[Webkit-unassigned] [Bug 53045] REGRESSION (r74807): memory corruption after CachedResourceLoader refactoring
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Feb 23 17:57:49 PST 2011
https://bugs.webkit.org/show_bug.cgi?id=53045
--- Comment #5 from Mihai Parparita <mihaip at chromium.org> 2011-02-23 17:57:49 PST ---
Latest update from the Chromium side (http://code.google.com/p/chromium/issues/detail?id=68516#c44):
I managed to catch (by running chrome with patched tcmalloc on bots) something that looks like a double free:
We are in CSSSelectorList::deleteSelector (called from ~CSSSelectorList, called from ~CSSStyleRule) and CSSSelector::m_selectorArray point so something that looks like it was already deleted (it's contents are zapped with 0xDEADDEAD which I use as a magic value in the tcmalloc's free). Unfortunately I can't say where exactly it was deleted, because my naive checks do not track this information. I will try to address this tomorrow.
Maybe somebody with WebKit knowledge can deduce something just from looking at CSSSelectorList code.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list