Closed Bug 781594 Opened 12 years ago Closed 3 years ago

ABORT: not reached: ipc/ipdl/PLayers.cpp, line 4069

Categories

(Core :: IPC, defect)

Product:
Core
Component:
IPC
Platform:
ARM
Gonk (Firefox OS)
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED INCOMPLETE
Project Flags:
blocking-basecamp -

People

(Reporter: posidron, Assigned: cyu)

References

(Blocks 1 open bug)

Details

(Keywords: crash)

Attachments

(1 file)

callstack
9.45 KB, text/plain
Details
Attached file callstack 
This crash occurred while launching Firefox on B2G and intercepting the pickle Write|Datatype| functions.

An interception only happened when XRE_GetProcessType() == GeckoProcessType_Content

Let me know if you need further information.
Is this reproducible?
blocking-basecamp: --- → ?
Should this block?
Whiteboard: [blocked-on-input Christoph Diehl]
I will look at it in the next days, currently a bit busy with other projects.
But at that time the crash was reproducible.
New IPDL calls have been added to B2G since the last time so the SEED is not correct anymore for this bug. 

Have tried to trigger the bug with new fuzzing runs but were not able to reproduce this particular crash.
Whiteboard: [blocked-on-input Christoph Diehl]
Thanks for the update, Christoph.  We can always re-nom this for B2G blocking status if the crash reappears.
blocking-basecamp: ? → -
Is there a test case for this?
I can reproduce this crash in gdb by modifying mozilla::layers::Edit::mType. I think we need to call FatalError() instead of NS_RUNTIMEABORT() in mozilla::layers::Edit::MaybeDestroy().
Assignee: nobody → cyu

Closing this as Resolved > Incomplete since the initial reporter can't be reach for a confirmation if the issue is still occurring and no other crashes have been reported in the last 6 months.

Status: NEW → RESOLVED
Closed: 3 years ago
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: