[Webkit-unassigned] [Bug 61316] New: Crash in deallocateNPObject when reloading yahoo.com webarchive in WebKit2
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon May 23 16:02:58 PDT 2011
https://bugs.webkit.org/show_bug.cgi?id=61316
Summary: Crash in deallocateNPObject when reloading yahoo.com
webarchive in WebKit2
Product: WebKit
Version: 528+ (Nightly build)
Platform: PC
OS/Version: Windows XP
Status: NEW
Keywords: NeedsRadar
Severity: Normal
Priority: P2
Component: Plug-ins
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: aroben at apple.com
CC: andersca at apple.com, oliver at apple.com
Created an attachment (id=94510)
--> (https://bugs.webkit.org/attachment.cgi?id=94510&action=review)
webarchive
To reproduce:
1. Load the attached webarchive
2. Reload
You'll crash in deallocateNPObject. The crashing line is:
if (npObject->_class->deallocate)
_class is garbage because the plugin has already been unloaded. Here's the backtrace:
> WebKit.dll!WebKit::deallocateNPObject(NPObject * npObject=0x0aed9720) Line 81 + 0x5 bytes C++
WebKit.dll!WebKit::releaseNPObject(NPObject * npObject=0x0aed9720) Line 105 + 0x9 bytes C++
WebKit.dll!WebKit::JSNPObject::~JSNPObject() Line 70 + 0xc bytes C++
WebKit.dll!WebKit::JSNPObject::`scalar deleting destructor'() + 0x16 bytes C++
JavaScriptCore.dll!JSC::MarkedBlock::sweep() Line 83 + 0x10 bytes C++
JavaScriptCore.dll!JSC::MarkedSpace::sweep() Line 125 + 0xf bytes C++
JavaScriptCore.dll!JSC::Heap::reset(JSC::Heap::SweepToggle sweepToggle=DoSweep) Line 409 C++
JavaScriptCore.dll!JSC::Heap::collectAllGarbage() Line 388 C++
WebKit.dll!WebCore::collect(void * __formal=0x00000000) Line 43 C++
WebKit.dll!WebCore::GCController::gcTimerFired(WebCore::Timer<WebCore::GCController> * __formal=0x0aa1fbc8) Line 65 + 0x7 bytes C++
WebKit.dll!WebCore::Timer<WebCore::GCController>::fired() Line 100 + 0x23 bytes C++
WebKit.dll!WebCore::ThreadTimers::sharedTimerFiredInternal() Line 112 + 0xf bytes C++
WebKit.dll!WebCore::ThreadTimers::sharedTimerFired() Line 91 C++
WebKit.dll!WebCore::TimerWindowWndProc(HWND__ * hWnd=0x000f02c4, unsigned int message=49602, unsigned int wParam=0, long lParam=0) Line 103 + 0x8 bytes C++
user32.dll!_InternalCallWinProc at 20() + 0x28 bytes
user32.dll!_UserCallWinProcCheckWow at 32() + 0xb7 bytes
user32.dll!_DispatchMessageWorker at 8() + 0xdc bytes
user32.dll!_DispatchMessageW at 4() + 0xf bytes
WebKit.dll!RunLoop::run() Line 78 + 0xc bytes C++
WebKit.dll!WebKit::WebProcessMain(const WebKit::CommandLine & commandLine={...}) Line 82 C++
WebKit.dll!WebKitMain(const WebKit::CommandLine & commandLine={...}) Line 48 + 0x9 bytes C++
WebKit.dll!WebKitMain(HINSTANCE__ * hInstance=0x00400000, HINSTANCE__ * hPrevInstance=0x00000000, wchar_t * lpstrCmdLine=0x0002114c, int nCmdShow=10) Line 172 + 0x9 bytes C++
WebKit2WebProcess.exe!wWinMain(HINSTANCE__ * hInstance=0x00400000, HINSTANCE__ * hPrevInstance=0x00000000, wchar_t * lpstrCmdLine=0x0002114c, int nCmdShow=10) Line 66 + 0x18 bytes C++
WebKit2WebProcess.exe!__tmainCRTStartup() Line 589 + 0x1c bytes C
kernel32.dll!_BaseProcessStart at 4() + 0x23 bytes
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list