Closed
Bug 792698
Opened 13 years ago
Closed 13 years ago
IonMonkey: crash in js::Vector<unsigned char, 32, js::SystemAllocPolicy>::growStorageBy
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
VERIFIED
FIXED
mozilla18
| Tracking | Status | |
|---|---|---|
| firefox16 | --- | unaffected |
| firefox17 | --- | unaffected |
| firefox18 | + | verified |
People
(Reporter: scoobidiver, Unassigned)
References
Details
(Keywords: crash, regression, topcrash)
Crash Data
It first appeared with IonMonkey and is #2 top browser crasher on Mac OS X in 18.0a1.
Signature arena_bin_malloc_easy More Reports Search
UUID a4ac8070-f80f-4590-90f3-e608b2120920
Date Processed 2012-09-20 02:32:02
Uptime 19020
Last Crash 1.2 weeks before submission
Install Age 5.3 hours since version was first installed.
Install Time 2012-09-19 21:14:14
Product Firefox
Version 18.0a1
Build ID 20120919030602
Release Channel nightly
OS Mac OS X
OS Version 10.6.8 10K549
Build Architecture amd64
Build Architecture Info family 6 model 37 stepping 5
Crash Reason EXC_BAD_ACCESS / KERN_INVALID_ADDRESS
Crash Address 0x53878b18
App Notes
AdapterVendorID: 0x10de, AdapterDeviceID: 0x a29GL Context? GL Context+ GL Layers? GL Layers+
Processor Notes
EMCheckCompatibility True
Frame Module Signature Source
0 libmozglue.dylib arena_bin_malloc_easy jemalloc.c:3174
1 libmozglue.dylib arena_malloc jemalloc.c:3940
2 libmozglue.dylib je_realloc jemalloc.c:4819
3 libmozglue.dylib ozone_realloc jemalloc.c:6990
4 libSystem.B.dylib malloc_zone_realloc
5 libSystem.B.dylib realloc
6 XUL js::Vector<unsigned char, 32, js::SystemAllocPolicy>::growStorageBy
7 XUL js::ion::SnapshotWriter::addSlot
8 XUL js::ion::CodeGeneratorShared::encodeSlots CodeGenerator-shared.cpp:118
9 XUL js::ion::CodeGeneratorShared::encodeSlots CodeGenerator-shared.cpp:175
10 XUL js::ion::CodeGeneratorShared::encode CodeGenerator-shared.cpp:243
11 libmozglue.dylib je_malloc jemalloc.c:4217
12 libmozglue.dylib ozone_size jemalloc.c:6963
13 XUL js::ion::CodeGeneratorX86Shared::bailout<js::ion::BailoutJump> CodeGenerator-x86-shared.cpp:343
14 XUL js::ion::CodeGeneratorX86Shared::bailoutIf CodeGenerator-x86-shared.cpp:376
15 XUL js::ion::CodeGeneratorX64::visitUnbox CodeGenerator-x64.cpp:117
16 XUL js::ion::LUnbox::accept LIR-x64.h:53
17 XUL js::ion::CodeGenerator::generateBody CodeGenerator.cpp:1287
18 XUL js::ion::CodeGenerator::generate CodeGenerator.cpp:2798
19 XUL js::ion::CodeGeneratorShared::CodeGeneratorShared CodeGenerator-shared.cpp:37
20 XUL js::ion::CodeGeneratorX64::CodeGeneratorX64 CodeGenerator-x64.cpp:21
21 XUL js::ion::TestCompiler Ion.cpp:917
22 XUL js::VectorImpl<js::ion::IonCache, 0, js::SystemAllocPolicy, false>::growTo
More reports at:
https://crash-stats.mozilla.com/report/list?signature=arena_bin_malloc_easy
|
Reporter | |
Updated•13 years ago
|
Keywords: regression
|
||
Comment 1•13 years ago
|
||
Some URLs:
1 http://ffg.football.cbssports.com/scoring/preview/2/1
1 https://www.google.com/search?hl=en&q=rsaeuro+debian
1 https://encrypted.google.com/search?btnG=Google+Search&q=balzac
1 http://thedatakey.upstreamedia.com/generate/list/business#.UFfZLDNAyXI
1 https://www.google.com/search?q=iPhone+vs+Android&ie=utf-8&oe=utf-8&aq=t&rls=org
1 file:///Users/kayhanatamyildiz/Desktop/home-images/html-design/index.html
1 http://excellentdigitallab.com/admin/gallery.php
1 https://www.google.com/search?q=mixpanel+javascript&ie=utf-8&oe=utf-8&aq=t&rls=o
1 https://www.google.com/search?q=5.1.1+&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en
1 https://www.google.com/search?hl=en&safe=off&nomo=1&output=search&sclient=psy-ab
1 http://conveyor:8080/
1 https://www.google.com/search?q=java+scientific+applications&ie=utf-8&oe=utf-8&a
1 https://boveda.banamex.com.mx/spanishdir/ayudas/inactividad8min2.htm
1 https://www.google.com/search?q=sand+symbol&ie=utf-8&oe=utf-8&aq=t&rls=org.mozil
1 https://www.google.com/search?q=how%20to%20tie%20a%20tie#hl=en&sugexp=les%3B&gs_
1 https://www.facebook.com/dialog/oauth?client_id=212500508799908&response_type=to
1 http://codepen.io/juliangarnier/pen/idhuG
|
||
Updated•13 years ago
|
Summary: crash in js::Vector<unsigned char, 32, js::SystemAllocPolicy>::growStorageBy → IonMonkey: crash in js::Vector<unsigned char, 32, js::SystemAllocPolicy>::growStorageBy
This is probably bug 793257 but I'll keep this open and check crash-stats in a few days.
|
||
Updated•13 years ago
|
|
|
||
Updated•13 years ago
|
status-firefox18:
--- → affected
|
|
Reporter | |
Comment 3•13 years ago
|
||
(In reply to David Anderson [:dvander] from comment #2)
> This is probably bug 793257 but I'll keep this open and check crash-stats in
> a few days.
There are indeed no crashes after 18.0a1/20120925.
Sweet!
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
|
|
Reporter | |
Updated•13 years ago
|
Target Milestone: --- → mozilla18
|
||
Comment 5•13 years ago
|
||
I see no recent crashes checking the crash stats. Marking this as verified fixed on FF 18.
Status: RESOLVED → VERIFIED
You need to log in
before you can comment on or make changes to this bug.
Description
•