[Webkit-unassigned] [Bug 16512] New: Valgrind: Invalid read of size 4

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Dec 18 21:14:10 PST 2007 

http://bugs.webkit.org/show_bug.cgi?id=16512

           Summary: Valgrind: Invalid read of size 4
           Product: WebKit
           Version: 525+ (Nightly build)
          Platform: Macintosh
               URL: http://www.cnn.com
        OS/Version: Mac OS X 10.4
            Status: UNCONFIRMED
          Severity: Normal
          Priority: P2
         Component: HTML DOM
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: klobag at gmail.com


Loading www.cnn.com followed by yahoo.com, Valgrind reports the following. And
if we run without Valgrind, we get crash eventually by running script to
repeatedly loading these two sites.

==9677== Invalid read of size 4
==9677==    at 0x1075AEAD: WebCore::StringImpl::hash() const (StringImpl.h:76)
==9677==    by 0x1075B60E:
WTF::StrHash<WebCore::StringImpl*>::hash(WebCore::StringImpl const*)
(StringHash.h:34)
==9677==    by 0x10760174: WTF::IdentityHashTranslator<WebCore::StringImpl*,
std::pair<WebCore::StringImpl*, int>, WTF::StrHash<WebCore::StringImpl*>
>::hash(WebCore::StringImpl* const&) (HashTable.h:268)
==9677==    by 0x107628E8: std::pair<std::pair<WebCore::StringImpl*, int>*,
bool> WTF::HashTable<WebCore::StringImpl*, std::pair<WebCore::StringImpl*,
int>, WTF::PairFirstExtractor<std::pair<WebCore::StringImpl*, int> >,
WTF::StrHash<WebCore::StringImpl*>,
WTF::PairHashTraits<WTF::HashTraits<WebCore::StringImpl*>, WTF::HashTraits<int>
>, WTF::HashTraits<WebCore::StringImpl*>
>::lookupForWriting<WebCore::StringImpl*,
WTF::IdentityHashTranslator<WebCore::StringImpl*,
std::pair<WebCore::StringImpl*, int>, WTF::StrHash<WebCore::StringImpl*> >
>(WebCore::StringImpl* const&) (HashTable.h:484)
==9677==    by 0x10762A00: WTF::HashTable<WebCore::StringImpl*,
std::pair<WebCore::StringImpl*, int>,
WTF::PairFirstExtractor<std::pair<WebCore::StringImpl*, int> >,
WTF::StrHash<WebCore::StringImpl*>,
WTF::PairHashTraits<WTF::HashTraits<WebCore::StringImpl*>, WTF::HashTraits<int>
>, WTF::HashTraits<WebCore::StringImpl*>
>::lookupForWriting(WebCore::StringImpl* const&) (HashTable.h:340)
==9677==    by 0x10762A8A: WTF::HashTable<WebCore::StringImpl*,
std::pair<WebCore::StringImpl*, int>,
WTF::PairFirstExtractor<std::pair<WebCore::StringImpl*, int> >,
WTF::StrHash<WebCore::StringImpl*>,
WTF::PairHashTraits<WTF::HashTraits<WebCore::StringImpl*>, WTF::HashTraits<int>
>, WTF::HashTraits<WebCore::StringImpl*>
>::reinsert(std::pair<WebCore::StringImpl*, int>&) (HashTable.h:713)
==9677==    by 0x10763C4E: WTF::HashTable<WebCore::StringImpl*,
std::pair<WebCore::StringImpl*, int>,
WTF::PairFirstExtractor<std::pair<WebCore::StringImpl*, int> >,
WTF::StrHash<WebCore::StringImpl*>,
WTF::PairHashTraits<WTF::HashTraits<WebCore::StringImpl*>, WTF::HashTraits<int>
>, WTF::HashTraits<WebCore::StringImpl*> >::rehash(int) (HashTable.h:850)
==9677==    by 0x108B35F3: WTF::HashTable<WebCore::StringImpl*,
std::pair<WebCore::StringImpl*, int>,
WTF::PairFirstExtractor<std::pair<WebCore::StringImpl*, int> >,
WTF::StrHash<WebCore::StringImpl*>,
WTF::PairHashTraits<WTF::HashTraits<WebCore::StringImpl*>, WTF::HashTraits<int>
>, WTF::HashTraits<WebCore::StringImpl*> >::shrink() (HashTable.h:350)
==9677==  Address 0xB71E0E8 is 16 bytes inside a block of size 24 free'd
==9677==    at 0x43C7506: operator delete(void*) (vg_replace_malloc.c:244)
==9677==    by 0x1072B5C6: WebCore::Shared<WebCore::StringImpl>::deref()
(Shared.h:52)
==9677==    by 0x1072B5F8: WTF::RefPtr<WebCore::StringImpl>::~RefPtr()
(RefPtr.h:45)
==9677==    by 0x1072B61C: WebCore::String::~String() (PlatformString.h:56)
==9677==    by 0x1073337E: WebCore::AtomicString::~AtomicString()
(AtomicString.h:31)
==9677==    by 0x107F4681: WebCore::Attribute::~Attribute() (Attribute.h:58)
==9677==    by 0x1080E99E: WebCore::MappedAttribute::~MappedAttribute()
(MappedAttribute.h:42)
==9677==    by 0x107DA11D: WebCore::Shared<WebCore::Attribute>::deref()
(Shared.h:52)


-- 
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

More information about the webkit-unassigned mailing list