[Webkit-unassigned] [Bug 26349] New: crash in WTF::TCMalloc_Central_FreeList::FetchFromSpans

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri Jun 12 11:58:47 PDT 2009 

https://bugs.webkit.org/show_bug.cgi?id=26349

           Summary: crash in WTF::TCMalloc_Central_FreeList::FetchFromSpans
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: PC
        OS/Version: Linux
            Status: UNCONFIRMED
          Severity: Normal
          Priority: P2
         Component: WebCore JavaScript
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: amd at store20.com


Got following crash while browsing with epiphany...

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fd1c8322760 (LWP 24300)]
WTF::TCMalloc_Central_FreeList::FetchFromSpans (this=0x7fd1c6ed9d20) at
JavaScriptCore/wtf/FastMalloc.cpp:2360
2360    JavaScriptCore/wtf/FastMalloc.cpp: No such file or directory.
        in JavaScriptCore/wtf/FastMalloc.cpp
Current language:  auto; currently c++
(gdb) bt
#0  WTF::TCMalloc_Central_FreeList::FetchFromSpans (this=0x7fd1c6ed9d20) at
JavaScriptCore/wtf/FastMalloc.cpp:2360
#1  0x00007fd1c62293f5 in WTF::TCMalloc_Central_FreeList::RemoveRange
(this=0x7fd1c6ed9d20, start=0x7fff22383518, 
    end=0x7fff22383510, N=0x7fff22383524) at
JavaScriptCore/wtf/FastMalloc.cpp:2332
#2  0x00007fd1c6229a2e in WTF::fastMalloc (size=<value optimized out>) at
JavaScriptCore/wtf/FastMalloc.cpp:2490
#3  0x00007fd1c65e723c in WebCore::StringImpl::createUninitialized
(length=<value optimized out>, data=@0x7fff22383588)
    at WebCore/platform/text/StringImpl.cpp:987
#4  0x00007fd1c65e78b8 in WebCore::StringImpl::create
(characters=0x7fd1ae05d3e8, length=11)
    at WebCore/platform/text/StringImpl.cpp:1000
#5  0x00007fd1c65e8278 in WebCore::StringImpl::stripWhiteSpace
(this=0x7fd1ae05d3c0) at WebCore/platform/text/StringImpl.cpp:375
#6  0x00007fd1c65e1998 in WebCore::String::stripWhiteSpace (this=<value
optimized out>) at WebCore/platform/text/String.cpp:289
#7  0x00007fd1c63ce90b in WebCore::OptionElement::collectOptionText
(data=<value optimized out>, element=0x7fd1a6be1b00)
    at WebCore/dom/OptionElement.cpp:96
#8  0x00007fd1c63ceba6 in
WebCore::OptionElement::collectOptionTextRespectingGroupLabel
(data=@0x7fd1a6be1b88, 
    element=0x7fd1a6be1b00) at WebCore/dom/OptionElement.cpp:109
#9  0x00007fd1c64b3336 in
WebCore::HTMLOptionElement::textIndentedToRespectGroupLabel (this=0x6e10)
    at WebCore/html/HTMLOptionElement.cpp:205
#10 0x00007fd1c6666cfa in WebCore::RenderMenuList::updateOptionsWidth
(this=0x7fd1ae1dcec8)
    at WebCore/rendering/RenderMenuList.cpp:139
#11 0x00007fd1c6666f55 in WebCore::RenderMenuList::updateFromElement
(this=0x7fd1c6ed9d20)
    at WebCore/rendering/RenderMenuList.cpp:164
#12 0x00007fd1c63b4a8f in WebCore::Element::recalcStyle (this=0x7fd1ae587070,
change=WebCore::Node::NoChange)
    at WebCore/dom/Element.cpp:845
#13 0x00007fd1c63b4a8f in WebCore::Element::recalcStyle (this=0x7fd1a6d54bd0,
change=WebCore::Node::NoChange)
    at WebCore/dom/Element.cpp:845
#14 0x00007fd1c63b4a8f in WebCore::Element::recalcStyle (this=0x7fd1ad92a0f0,
change=WebCore::Node::NoChange)
    at WebCore/dom/Element.cpp:845
#15 0x00007fd1c63b4a8f in WebCore::Element::recalcStyle (this=0x7fd1ad83e0e0,
change=WebCore::Node::NoChange)
    at WebCore/dom/Element.cpp:845
#16 0x00007fd1c63b4a8f in WebCore::Element::recalcStyle (this=0x7fd1ae46bd20,
change=WebCore::Node::NoChange)
    at WebCore/dom/Element.cpp:845
#17 0x00007fd1c63b4a8f in WebCore::Element::recalcStyle (this=0x7fd1ad6e7d20,
change=WebCore::Node::NoChange)
    at WebCore/dom/Element.cpp:845
#18 0x00007fd1c639e3af in WebCore::Document::recalcStyle (this=0x7fd1b0a06c00,
change=WebCore::Node::NoChange)
    at WebCore/dom/Document.cpp:1192
#19 0x00007fd1c639635f in WebCore::Document::updateStyleIfNeeded
(this=0x7fd1b0a06c00) at WebCore/dom/Document.cpp:1228
#20 0x00007fd1c639a6cc in WebCore::Document::updateStyleForAllDocuments () at
WebCore/dom/Document.cpp:1245
#21 0x00007fd1c62e605d in WebCore::JSEventListener::handleEvent
(this=0x7fd1ad2df190, event=0x7fd1a7e2ad40, isWindowEvent=true)
    at WebCore/bindings/js/JSEventListener.cpp:151
#22 0x00007fd1c6555d65 in WebCore::DOMWindow::handleEvent (this=<value
optimized out>, event=0x7fd1a7e2ad40, useCapture=false, 
    alternateListeners=<value optimized out>) at
WebCore/page/DOMWindow.cpp:1204
#23 0x00007fd1c655748a in WebCore::DOMWindow::dispatchLoadEvent
(this=0x7fd1a792d780) at WebCore/page/DOMWindow.cpp:1284
#24 0x00007fd1c6397b2d in WebCore::Document::implicitClose
(this=0x7fd1b0a06c00) at WebCore/dom/Document.cpp:1631
#25 0x00007fd1c651b797 in WebCore::FrameLoader::checkCompleted
(this=0x7fd1ad671850) at WebCore/loader/FrameLoader.cpp:1289
#26 0x00007fd1c6549718 in WebCore::Loader::Host::didReceiveResponse
(this=0x7fd1ad7d6140, loader=0x7fd1ad8b2080, 
---Type <return> to continue, or q <return> to quit---
    response=@0x7fd1a7f3b0f0) at WebCore/loader/loader.cpp:415
#27 0x00007fd1c6538bf0 in WebCore::SubresourceLoader::didReceiveResponse
(this=0x7fd1ad8b2080, r=@0x7fd1a7f3b0f0)
    at WebCore/loader/SubresourceLoader.cpp:137
#28 0x00007fd1c6835e37 in gotHeadersCallback (msg=0x16055b0, data=<value
optimized out>)
    at WebCore/platform/network/soup/ResourceHandleSoup.cpp:274
#29 0x00007fd1bb0b72cf in IA__g_closure_invoke (closure=0x191ae60,
return_value=0x0, n_param_values=1, param_values=0x1be6440, 
    invocation_hint=0x7fff223841f0) at gclosure.c:767
#30 0x00007fd1bb0ccd6a in signal_emit_unlocked_R (node=0x10d6c80, detail=0,
instance=0x16055b0, emission_return=0x0, 
    instance_and_params=0x1be6440) at gsignal.c:3247
#31 0x00007fd1bb0ce361 in IA__g_signal_emit_valist (instance=0x16055b0,
signal_id=<value optimized out>, detail=0, 
    var_args=0x7fff223843d0) at gsignal.c:2980
#32 0x00007fd1bb0ce853 in IA__g_signal_emit (instance=0x7fd1c6ed9d20,
signal_id=16, detail=28160) at gsignal.c:3037
#33 0x00007fd1bd54cfe0 in io_read (sock=0x196e280, msg=0x16055b0) at
soup-message-io.c:767
#34 0x00007fd1bb0b72cf in IA__g_closure_invoke (closure=0xfbbf40,
return_value=0x0, n_param_values=1, param_values=0x1876120, 
    invocation_hint=0x7fff22384630) at gclosure.c:767
#35 0x00007fd1bb0ccd6a in signal_emit_unlocked_R (node=0x10d43e0, detail=0,
instance=0x196e280, emission_return=0x0, 
    instance_and_params=0x1876120) at gsignal.c:3247
#36 0x00007fd1bb0ce361 in IA__g_signal_emit_valist (instance=0x196e280,
signal_id=<value optimized out>, detail=0, 
    var_args=0x7fff22384810) at gsignal.c:2980
#37 0x00007fd1bb0ce853 in IA__g_signal_emit (instance=0x7fd1c6ed9d20,
signal_id=16, detail=28160) at gsignal.c:3037
#38 0x00007fd1bd556ed2 in socket_read_watch (chan=<value optimized out>,
cond=0, user_data=<value optimized out>)
    at soup-socket.c:1152
#39 0x00007fd1bae00ea9 in IA__g_main_context_dispatch (context=0xaa7c70) at
gmain.c:1814
#40 0x00007fd1bae04518 in g_main_context_iterate (context=0xaa7c70, block=1,
dispatch=1, self=<value optimized out>)
    at gmain.c:2445
#41 0x00007fd1bae04a0d in IA__g_main_loop_run (loop=0xb07650) at gmain.c:2653
#42 0x00007fd1c23f8307 in IA__gtk_main () at gtkmain.c:1205
#43 0x0000000000431ad6 in main (argc=1, argv=0x7fff22385d78) at ephy-main.c:781


-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

More information about the webkit-unassigned mailing list