[Webkit-unassigned] [Bug 26860] New: Heap corruption leading to crashes on Yahoo sites when Yahoo Application State plugin loaded
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Jun 30 14:20:39 PDT 2009
https://bugs.webkit.org/show_bug.cgi?id=26860
Summary: Heap corruption leading to crashes on Yahoo sites when
Yahoo Application State plugin loaded
Product: WebKit
Version: 528+ (Nightly build)
Platform: PC
OS/Version: Windows XP
Status: NEW
Severity: Normal
Priority: P2
Component: Plug-ins
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: sfalken at apple.com
A high volume crash is occuring due to heap corruption.
Some output from WinDbg !analyze -v:
FAULTING_IP:
ntdll!RtlReportCriticalFailure+5b
7747015d eb1c jmp ntdll!RtlReportCriticalFailure+0x6f (7747017b)
EXCEPTION_RECORD: ffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 7747015d (ntdll!RtlReportCriticalFailure+0x0000005b)
ExceptionCode: c0000374
ExceptionFlags: 00000001
NumberParameters: 1
Parameter[0]: 7748c030
PROCESS_NAME: Safari.exe
ERROR_CODE: (NTSTATUS) 0xc0000374 - A heap has been corrupted.
EXCEPTION_CODE: (NTSTATUS) 0xc0000374 - A heap has been corrupted.
EXCEPTION_PARAMETER1: 7748c030
NTGLOBALFLAG: 0
APPLICATION_VERIFIER_FLAGS: 0
LAST_CONTROL_TRANSFER: from 00000000 to 77430531
FAULTING_THREAD: ffffffff
BUGCHECK_STR:
APPLICATION_FAULT_ACTIONABLE_HEAP_CORRUPTION_heap_failure_block_not_busy_DOUBLE_FREE
PRIMARY_PROBLEM_CLASS: ACTIONABLE_HEAP_CORRUPTION_heap_failure_block_not_busy
DEFAULT_BUCKET_ID: ACTIONABLE_HEAP_CORRUPTION_heap_failure_block_not_busy
STACK_TEXT:
77430531 ntdll!RtlFreeHeap+0x60
7619c56f kernel32!HeapFree+0x14
71c74c39 msvcr80!free+0xcd
67d2cf48 WebKit!_NPN_ReleaseVariantValue+0x68
67e42e0e WebKit!JSC::RuntimeMethod::getOwnPropertySlot+0x1fe
FOLLOWUP_IP:
WebKit!_NPN_ReleaseVariantValue+68
67d2cf48 c7460c00000000 mov dword ptr [esi+0Ch],0
SYMBOL_STACK_INDEX: 3
SYMBOL_NAME: WebKit!_NPN_ReleaseVariantValue+68
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: WebKit
IMAGE_NAME: WebKit.dll
DEBUG_FLR_IMAGE_TIMESTAMP: 4a28ef44
STACK_COMMAND: dds 7748c068 ; kb
FAILURE_BUCKET_ID:
ACTIONABLE_HEAP_CORRUPTION_heap_failure_block_not_busy_c0000374_WebKit.dll!_NPN_ReleaseVariantValue
BUCKET_ID:
APPLICATION_FAULT_ACTIONABLE_HEAP_CORRUPTION_heap_failure_block_not_busy_DOUBLE_FREE_WebKit!_NPN_ReleaseVariantValue+68
WATSON_STAGEONE_URL:
http://watson.microsoft.com/StageOne/Safari_exe/4_530_17_0/4a28fedb/ntdll_dll/6_0_6001_18000/4791a7a6/c0000374/000b015d.htm?Retriage=1
Followup: MachineOwner
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the webkit-unassigned
mailing list