Closed Bug 695875 Opened 13 years ago Closed 13 years ago

crash [@ js::mjit::ic::BaseIC::disable]

Categories

(Firefox for Android Graveyard :: General, defect)

Product:
Firefox for Android Graveyard
Component:
General
Platform:
ARM
Android
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 694200

People

(Reporter: martijn.martijn, Unassigned)

Details

(Keywords: crash, Whiteboard: [mobile-crash])

Crash Data

This bug was filed from the Socorro interface and is 
report bp-a32821e2-47e9-4ad5-86ed-3ecb32111019 .
============================================================= 
0 	libxul.so 	js::mjit::ic::BaseIC::disable 	js/src/methodjit/PolyIC.cpp:2330
1 	libxul.so 	js::mjit::ic::GetProp 	js/src/methodjit/StubCalls-inl.h:51
2 	libxul.so 	libxul.so@0xbffdae 	
3 	libxul.so 	js::mjit::ic::GetProp 	js/src/methodjit/PolyIC.cpp:1930
4 	libxul.so 	js::mjit::JaegerShot 	js/src/vm/Stack.h:1392
5 	libxul.so 	js::Interpret 	js/src/jsinterp.cpp:4037
6 	libxul.so 	js::RunScript 	js/src/jsinterp.cpp:584
7 	libxul.so 	js::Invoke 	js/src/vm/Stack.h:984
8 	libxul.so 	JS_CallFunctionValue 	js/src/jscntxt.h:1243
9 	libxul.so 	nsJSContext::CallEventHandler 	dom/base/nsJSEnvironment.cpp:1947
10 	libxul.so 	nsGlobalWindow::RunTimeout 	nsCOMPtr.h:903
11 	libxul.so 	nsGlobalWindow::TimerCallback 	nsAutoPtr.h:907
12 	libxul.so 	nsTimerImpl::Fire 	xpcom/threads/nsTimerImpl.cpp:425
13 	libxul.so 	nsTimerEvent::Run 	nsAutoPtr.h:907
14 	libxul.so 	nsThread::ProcessNextEvent 	xpcom/threads/nsThread.cpp:631
15 	libxul.so 	NS_ProcessNextEvent_P 	obj-firefox/xpcom/build/nsThreadUtils.cpp:245
16 	libxul.so 	mozilla::ipc::MessagePump::Run 	ipc/glue/MessagePump.cpp:111
17 	libxul.so 	MessageLoop::RunInternal 	ipc/chromium/src/base/message_loop.cc:209
18 	libxul.so 	MessageLoop::Run 	ipc/chromium/src/base/message_loop.cc:487
19 	libxul.so 	nsBaseAppShell::Run 	widget/src/xpwidgets/nsBaseAppShell.cpp:191
20 	libxul.so 	nsAppStartup::Run 	toolkit/components/startup/nsAppStartup.cpp:229

I got this crash in a complicated testcase that dynamically changed the page, and after I tapped upon the "Tap here to activate plugin" plugin placeholder.
The fact that the "Tap here to activate plugin" plugin placeholder can be seen at all on Honeycomb is bug 695826.

This was on a EEE Transformer, using the latest trunk build.
Whiteboard: [mobile-crash]
Martijn can you include the page that you crashed on please?  If not, can you try to reproduce this issue on the current nightly please?
I'm afraid I can't really provide a minimized testcase for this, this was done with fuzzing. Getting a minimized testcase would cost me a lot of time (and perhaps I would not even be able to get a good testcase).

Did something change between now and 3 days ago that might have fixed this, you think? In that case, I could try and reproduce this again.
Ok, I can't seem to reproduce this anymore in current trunk build, so I guess this is indeed a duplicate of bug 694200.
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.