Closed
Bug 792698
Opened 12 years ago
Closed 12 years ago
IonMonkey: crash in js::Vector<unsigned char, 32, js::SystemAllocPolicy>::growStorageBy
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
VERIFIED
FIXED
mozilla18
| Tracking | Status | |
|---|---|---|
| firefox16 | --- | unaffected |
| firefox17 | --- | unaffected |
| firefox18 | + | verified |
People
(Reporter: scoobidiver, Unassigned)
References
Details
(Keywords: crash, regression, topcrash)
Crash Data
It first appeared with IonMonkey and is #2 top browser crasher on Mac OS X in 18.0a1. Signature arena_bin_malloc_easy More Reports Search UUID a4ac8070-f80f-4590-90f3-e608b2120920 Date Processed 2012-09-20 02:32:02 Uptime 19020 Last Crash 1.2 weeks before submission Install Age 5.3 hours since version was first installed. Install Time 2012-09-19 21:14:14 Product Firefox Version 18.0a1 Build ID 20120919030602 Release Channel nightly OS Mac OS X OS Version 10.6.8 10K549 Build Architecture amd64 Build Architecture Info family 6 model 37 stepping 5 Crash Reason EXC_BAD_ACCESS / KERN_INVALID_ADDRESS Crash Address 0x53878b18 App Notes AdapterVendorID: 0x10de, AdapterDeviceID: 0x a29GL Context? GL Context+ GL Layers? GL Layers+ Processor Notes EMCheckCompatibility True Frame Module Signature Source 0 libmozglue.dylib arena_bin_malloc_easy jemalloc.c:3174 1 libmozglue.dylib arena_malloc jemalloc.c:3940 2 libmozglue.dylib je_realloc jemalloc.c:4819 3 libmozglue.dylib ozone_realloc jemalloc.c:6990 4 libSystem.B.dylib malloc_zone_realloc 5 libSystem.B.dylib realloc 6 XUL js::Vector<unsigned char, 32, js::SystemAllocPolicy>::growStorageBy 7 XUL js::ion::SnapshotWriter::addSlot 8 XUL js::ion::CodeGeneratorShared::encodeSlots CodeGenerator-shared.cpp:118 9 XUL js::ion::CodeGeneratorShared::encodeSlots CodeGenerator-shared.cpp:175 10 XUL js::ion::CodeGeneratorShared::encode CodeGenerator-shared.cpp:243 11 libmozglue.dylib je_malloc jemalloc.c:4217 12 libmozglue.dylib ozone_size jemalloc.c:6963 13 XUL js::ion::CodeGeneratorX86Shared::bailout<js::ion::BailoutJump> CodeGenerator-x86-shared.cpp:343 14 XUL js::ion::CodeGeneratorX86Shared::bailoutIf CodeGenerator-x86-shared.cpp:376 15 XUL js::ion::CodeGeneratorX64::visitUnbox CodeGenerator-x64.cpp:117 16 XUL js::ion::LUnbox::accept LIR-x64.h:53 17 XUL js::ion::CodeGenerator::generateBody CodeGenerator.cpp:1287 18 XUL js::ion::CodeGenerator::generate CodeGenerator.cpp:2798 19 XUL js::ion::CodeGeneratorShared::CodeGeneratorShared CodeGenerator-shared.cpp:37 20 XUL js::ion::CodeGeneratorX64::CodeGeneratorX64 CodeGenerator-x64.cpp:21 21 XUL js::ion::TestCompiler Ion.cpp:917 22 XUL js::VectorImpl<js::ion::IonCache, 0, js::SystemAllocPolicy, false>::growTo More reports at: https://crash-stats.mozilla.com/report/list?signature=arena_bin_malloc_easy
|
Reporter | |
Updated•12 years ago
|
Keywords: regression
|
||
Comment 1•12 years ago
|
||
Some URLs: 1 http://ffg.football.cbssports.com/scoring/preview/2/1 1 https://www.google.com/search?hl=en&q=rsaeuro+debian 1 https://encrypted.google.com/search?btnG=Google+Search&q=balzac 1 http://thedatakey.upstreamedia.com/generate/list/business#.UFfZLDNAyXI 1 https://www.google.com/search?q=iPhone+vs+Android&ie=utf-8&oe=utf-8&aq=t&rls=org 1 file:///Users/kayhanatamyildiz/Desktop/home-images/html-design/index.html 1 http://excellentdigitallab.com/admin/gallery.php 1 https://www.google.com/search?q=mixpanel+javascript&ie=utf-8&oe=utf-8&aq=t&rls=o 1 https://www.google.com/search?q=5.1.1+&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en 1 https://www.google.com/search?hl=en&safe=off&nomo=1&output=search&sclient=psy-ab 1 http://conveyor:8080/ 1 https://www.google.com/search?q=java+scientific+applications&ie=utf-8&oe=utf-8&a 1 https://boveda.banamex.com.mx/spanishdir/ayudas/inactividad8min2.htm 1 https://www.google.com/search?q=sand+symbol&ie=utf-8&oe=utf-8&aq=t&rls=org.mozil 1 https://www.google.com/search?q=how%20to%20tie%20a%20tie#hl=en&sugexp=les%3B&gs_ 1 https://www.facebook.com/dialog/oauth?client_id=212500508799908&response_type=to 1 http://codepen.io/juliangarnier/pen/idhuG
|
||
Updated•12 years ago
|
Summary: crash in js::Vector<unsigned char, 32, js::SystemAllocPolicy>::growStorageBy → IonMonkey: crash in js::Vector<unsigned char, 32, js::SystemAllocPolicy>::growStorageBy
This is probably bug 793257 but I'll keep this open and check crash-stats in a few days.
|
||
Updated•12 years ago
|
|
|
||
Updated•12 years ago
|
status-firefox18:
--- → affected
|
|
Reporter | |
Comment 3•12 years ago
|
||
(In reply to David Anderson [:dvander] from comment #2) > This is probably bug 793257 but I'll keep this open and check crash-stats in > a few days. There are indeed no crashes after 18.0a1/20120925.
Sweet!
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
|
|
Reporter | |
Updated•12 years ago
|
Target Milestone: --- → mozilla18
|
||
Comment 5•12 years ago
|
||
I see no recent crashes checking the crash stats. Marking this as verified fixed on FF 18.
Status: RESOLVED → VERIFIED
You need to log in
before you can comment on or make changes to this bug.
Description
•