Closed Bug 847164 Opened 12 years ago Closed 11 years ago

crash in js_CloneFunctionObject

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Version:
19 Branch
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED WORKSFORME
Tracking Flags:
Tracking Status
firefox19 --- affected
firefox20 --- affected

People

(Reporter: scoobidiver, Unassigned)

Details

(Keywords: crash, Whiteboard: [native-crash][ARMv6])

Crash Data

It's a low volume crash but #5 top crasher in 19.0 on ARMv6 (see https://crash-analysis.mozilla.com/rkaiser/2013-03-02/2013-03-02.fennecandroid.19.0.armv6.topcrash.html). That qualifies it for the topcrash keyword according to https://wiki.mozilla.org/CrashKill/Topcrash Signature js_CloneFunctionObject(JSContext*, JS::Handle<JSFunction*>, JS::Handle<JSObject*>, JS::Handle<JSObject*>, js::gc::AllocKind) More Reports Search UUID 901f8707-758f-4631-aad0-c634d2130227 Date Processed 2013-02-27 17:46:54 Uptime 173 Install Age 1.9 days since version was first installed. Install Time 2013-02-25 20:44:33 Product FennecAndroid Version 19.0 Build ID 20130215125331 Release Channel release OS Android OS Version 0.0.0 Linux 3.0.8-perf-T989UVLI1-CL905735 #1 SMP PREEMPT Sat Sep 22 00:14:50 KST 2012 armv7l samsung/SGH-T989/SGH-T989:4.0.4/IMM76D/UVLI1:user/release-keys Build Architecture arm Build Architecture Info Crash Reason SIGSEGV Crash Address 0x72363250 App Notes AdapterDescription: 'Qualcomm -- Adreno (TM) 220 -- OpenGL ES 2.0 2184622 -- Model: SGH-T989, Product: SGH-T989, Manufacturer: samsung, Hardware: qcom' EGL? EGL+ GL Context? GL Context+ GL Layers? GL Layers+ WebGL? WebGL+ Stagefright? Stagefright+ samsung SGH-T989 samsung/SGH-T989/SGH-T989:4.0.4/IMM76D/UVLI1:user/release-keys Processor Notes sp-processor03.phx1.mozilla.com_4632:2008; exploitablity tool: ERROR: unable to analyze dump EMCheckCompatibility True Adapter Vendor ID Qualcomm Adapter Device ID Adreno (TM) 220 Device samsung SGH-T989 Android API Version 15 (REL) Android CPU ABI armeabi-v7a Frame Module Signature Source 0 libxul.so js_CloneFunctionObject js/src/jsscope.h:600 1 libxul.so js::CloneFunctionObjectIfNotSingleton js/src/jsfuninlines.h:236 2 libxul.so js::Interpret js/src/jsinterp.cpp:2864 3 libxul.so js::RunScript js/src/jsinterp.cpp:324 4 libxul.so js::Execute js/src/jsinterp.cpp:510 5 libxul.so JS::Evaluate js/src/jsapi.cpp:5590 6 libxul.so nsJSContext::EvaluateString dom/base/nsJSEnvironment.cpp:1522 7 libxul.so nsScriptLoader::EvaluateScript content/base/src/nsScriptLoader.cpp:851 8 libxul.so nsScriptLoader::ProcessRequest content/base/src/nsScriptLoader.cpp:743 9 libxul.so nsScriptLoader::ProcessPendingRequests content/base/src/nsScriptLoader.cpp:883 10 libxul.so nsScriptLoader::OnStreamComplete content/base/src/nsScriptLoader.cpp:1128 11 libxul.so nsStreamLoader::OnStopRequest netwerk/base/src/nsStreamLoader.cpp:101 12 libxul.so nsHTTPCompressConv::OnStopRequest netwerk/streamconv/converters/nsHTTPCompressConv.cpp:94 13 libxul.so mozilla::net::nsHttpChannel::OnStopRequest netwerk/protocol/http/nsHttpChannel.cpp:5014 14 libxul.so nsInputStreamPump::OnStateStop netwerk/base/src/nsInputStreamPump.cpp:552 15 libxul.so nsInputStreamPump::OnInputStreamReady netwerk/base/src/nsInputStreamPump.cpp:374 16 libxul.so nsInputStreamReadyEvent::Run xpcom/io/nsStreamUtils.cpp:82 17 libxul.so nsThread::ProcessNextEvent xpcom/threads/nsThread.cpp:627 18 libxul.so NS_ProcessNextEvent_P obj-firefox/xpcom/build/nsThreadUtils.cpp:238 19 libxul.so mozilla::ipc::MessagePump::Run ipc/glue/MessagePump.cpp:82 20 libxul.so MessageLoop::RunInternal ipc/chromium/src/base/message_loop.cc:215 21 libxul.so MessageLoop::Run ipc/chromium/src/base/message_loop.cc:208 22 libxul.so nsBaseAppShell::Run widget/xpwidgets/nsBaseAppShell.cpp:163 23 libxul.so nsAppStartup::Run toolkit/components/startup/nsAppStartup.cpp:290 24 libxul.so XREMain::XRE_mainRun toolkit/xre/nsAppRunner.cpp:3823 25 libxul.so XREMain::XRE_main toolkit/xre/nsAppRunner.cpp:3890 26 libxul.so XRE_main toolkit/xre/nsAppRunner.cpp:4084 More reports at: https://crash-stats.mozilla.com/report/list?signature=js_CloneFunctionObject%28JSContext*%2C+JS%3A%3AHandle%3CJSFunction*%3E%2C+JS%3A%3AHandle%3CJSObject*%3E%2C+JS%3A%3AHandle%3CJSObject*%3E%2C+js%3A%3Agc%3A%3AAllocKind%29
It's a low volume crash in 20.0 including for ARMv6 devices.
Keywords: topcrash
There have been no crashes for the last four weeks after 20.0.1.
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.