[Webkit-unassigned] [Bug 48840] Crash from valgrind in javascript garbagecollector

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri Nov 19 20:48:45 PST 2010 

https://bugs.webkit.org/show_bug.cgi?id=48840


Alexey Shildyakov <ashl1future at gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |ashl1future at gmail.com




--- Comment #6 from Alexey Shildyakov <ashl1future at gmail.com>  2010-11-19 20:48:44 PST ---
Think this is duplicate of bug 40875 since that valgrind log contains:

Invalid write of size 8
==22607==    at 0x7A4EA44: JSC::JIT::unlinkCall(JSC::CallLinkInfo*) (X86Assembler.h:1603)
==22607==    by 0x7A94477: JSC::CodeBlock::unlinkCallers() (CodeBlock.cpp:1387)
==22607==    by 0x7B50AFB: JSC::JSFunction::~JSFunction() (JSFunction.cpp:93)
==22607==    by 0x7B3070E: JSC::Heap::sweep() (Collector.cpp:1083)
==22607==    by 0x7B33A9D: JSC::Heap::collectAllGarbage() (Collector.cpp:1279)
==22607==    by 0x73A74B4: WebCore::collect(void*) (GCController.cpp:46)
==22607==    by 0x7718165: WebCore::ThreadTimers::sharedTimerFiredInternal() (ThreadTimers.cpp:112)
==22607==    by 0x79C9C71: WebCore::timeout_cb(void*) (SharedTimerGtk.cpp:48)
==22607==    by 0xA17909A: g_timeout_dispatch (gmain.c:3396)
==22607==    by 0xA1788C1: g_main_context_dispatch (gmain.c:1960)
==22607==    by 0xA17C747: g_main_context_iterate (gmain.c:2591)
==22607==    by 0xA17CC54: g_main_loop_run (gmain.c:2799)
==22607==    by 0x8765B26: gtk_main (gtkmain.c:1219)
==22607==    by 0x435422: main (ephy-main.c:741)
==22607==  Address 0x1fd44f16 is not stack'd, malloc'd or (recently) free'd
==22607== 
==22607== 
==22607== Process terminating with default action of signal 11 (SIGSEGV)
==22607==  Access not within mapped region at address 0x1FD44F16
==22607==    at 0x7A4EA44: JSC::JIT::unlinkCall(JSC::CallLinkInfo*) (X86Assembler.h:1603)
==22607==    by 0x7A94477: JSC::CodeBlock::unlinkCallers() (CodeBlock.cpp:1387)
==22607==    by 0x7B50AFB: JSC::JSFunction::~JSFunction() (JSFunction.cpp:93)
==22607==    by 0x7B3070E: JSC::Heap::sweep() (Collector.cpp:1083)
==22607==    by 0x7B33A9D: JSC::Heap::collectAllGarbage() (Collector.cpp:1279)
==22607==    by 0x73A74B4: WebCore::collect(void*) (GCController.cpp:46)
==22607==    by 0x7718165: WebCore::ThreadTimers::sharedTimerFiredInternal() (ThreadTimers.cpp:112)
==22607==    by 0x79C9C71: WebCore::timeout_cb(void*) (SharedTimerGtk.cpp:48)
==22607==    by 0xA17909A: g_timeout_dispatch (gmain.c:3396)
==22607==    by 0xA1788C1: g_main_context_dispatch (gmain.c:1960)
==22607==    by 0xA17C747: g_main_context_iterate (gmain.c:2591)
==22607==    by 0xA17CC54: g_main_loop_run (gmain.c:2799)
==22607==    by 0x8765B26: gtk_main (gtkmain.c:1219)
==22607==    by 0x435422: main (ephy-main.c:741)


And maybe to resolve this just use valgrind --smc-check=all option as described in bug 39060

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list