[Webkit-unassigned] [Bug 53104] New: Intermittent crash in fast/files/read-blob-async.html on the GTK+ debug bots

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Jan 25 11:14:58 PST 2011 

https://bugs.webkit.org/show_bug.cgi?id=53104

           Summary: Intermittent crash in fast/files/read-blob-async.html
                    on the GTK+ debug bots
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Keywords: Gtk
          Severity: Normal
          Priority: P3
         Component: WebKit Gtk
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: mrobinson at webkit.org
                CC: jianli at chromium.org


It seems that didFinishLoading is cleaning up the BlobResourceHandle before the asynchronous tasks finish. Here is the valgrind output:


==19460== Memcheck, a memory error detector
==19460== Copyright (C) 2002-2010, and GNU GPL'd, by Julian Seward et al.
==19460== Using Valgrind-3.6.0.SVN-Debian and LibVEX; rerun with -h for copyright info
==19460== Command: ./WebKitBuild/Debug/Programs/DumpRenderTree LayoutTests/fast/files/read-blob-async.html
==19460== 
==19476== Warning: invalid file descriptor 1014 in syscall close()
==19476== Warning: invalid file descriptor 1015 in syscall close()
==19476== Warning: invalid file descriptor 1016 in syscall close()
==19476==    Use --log-fd=<number> to select an alternative log fd.
==19476== Warning: invalid file descriptor 1017 in syscall close()
==19476== Warning: invalid file descriptor 1018 in syscall close()
==19460== Invalid write of size 8
==19460==    at 0x5EF3608: WebCore::BlobResourceHandle::readDataAsync(WebCore::BlobDataItem const&) (BlobResourceHandle.cpp:438)
==19460==    by 0x5EF34C7: WebCore::BlobResourceHandle::readAsync() (BlobResourceHandle.cpp:423)
==19460==    by 0x5EF29D5: WebCore::BlobResourceHandle::getSizeForNext() (BlobResourceHandle.cpp:232)
==19460==    by 0x5EF2C2B: WebCore::BlobResourceHandle::didGetSize(long long) (BlobResourceHandle.cpp:279)
==19460==    by 0x5EF2A43: WebCore::BlobResourceHandle::getSizeForNext() (BlobResourceHandle.cpp:240)
==19460==    by 0x5EF28B5: WebCore::BlobResourceHandle::start() (BlobResourceHandle.cpp:214)
==19460==    by 0x5EF1FD1: WebCore::delayedStart(void*) (BlobResourceHandle.cpp:143)
==19460==    by 0x667816F: WTF::dispatchFunctionsFromMainThread() (MainThread.cpp:155)
==19460==    by 0x6677F46: WTF::timeoutFired(void*) (MainThreadGtk.cpp:43)
==19460==    by 0x9660B0A: ??? (in /lib/libglib-2.0.so.0.2705.0)
==19460==    by 0x96600B1: g_main_context_dispatch (in /lib/libglib-2.0.so.0.2705.0)
==19460==    by 0x9664777: ??? (in /lib/libglib-2.0.so.0.2705.0)
==19460==  Address 0x14216db8 is 152 bytes inside a block of size 176 free'd
==19460==    at 0x4C27D71: free (vg_replace_malloc.c:366)
==19460==    by 0x6677C0C: WTF::fastFree(void*) (FastMalloc.cpp:327)
==19460==    by 0x5772D93: WTF::RefCounted<WebCore::ResourceHandle>::operator delete(void*) (RefCounted.h:136)
==19460==    by 0x5EF2730: WebCore::BlobResourceHandle::~BlobResourceHandle() (BlobResourceHandle.cpp:178)
==19460==    by 0x572F86D: WTF::RefCounted<WebCore::ResourceHandle>::deref() (RefCounted.h:141)
==19460==    by 0x572FB22: void WTF::derefIfNotNull<WebCore::ResourceHandle>(WebCore::ResourceHandle*) (PassRefPtr.h:59)
==19460==    by 0x572F93F: WTF::RefPtr<WebCore::ResourceHandle>::operator=(WebCore::ResourceHandle*) (RefPtr.h:135)
==19460==    by 0x5DE74D2: WebCore::SubresourceLoader::didFinishLoading(double) (SubresourceLoader.cpp:183)
==19460==    by 0x5DDE814: WebCore::ResourceLoader::didFinishLoading(WebCore::ResourceHandle*, double) (ResourceLoader.cpp:434)
==19460==    by 0x5EF4167: WebCore::BlobResourceHandle::notifyFinish() (BlobResourceHandle.cpp:584)
==19460==    by 0x5EF3472: WebCore::BlobResourceHandle::readAsync() (BlobResourceHandle.cpp:417)
==19460==    by 0x5EF3953: WebCore::BlobResourceHandle::consumeData(char const*, int) (BlobResourceHandle.cpp:502)
==19460== 
==19460== Invalid write of size 8
==19460==    at 0x5EF3608: WebCore::BlobResourceHandle::readDataAsync(WebCore::BlobDataItem const&) (BlobResourceHandle.cpp:438)
==19460==    by 0x5EF34C7: WebCore::BlobResourceHandle::readAsync() (BlobResourceHandle.cpp:423)
==19460==    by 0x5EF3953: WebCore::BlobResourceHandle::consumeData(char const*, int) (BlobResourceHandle.cpp:502)
==19460==    by 0x5EF3849: WebCore::BlobResourceHandle::didRead(int) (BlobResourceHandle.cpp:473)
==19460==    by 0x5BE2752: WebCore::didRead(WebCore::ScriptExecutionContext*, WebCore::FileStreamProxy*, int) (FileStreamProxy.cpp:169)
==19460==    by 0x5BE52D9: WebCore::CrossThreadTask2<WebCore::FileStreamProxy*, WebCore::FileStreamProxy*, int, int>::performTask(WebCore::ScriptExecutionContext*) (CrossThreadTask.h:112)
==19460==    by 0x5A9A23F: WebCore::performTask(void*) (Document.cpp:4722)
==19460==    by 0x667816F: WTF::dispatchFunctionsFromMainThread() (MainThread.cpp:155)
==19460==    by 0x6677F46: WTF::timeoutFired(void*) (MainThreadGtk.cpp:43)
==19460==    by 0x9660B0A: ??? (in /lib/libglib-2.0.so.0.2705.0)
==19460==    by 0x96600B1: g_main_context_dispatch (in /lib/libglib-2.0.so.0.2705.0)
==19460==    by 0x9664777: ??? (in /lib/libglib-2.0.so.0.2705.0)
==19460==  Address 0x14433b88 is 152 bytes inside a block of size 176 free'd
==19460==    at 0x4C27D71: free (vg_replace_malloc.c:366)
==19460==    by 0x6677C0C: WTF::fastFree(void*) (FastMalloc.cpp:327)
==19460==    by 0x5772D93: WTF::RefCounted<WebCore::ResourceHandle>::operator delete(void*) (RefCounted.h:136)
==19460==    by 0x5EF2730: WebCore::BlobResourceHandle::~BlobResourceHandle() (BlobResourceHandle.cpp:178)
==19460==    by 0x572F86D: WTF::RefCounted<WebCore::ResourceHandle>::deref() (RefCounted.h:141)
==19460==    by 0x572FB22: void WTF::derefIfNotNull<WebCore::ResourceHandle>(WebCore::ResourceHandle*) (PassRefPtr.h:59)
==19460==    by 0x572F93F: WTF::RefPtr<WebCore::ResourceHandle>::operator=(WebCore::ResourceHandle*) (RefPtr.h:135)
==19460==    by 0x5DE74D2: WebCore::SubresourceLoader::didFinishLoading(double) (SubresourceLoader.cpp:183)
==19460==    by 0x5DDE814: WebCore::ResourceLoader::didFinishLoading(WebCore::ResourceHandle*, double) (ResourceLoader.cpp:434)
==19460==    by 0x5EF4167: WebCore::BlobResourceHandle::notifyFinish() (BlobResourceHandle.cpp:584)
==19460==    by 0x5EF3472: WebCore::BlobResourceHandle::readAsync() (BlobResourceHandle.cpp:417)
==19460==    by 0x5EF3953: WebCore::BlobResourceHandle::consumeData(char const*, int) (BlobResourceHandle.cpp:502)
==19460==

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list