[Webkit-unassigned] [Bug 34014] WebSocket wrapper can be collected even if events are pending
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Feb 1 03:35:51 PST 2010
https://bugs.webkit.org/show_bug.cgi?id=34014
--- Comment #11 from Fumitoshi Ukai <ukai at chromium.org> 2010-02-01 03:35:51 PST ---
(In reply to comment #10)
> (In reply to comment #9)
> > (From update of attachment 47807 [details] [details])
> > ok, r=me
>
> Thanks.
> Anyway, I tried to land it, but found several crashes with release build on Mac
> Leopard. No crash with debug build.
> I investigated it and found malloc claims some error in debug build.
>
> DumpRenderTree(82014,0xa0830720) malloc: *** error for object 0x1364cc60:
> Non-aligned pointer being freed (2)
> *** set a breakpoint in malloc_error_break to debug
>
> and the object 0x1364cc60 is got by tryFastMalloc for m_buffer in
> WebSocketChannel.
> WebSocketChannel doesn't move the pointer returned by tryFastMalloc (it just
> copies data in the allocated area) and I confirmed that tryFastMalloc actually
> returned 0x1364cc60.
> Is this malloc bug?
This could be fixed if we alloc 8-byte aligned size by tryFastMalloc for
m_buffer in WebSocketChannel.
Is this contract of tryFastMalloc, so that client must request aligned size?
(if so, should we assert this in tryFastMalloc?)
or is this tryFastMalloc bug?
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list