <mozilla::dom::DedicatedWorkerGlobalScopeBinding::genericMethod(JSContext*, unsigned int, JS::Value*)>, args=...)
    at /mnt/win/dev/projects/uxp/platform/js/src/jscntxtinlines.h:238
#14 js::InternalCallOrConstruct (cx=cx@entry=0x7e1ca7fa0000, args=..., construct=construct@entry=js::NO_CONSTRUCT) at /mnt/win/dev/projects/uxp/platform/js/src/vm/Interpreter.cpp:490
#15 0x00007e1ce893dc4c in InternalCall (cx=cx@entry=0x7e1ca7fa0000, args=...) at /mnt/win/dev/projects/uxp/platform/js/src/vm/Interpreter.cpp:535
#16 0x00007e1ce892fa7d in js::CallFromStack (cx=0x7e1ca7fa0000, args=...) at /mnt/win/dev/projects/uxp/platform/js/src/vm/Interpreter.cpp:541
#17 Interpret (cx=cx@entry=0x7e1ca7fa0000, state=...) at /mnt/win/dev/projects/uxp/platform/js/src/vm/Interpreter.cpp:2914
#18 0x00007e1ce893d33d in js::RunScript (cx=cx@entry=0x7e1ca7fa0000, state=...) at /mnt/win/dev/projects/uxp/platform/js/src/vm/Interpreter.cpp:422
#19 0x00007e1ce894a016 in js::ExecuteKernel (cx=cx@entry=0x7e1ca7fa0000, script=..., script@entry=..., envChainArg=<optimized out>, newTargetValue=..., evalInFrame=..., 
    evalInFrame@entry=..., result=result@entry=0x7e1ca8083088) at /mnt/win/dev/projects/uxp/platform/js/src/vm/Interpreter.cpp:722
#20 0x00007e1ce851e2ec in EvalKernel (cx=cx@entry=0x7e1ca7fa0000, v=v@entry=..., evalType=evalType@entry=DIRECT_EVAL, caller=..., env=env@entry=..., pc=<optimized out>, vp=...)
    at /mnt/win/dev/projects/uxp/palemoon/obj-x86_64-pc-linux-gnu-gtk2/dist/include/js/RootingAPI.h:822
#21 0x00007e1ce851eb25 in js::DirectEval (cx=cx@entry=0x7e1ca7fa0000, v=..., vp=...) at /mnt/win/dev/projects/uxp/platform/js/src/builtin/Eval.cpp:432
#22 0x00007e1ce8930d27 in Interpret (cx=cx@entry=0x7e1ca7fa0000, state=...) at /mnt/win/dev/projects/uxp/platform/js/src/vm/Interpreter.cpp:2827
#23 0x00007e1ce893d33d in js::RunScript (cx=cx@entry=0x7e1ca7fa0000, state=...) at /mnt/win/dev/projects/uxp/platform/js/src/vm/Interpreter.cpp:422
#24 0x00007e1ce893d97c in js::InternalCallOrConstruct (cx=cx@entry=0x7e1ca7fa0000, args=..., construct=construct@entry=js::NO_CONSTRUCT)
    at /mnt/win/dev/projects/uxp/platform/js/src/vm/Interpreter.cpp:508
#25 0x00007e1ce893dc4c in InternalCall (cx=cx@entry=0x7e1ca7fa0000, args=...) at /mnt/win/dev/projects/uxp/platform/js/src/vm/Interpreter.cpp:535
#26 0x00007e1ce893dca8 in js::Call (cx=cx@entry=0x7e1ca7fa0000, fval=..., fval@entry=..., thisv=..., thisv@entry=..., args=..., rval=...)
    at /mnt/win/dev/projects/uxp/platform/js/src/vm/Interpreter.cpp:554
#27 0x00007e1ce87a41cd in JS::Call (cx=cx@entry=0x7e1ca7fa0000, thisv=thisv@entry=..., fval=fval@entry=..., args=..., rval=..., rval@entry=...)
    at /mnt/win/dev/projects/uxp/platform/js/src/jsapi.cpp:2868
#28 0x00007e1ce6a6745a in mozilla::dom::EventHandlerNonNull::Call (this=this@entry=0x7e1ca4bad3d0, cx=0x7e1ca7fa0000, aThisVal=..., aThisVal@entry=..., event=..., aRetVal=..., 
    aRetVal@entry=..., aRv=...) at /mnt/win/dev/projects/uxp/palemoon/obj-x86_64-pc-linux-gnu-gtk2/dist/include/js/RootingAPI.h:822
#29 0x00007e1ce6d5ebee in mozilla::dom::EventHandlerNonNull::Call<nsISupports*>
    (this=0x7e1ca4bad3d0, thisVal=@0x7e1ca4bad410: 0x7e1cda06c080, event=..., aRetVal=..., aRv=..., aExecutionReason=0x7e1ce8d0dc77 "EventHandlerNonNull", aExceptionHandling=mozilla::dom::CallbackObject::eReportExceptions, aCompartment=0x0) at /mnt/win/dev/projects/uxp/palemoon/obj-x86_64-pc-linux-gnu-gtk2/dist/include/mozilla/dom/CallbackObject.h:288
#30 mozilla::JSEventHandler::HandleEvent (this=0x7e1ca4bad400, aEvent=<optimized out>) at /mnt/win/dev/projects/uxp/platform/dom/events/JSEventHandler.cpp:212
#31 0x00007e1ce6d6057d in mozilla::EventListenerManager::HandleEventSubType (this=this@entry=0x7e1ca7fc7110, aListener=<optimized out>, 
    aListener@entry=0x7e1ca7fc7138, aDOMEvent=0x7e1ca7fc7230, aCurrentTarget=<optimized out>, aCurrentTarget@entry=0x7e1cda06c080)
    at /mnt/win/dev/projects/uxp/platform/dom/events/EventListenerManager.cpp:1070
#32 0x00007e1ce6d60e47 in mozilla::EventListenerManager::HandleEventInternal
    (this=this@entry=0x7e1ca7fc7110, aPresContext=<optimized out>, aEvent=0x7e1ca80df780, aDOMEvent=aDOMEvent@entry=0x7e1c94efe240, aCurrentTarget=<optimized out>, aEventStatus=aEventStatus@entry=0x7e1c94efe248, aItemInShadowTree=<optimized out>) at /mnt/win/dev/projects/uxp/platform/dom/events/EventListenerManager.cpp:1259
#33 0x00007e1ce6d612fb in mozilla::EventListenerManager::HandleEvent
    (this=0x7e1ca7fc7110, aPresContext=<optimized out>, aEvent=<optimized out>, aDOMEvent=0x7e1c94efe240, aCurrentTarget=<optimized out>, aEventStatus=0x7e1c94efe248, aItemInShadowTree=<optimized out>) at /mnt/win/dev/projects/uxp/palemoon/obj-x86_64-pc-linux-gnu-gtk2/dist/include/mozilla/EventListenerManager.h:374
#34 mozilla::EventListenerManager::HandleEvent
    (this=0x7e1ca7fc7110, aPresContext=<optimized out>, aEvent=<optimized out>, aDOMEvent=0x7e1c94efe240, aCurrentTarget=<optimized out>, aEventStatus=0x7e1c94efe248, aItemInShadowTree=<optimized out>) at /mnt/win/dev/projects/uxp/palemoon/obj-x86_64-pc-linux-gnu-gtk2/dist/include/mozilla/EventListenerManager.h:349
#35 mozilla::EventTargetChainItem::HandleEvent (aCd=..., this=0x7e1ca80f1508, aVisitor=...) at /mnt/win/dev/projects/uxp/platform/dom/events/EventDispatcher.cpp:351
#36 mozilla::EventTargetChainItem::HandleEvent (this=0x7e1ca80f1508, aVisitor=..., aCd=...) at /mnt/win/dev/projects/uxp/platform/dom/events/EventDispatcher.cpp:328
#37 0x00007e1ce6d61964 in mozilla::EventTargetChainItem::HandleEventTargetChain (aChain=..., aVisitor=..., aCallback=0x0, aCd=...)
    at /mnt/win/dev/projects/uxp/platform/dom/events/EventDispatcher.cpp:528
#38 0x00007e1ce6d627a3 in mozilla::EventDispatcher::Dispatch
    (aTarget=aTarget@entry=0x7e1cda06c080, aPresContext=aPresContext@entry=0x0, aEvent=aEvent@entry=0x7e1ca80df780, aDOMEvent=aDOMEvent@entry=0x7e1ca7fc7230, aEventStatus=aEventStatus@entry=0x7e1c94efe400, aCallback=aCallback@entry=0x0, aTargets=<optimized out>) at /mnt/win/dev/projects/uxp/platform/dom/events/EventDispatcher.cpp:916
#39 0x00007e1ce6d62ab7 in mozilla::EventDispatcher::DispatchDOMEvent
    (aTarget=0x7e1cda06c080, aEvent=<optimized out>, aDOMEvent=0x7e1ca7fc7230, aPresContext=0x0, aEventStatus=0x7e1c94efe400)
    at /mnt/win/dev/projects/uxp/platform/dom/events/EventDispatcher.cpp:997
#40 0x00007e1ce72795ee in (anonymous namespace)::MessageEventRunnable::DispatchDOMEvent
    (this=<optimized out>, aCx=<optimized out>, aTarget=0x7e1cda06c080, aIsMainThread=<optimized out>, aWorkerPrivate=<optimized out>)
    at /mnt/win/dev/projects/uxp/palemoon/obj-x86_64-pc-linux-gnu-gtk2/dist/include/nsCOMPtr.h:739
#41 0x00007e1ce726ff77 in mozilla::dom::workers::WorkerRunnable::Run (this=0x7e1c98e22c50) at /mnt/win/dev/projects/uxp/platform/dom/workers/WorkerRunnable.cpp:393
#42 0x00007e1ce595dd91 in nsThread::ProcessNextEvent (this=0x7e1c9656ac80, aMayWait=false, aResult=0x7e1c94efe747)
    at /mnt/win/dev/projects/uxp/palemoon/obj-x86_64-pc-linux-gnu-gtk2/dist/include/nsCOMPtr.h:739
#43 nsThread::ProcessNextEvent (this=0x7e1c9656ac80, aMayWait=false, aResult=0x7e1c94efe747) at /mnt/win/dev/projects/uxp/platform/xpcom/threads/nsThread.cpp:1076
#44 0x00007e1ce5983328 in NS_ProcessNextEvent (aThread=<optimized out>, aThread@entry=0x7e1c9656ac80, aMayWait=aMayWait@entry=false)
    at /mnt/win/dev/projects/uxp/platform/xpcom/glue/nsThreadUtils.cpp:355
#45 0x00007e1ce727ea9a in mozilla::dom::workers::WorkerPrivate::DoRunLoop (this=0x7e1c8cf59800, aCx=aCx@entry=0x7e1ca7fa0000)
    at /mnt/win/dev/projects/uxp/platform/dom/workers/WorkerPrivate.cpp:4892
#46 0x00007e1ce722156a in (anonymous namespace)::WorkerThreadPrimaryRunnable::Run (this=0x7e1ca2242a00) at /mnt/win/dev/projects/uxp/platform/dom/workers/RuntimeService.cpp:2812
#47 0x00007e1ce595dd91 in nsThread::ProcessNextEvent (this=0x7e1c9656ac80, aMayWait=true, aResult=0x7e1c94efed77)
    at /mnt/win/dev/projects/uxp/palemoon/obj-x86_64-pc-linux-gnu-gtk2/dist/include/nsCOMPtr.h:739
#48 nsThread::ProcessNextEvent (this=0x7e1c9656ac80, aMayWait=true, aResult=0x7e1c94efed77) at /mnt/win/dev/projects/uxp/platform/xpcom/threads/nsThread.cpp:1076
#49 0x00007e1ce5983328 in NS_ProcessNextEvent (aThread=<optimized out>, aThread@entry=0x7e1c9656ac80, aMayWait=aMayWait@entry=true)
    at /mnt/win/dev/projects/uxp/platform/xpcom/glue/nsThreadUtils.cpp:355
#50 0x00007e1ce5cebb4a in mozilla::ipc::MessagePumpForNonMainThreads::Run (this=0x7e1ca4bf9680, aDelegate=0x7e1cda0134e0) at /mnt/win/dev/projects/uxp/platform/ipc/glue/MessagePump.cpp:367
#51 0x00007e1ce5cced19 in MessageLoop::RunInternal (this=0x7e1cda0134e0) at /mnt/win/dev/projects/uxp/palemoon/obj-x86_64-pc-linux-gnu-gtk2/dist/include/mozilla/RefPtr.h:275
#52 MessageLoop::RunHandler (this=0x7e1cda0134e0) at /mnt/win/dev/projects/uxp/platform/ipc/chromium/src/base/message_loop.cc:221
#53 MessageLoop::Run (this=this@entry=0x7e1cda0134e0) at /mnt/win/dev/projects/uxp/platform/ipc/chromium/src/base/message_loop.cc:201
#54 0x00007e1ce595e2dd in nsThread::ThreadFunc (aArg=0x7e1c9656ac80) at /mnt/win/dev/projects/uxp/platform/xpcom/threads/nsThread.cpp:458
#55 0x00007e1ceaacc64d in _pt_root (arg=0x7e1c966be540) at /mnt/win/dev/projects/uxp/platform/nsprpub/pr/src/pthreads/ptthread.c:201
#56 0x00007e1cea5b2ddb in ??? () at /usr/lib/libc.so.6
#57 0x00007e1cea633f7c in ??? () at /usr/lib/libc.so.6

Thanks to your backtrace (1) I could find a fix for that crash (2). Here is the patch to apply to fix the crashing issue (but it won't get you past the CF check, sadly):

palemoon-33.5.1-writeBigInt_crash.patch.txt

----
(1) I do build PM myself, but I build it without the debug symbols, so I can't get any useful backtrace in gdb...
(2) Simply by adding a NULL pointer check in JSStructuredCloneWriter::writeBigInt(), and while I was at it, I also added one in JSStructuredCloneWriter::writeString() which could crash for the same reason.

[Moonchild]

Thanks for the quick analysis and band-aid! I'll make sure it goes into the upcoming release within a week.
Commit ee7f7385c3

[q160765803]

for example, https://www.cloudflare.com/learning/cdn ... t-network/.

gdb bt indicates that the crashes might be related to either BigInt or StructuredClone:

Code: Select all

Thread 83 "DOM Worker" received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7e1c94eff6c0 (LWP 8743)]
0x00007e1ce8993fbc in JS::BigInt::isNegative (this=<optimized out>)
    at /mnt/win/dev/projects/uxp/platform/js/src/vm/BigIntType.h:81
81	  bool isNegative() const { return lengthSignAndReservedBits_ & SignBit; }
(gdb) bt
#0  0x00007e1ce8993fbc in JS::BigInt::isNegative (this=<optimized out>)
    at /mnt/win/dev/projects/uxp/platform/js/src/vm/BigIntType.h:81
#1  JSStructuredCloneWriter::writeBigInt
    (this=this@entry=0x7e1c94efbfa0, tag=tag@entry=4294901789, bi=0x0)
    at /mnt/win/dev/projects/uxp/platform/js/src/vm/StructuredClone.cpp:1082
#2  0x00007e1ce89978be in JSStructuredCloneWriter::startWrite
    (this=0x7e1c94efbfa0, v=...)
    at /mnt/win/dev/projects/uxp/platform/js/src/vm/StructuredClone.cpp:1498
#3  0x00007e1ce8997cca in JSStructuredCloneWriter::write
    (this=this@entry=0x7e1c94efbfa0, v=..., v@entry=...)
    at /mnt/win/dev/projects/uxp/platform/js/src/vm/StructuredClone.cpp:1676
#4  0x00007e1ce89986b3 in WriteStructuredClone
    (cx=cx@entry=0x7e1ca7fa0000, v=v@entry=..., bufp=bufp@entry=0x7e1ca80df888, scope=scope@entry=JS::StructuredCloneScope::SameProcessDifferentThread, cloneDataPolicy=..., cb=cb@entry=0x7e1ce9a73420 <mozilla::dom::StructuredCloneHolder::sCallbacks>, cbClosure=0x7e1ca7fc72f0, transferable=...)
    at /mnt/win/dev/projects/uxp/platform/js/src/vm/StructuredClone.cpp:558
#5  0x00007e1ce8998886 in JS_WriteStructuredClone
    (cx=0x7e1ca7fa0000, value=..., bufp=0x7e1ca80df888, scope=<optimized out>, cloneDataPolicy=..., optionalCallbacks=0x7e1ce9a73420 <mozilla::dom::StructuredCloneHolder::sCallbacks>, closure=0x7e1ca7fc72f0, transferable=...)
    at /mnt/win/dev/projects/uxp/platform/js/src/vm/StructuredClone.cpp:2661
#6  JSAutoStructuredCloneBuffer::write
    (this=0x7e1ca80df880, cx=cx@entry=0x7e1ca7fa0000, value=..., 
    value@entry=..., transferable=transferable@entry=..., cloneDataPolicy=cloneDataPolicy@entry=..., optionalCallbacks=optionalCallbacks@entry=0x7e1ce9a73420 <mozilla::dom::StructuredCloneHolder::sCallbacks>, closure=0x7e1ca7fc72f0) at /mnt/win/dev/projects/uxp/platform/js/src/vm/StructuredClone.cpp:2793
#7  0x00007e1ce6448be1 in mozilla::dom::StructuredCloneHolderBase::Write (this=this@entry=0x7e1ca7fc72f0, aCx=aCx@entry=0x7e1ca7fa0000, aValue=..., aTransfer=..., cloneDataPolicy=...)
    at /mnt/win/dev/projects/uxp/palemoon/obj-x86_64-pc-linux-gnu-gtk2/dist/include/mozilla/UniquePtr.h:325
#8  0x00007e1ce6448d49 in mozilla::dom::StructuredCloneHolder::Write (this=this@entry=0x7e1ca7fc72f0, aCx=aCx@entry=0x7e1ca7fa0000, aValue=..., aValue@entry=..., aTransfer=..., 
    aTransfer@entry=..., cloneDataPolicy=..., cloneDataPolicy@entry=..., aRv=...) at /mnt/win/dev/projects/uxp/platform/dom/base/StructuredCloneHolder.cpp:290
#9  0x00007e1ce7271764 in mozilla::dom::workers::WorkerPrivate::PostMessageToParentInternal (this=<optimized out>, aCx=aCx@entry=0x7e1ca7fa0000, aMessage=..., aTransferable=..., aRv=...)
    at /mnt/win/dev/projects/uxp/palemoon/obj-x86_64-pc-linux-gnu-gtk2/dist/include/js/RootingAPI.h:822
#10 0x00007e1ce7274600 in mozilla::dom::workers::WorkerPrivate::PostMessageToParent (this=<optimized out>, aCx=0x7e1ca7fa0000, aMessage=..., aTransferable=..., aRv=...)
    at /mnt/win/dev/projects/uxp/platform/dom/workers/WorkerPrivate.h:1203
#11 0x00007e1ce6a631f8 in mozilla::dom::DedicatedWorkerGlobalScopeBinding::postMessage (cx=0x7e1ca7fa0000, obj=..., self=0x7e1cda06c080, args=...)
    at /mnt/win/dev/projects/uxp/palemoon/obj-x86_64-pc-linux-gnu-gtk2/dist/include/js/RootingAPI.h:822
#12 0x00007e1ce6a1a6b3 in mozilla::dom::DedicatedWorkerGlobalScopeBinding::genericMethod (cx=cx@entry=0x7e1ca7fa0000, argc=<optimized out>, vp=<optimized out>)
    at /mnt/win/dev/projects/uxp/palemoon/obj-x86_64-pc-linux-gnu-gtk2/dist/include/js/RootingAPI.h:822
#13 0x00007e1ce893d848 in js::CallJSNative
    (cx=0x7e1ca7fa0000, native=0x7e1ce6a1a410 <mozilla::dom::DedicatedWorkerGlobalScopeBinding::genericMethod(JSContext*, unsigned int, JS::Value*)>, args=...)
    at /mnt/win/dev/projects/uxp/platform/js/src/jscntxtinlines.h:238
#14 js::InternalCallOrConstruct (cx=cx@entry=0x7e1ca7fa0000, args=..., construct=construct@entry=js::NO_CONSTRUCT) at /mnt/win/dev/projects/uxp/platform/js/src/vm/Interpreter.cpp:490
#15 0x00007e1ce893dc4c in InternalCall (cx=cx@entry=0x7e1ca7fa0000, args=...) at /mnt/win/dev/projects/uxp/platform/js/src/vm/Interpreter.cpp:535
#16 0x00007e1ce892fa7d in js::CallFromStack (cx=0x7e1ca7fa0000, args=...) at /mnt/win/dev/projects/uxp/platform/js/src/vm/Interpreter.cpp:541
#17 Interpret (cx=cx@entry=0x7e1ca7fa0000, state=...) at /mnt/win/dev/projects/uxp/platform/js/src/vm/Interpreter.cpp:2914
#18 0x00007e1ce893d33d in js::RunScript (cx=cx@entry=0x7e1ca7fa0000, state=...) at /mnt/win/dev/projects/uxp/platform/js/src/vm/Interpreter.cpp:422
#19 0x00007e1ce894a016 in js::ExecuteKernel (cx=cx@entry=0x7e1ca7fa0000, script=..., script@entry=..., envChainArg=<optimized out>, newTargetValue=..., evalInFrame=..., 
    evalInFrame@entry=..., result=result@entry=0x7e1ca8083088) at /mnt/win/dev/projects/uxp/platform/js/src/vm/Interpreter.cpp:722
#20 0x00007e1ce851e2ec in EvalKernel (cx=cx@entry=0x7e1ca7fa0000, v=v@entry=..., evalType=evalType@entry=DIRECT_EVAL, caller=..., env=env@entry=..., pc=<optimized out>, vp=...)
    at /mnt/win/dev/projects/uxp/palemoon/obj-x86_64-pc-linux-gnu-gtk2/dist/include/js/RootingAPI.h:822
#21 0x00007e1ce851eb25 in js::DirectEval (cx=cx@entry=0x7e1ca7fa0000, v=..., vp=...) at /mnt/win/dev/projects/uxp/platform/js/src/builtin/Eval.cpp:432
#22 0x00007e1ce8930d27 in Interpret (cx=cx@entry=0x7e1ca7fa0000, state=...) at /mnt/win/dev/projects/uxp/platform/js/src/vm/Interpreter.cpp:2827
#23 0x00007e1ce893d33d in js::RunScript (cx=cx@entry=0x7e1ca7fa0000, state=...) at /mnt/win/dev/projects/uxp/platform/js/src/vm/Interpreter.cpp:422
#24 0x00007e1ce893d97c in js::InternalCallOrConstruct (cx=cx@entry=0x7e1ca7fa0000, args=..., construct=construct@entry=js::NO_CONSTRUCT)
    at /mnt/win/dev/projects/uxp/platform/js/src/vm/Interpreter.cpp:508
#25 0x00007e1ce893dc4c in InternalCall (cx=cx@entry=0x7e1ca7fa0000, args=...) at /mnt/win/dev/projects/uxp/platform/js/src/vm/Interpreter.cpp:535
#26 0x00007e1ce893dca8 in js::Call (cx=cx@entry=0x7e1ca7fa0000, fval=..., fval@entry=..., thisv=..., thisv@entry=..., args=..., rval=...)
    at /mnt/win/dev/projects/uxp/platform/js/src/vm/Interpreter.cpp:554
#27 0x00007e1ce87a41cd in JS::Call (cx=cx@entry=0x7e1ca7fa0000, thisv=thisv@entry=..., fval=fval@entry=..., args=..., rval=..., rval@entry=...)
    at /mnt/win/dev/projects/uxp/platform/js/src/jsapi.cpp:2868
#28 0x00007e1ce6a6745a in mozilla::dom::EventHandlerNonNull::Call (this=this@entry=0x7e1ca4bad3d0, cx=0x7e1ca7fa0000, aThisVal=..., aThisVal@entry=..., event=..., aRetVal=..., 
    aRetVal@entry=..., aRv=...) at /mnt/win/dev/projects/uxp/palemoon/obj-x86_64-pc-linux-gnu-gtk2/dist/include/js/RootingAPI.h:822
#29 0x00007e1ce6d5ebee in mozilla::dom::EventHandlerNonNull::Call<nsISupports*>
    (this=0x7e1ca4bad3d0, thisVal=@0x7e1ca4bad410: 0x7e1cda06c080, event=..., aRetVal=..., aRv=..., aExecutionReason=0x7e1ce8d0dc77 "EventHandlerNonNull", aExceptionHandling=mozilla::dom::CallbackObject::eReportExceptions, aCompartment=0x0) at /mnt/win/dev/projects/uxp/palemoon/obj-x86_64-pc-linux-gnu-gtk2/dist/include/mozilla/dom/CallbackObject.h:288
#30 mozilla::JSEventHandler::HandleEvent (this=0x7e1ca4bad400, aEvent=<optimized out>) at /mnt/win/dev/projects/uxp/platform/dom/events/JSEventHandler.cpp:212
#31 0x00007e1ce6d6057d in mozilla::EventListenerManager::HandleEventSubType (this=this@entry=0x7e1ca7fc7110, aListener=<optimized out>, 
    aListener@entry=0x7e1ca7fc7138, aDOMEvent=0x7e1ca7fc7230, aCurrentTarget=<optimized out>, aCurrentTarget@entry=0x7e1cda06c080)
    at /mnt/win/dev/projects/uxp/platform/dom/events/EventListenerManager.cpp:1070
#32 0x00007e1ce6d60e47 in mozilla::EventListenerManager::HandleEventInternal
    (this=this@entry=0x7e1ca7fc7110, aPresContext=<optimized out>, aEvent=0x7e1ca80df780, aDOMEvent=aDOMEvent@entry=0x7e1c94efe240, aCurrentTarget=<optimized out>, aEventStatus=aEventStatus@entry=0x7e1c94efe248, aItemInShadowTree=<optimized out>) at /mnt/win/dev/projects/uxp/platform/dom/events/EventListenerManager.cpp:1259
#33 0x00007e1ce6d612fb in mozilla::EventListenerManager::HandleEvent
    (this=0x7e1ca7fc7110, aPresContext=<optimized out>, aEvent=<optimized out>, aDOMEvent=0x7e1c94efe240, aCurrentTarget=<optimized out>, aEventStatus=0x7e1c94efe248, aItemInShadowTree=<optimized out>) at /mnt/win/dev/projects/uxp/palemoon/obj-x86_64-pc-linux-gnu-gtk2/dist/include/mozilla/EventListenerManager.h:374
#34 mozilla::EventListenerManager::HandleEvent
    (this=0x7e1ca7fc7110, aPresContext=<optimized out>, aEvent=<optimized out>, aDOMEvent=0x7e1c94efe240, aCurrentTarget=<optimized out>, aEventStatus=0x7e1c94efe248, aItemInShadowTree=<optimized out>) at /mnt/win/dev/projects/uxp/palemoon/obj-x86_64-pc-linux-gnu-gtk2/dist/include/mozilla/EventListenerManager.h:349
#35 mozilla::EventTargetChainItem::HandleEvent (aCd=..., this=0x7e1ca80f1508, aVisitor=...) at /mnt/win/dev/projects/uxp/platform/dom/events/EventDispatcher.cpp:351
#36 mozilla::EventTargetChainItem::HandleEvent (this=0x7e1ca80f1508, aVisitor=..., aCd=...) at /mnt/win/dev/projects/uxp/platform/dom/events/EventDispatcher.cpp:328
#37 0x00007e1ce6d61964 in mozilla::EventTargetChainItem::HandleEventTargetChain (aChain=..., aVisitor=..., aCallback=0x0, aCd=...)
    at /mnt/win/dev/projects/uxp/platform/dom/events/EventDispatcher.cpp:528
#38 0x00007e1ce6d627a3 in mozilla::EventDispatcher::Dispatch
    (aTarget=aTarget@entry=0x7e1cda06c080, aPresContext=aPresContext@entry=0x0, aEvent=aEvent@entry=0x7e1ca80df780, aDOMEvent=aDOMEvent@entry=0x7e1ca7fc7230, aEventStatus=aEventStatus@entry=0x7e1c94efe400, aCallback=aCallback@entry=0x0, aTargets=<optimized out>) at /mnt/win/dev/projects/uxp/platform/dom/events/EventDispatcher.cpp:916
#39 0x00007e1ce6d62ab7 in mozilla::EventDispatcher::DispatchDOMEvent
    (aTarget=0x7e1cda06c080, aEvent=<optimized out>, aDOMEvent=0x7e1ca7fc7230, aPresContext=0x0, aEventStatus=0x7e1c94efe400)
    at /mnt/win/dev/projects/uxp/platform/dom/events/EventDispatcher.cpp:997
#40 0x00007e1ce72795ee in (anonymous namespace)::MessageEventRunnable::DispatchDOMEvent
    (this=<optimized out>, aCx=<optimized out>, aTarget=0x7e1cda06c080, aIsMainThread=<optimized out>, aWorkerPrivate=<optimized out>)
    at /mnt/win/dev/projects/uxp/palemoon/obj-x86_64-pc-linux-gnu-gtk2/dist/include/nsCOMPtr.h:739
#41 0x00007e1ce726ff77 in mozilla::dom::workers::WorkerRunnable::Run (this=0x7e1c98e22c50) at /mnt/win/dev/projects/uxp/platform/dom/workers/WorkerRunnable.cpp:393
#42 0x00007e1ce595dd91 in nsThread::ProcessNextEvent (this=0x7e1c9656ac80, aMayWait=false, aResult=0x7e1c94efe747)
    at /mnt/win/dev/projects/uxp/palemoon/obj-x86_64-pc-linux-gnu-gtk2/dist/include/nsCOMPtr.h:739
#43 nsThread::ProcessNextEvent (this=0x7e1c9656ac80, aMayWait=false, aResult=0x7e1c94efe747) at /mnt/win/dev/projects/uxp/platform/xpcom/threads/nsThread.cpp:1076
#44 0x00007e1ce5983328 in NS_ProcessNextEvent (aThread=<optimized out>, aThread@entry=0x7e1c9656ac80, aMayWait=aMayWait@entry=false)
    at /mnt/win/dev/projects/uxp/platform/xpcom/glue/nsThreadUtils.cpp:355
#45 0x00007e1ce727ea9a in mozilla::dom::workers::WorkerPrivate::DoRunLoop (this=0x7e1c8cf59800, aCx=aCx@entry=0x7e1ca7fa0000)
    at /mnt/win/dev/projects/uxp/platform/dom/workers/WorkerPrivate.cpp:4892
#46 0x00007e1ce722156a in (anonymous namespace)::WorkerThreadPrimaryRunnable::Run (this=0x7e1ca2242a00) at /mnt/win/dev/projects/uxp/platform/dom/workers/RuntimeService.cpp:2812
#47 0x00007e1ce595dd91 in nsThread::ProcessNextEvent (this=0x7e1c9656ac80, aMayWait=true, aResult=0x7e1c94efed77)
    at /mnt/win/dev/projects/uxp/palemoon/obj-x86_64-pc-linux-gnu-gtk2/dist/include/nsCOMPtr.h:739
#48 nsThread::ProcessNextEvent (this=0x7e1c9656ac80, aMayWait=true, aResult=0x7e1c94efed77) at /mnt/win/dev/projects/uxp/platform/xpcom/threads/nsThread.cpp:1076
#49 0x00007e1ce5983328 in NS_ProcessNextEvent (aThread=<optimized out>, aThread@entry=0x7e1c9656ac80, aMayWait=aMayWait@entry=true)
    at /mnt/win/dev/projects/uxp/platform/xpcom/glue/nsThreadUtils.cpp:355
#50 0x00007e1ce5cebb4a in mozilla::ipc::MessagePumpForNonMainThreads::Run (this=0x7e1ca4bf9680, aDelegate=0x7e1cda0134e0) at /mnt/win/dev/projects/uxp/platform/ipc/glue/MessagePump.cpp:367
#51 0x00007e1ce5cced19 in MessageLoop::RunInternal (this=0x7e1cda0134e0) at /mnt/win/dev/projects/uxp/palemoon/obj-x86_64-pc-linux-gnu-gtk2/dist/include/mozilla/RefPtr.h:275
#52 MessageLoop::RunHandler (this=0x7e1cda0134e0) at /mnt/win/dev/projects/uxp/platform/ipc/chromium/src/base/message_loop.cc:221
#53 MessageLoop::Run (this=this@entry=0x7e1cda0134e0) at /mnt/win/dev/projects/uxp/platform/ipc/chromium/src/base/message_loop.cc:201
#54 0x00007e1ce595e2dd in nsThread::ThreadFunc (aArg=0x7e1c9656ac80) at /mnt/win/dev/projects/uxp/platform/xpcom/threads/nsThread.cpp:458
#55 0x00007e1ceaacc64d in _pt_root (arg=0x7e1c966be540) at /mnt/win/dev/projects/uxp/platform/nsprpub/pr/src/pthreads/ptthread.c:201
#56 0x00007e1cea5b2ddb in ??? () at /usr/lib/libc.so.6
#57 0x00007e1cea633f7c in ??? () at /usr/lib/libc.so.6

Thanks to your backtrace (1) I could find a fix for that crash (2). Here is the patch to apply to fix the crashing issue (but it won't get you past the CF check, sadly):palemoon-33.5.1-writeBigInt_crash.patch.txt

----
(1) I do build PM myself, but I build it without the debug symbols, so I can't get any useful backtrace in gdb...
(2) Simply by adding a NULL pointer check in JSStructuredCloneWriter::writeBigInt(), and while I was at it, I also added one in JSStructuredCloneWriter::writeString() which could crash for the same reason.

and now a "Error: DataCloneError: The object could not be cloned." appears in console instead.

Code: Select all

22:23:59.943 Error: DataCloneError: The object could not be cloned. 1 v1:1:68904
	Error self-hosted:1102:17
	gs https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1:1:68904
	gs self-hosted:1077:17
	gl/</</< https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1:1:116209
	gl/< https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1:1:116381
	gl https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1:1:116420
	gl self-hosted:1127:17

and it seems that cf now requiring service worker to check something.

[Navigator]

Crash here too, under Linux Mint.

[Moonchild]

Off-topic:

and it seems that cf now requiring service worker to check something.

There are very good reasons for anyone to not enable service workers by default (letting js workers run detached from site content is a big privacy and security attack surface). CF really shouldn't require it.

[Moonchild]

now a "Error: DataCloneError: The object could not be cloned." appears in console instead.

That's exactly expected. The crash is caused by bogus input to structured clone. You can't clone bogus inputs.

[back2themoon]

Just had the crash on a website that displayed the endless loop, and did not crash before. Browser crashed a few seconds after the Cloudflare verifying loop.

[aliex]

In case it if is not not obvious - blocking challenges.cloudflare.com (I did through hosts file) prevents crash, so we can at least wait for a proper fix

[back2themoon]

Thanks for this tip. Those websites that do not require strict verifcation (causing the infamous loop), now work without crashing. Adding the line below to uBlock Origin's "My filters" section should have the same effect.

Code: Select all

||challenges.cloudflare.com

[Scavengre]

Thank all of you for paying attention, and to those who worked out a fix, and to those who will put that fix into an update soon. Y'all rock. S.

[googlefan]

I experience the same issue.

and it seems that cf now requiring service worker to check something.

It varies, in a mainstream browser I usually block web workers with uMatrix and sometimes Cloudflare check passes successfully and sometimes does not pass until I allow web workers.