[Webkit-unassigned] [Bug 82882] New: Invalid read from WebKit::DOMObjectCache::clearByFrame
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Apr 2 04:16:39 PDT 2012
https://bugs.webkit.org/show_bug.cgi?id=82882
Summary: Invalid read from WebKit::DOMObjectCache::clearByFrame
Product: WebKit
Version: 528+ (Nightly build)
Platform: Unspecified
OS/Version: Unspecified
Status: UNCONFIRMED
Severity: Normal
Priority: P2
Component: WebKit Gtk
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: mcrha at redhat.com
I run Evolution under valgrind today, and because it adapted WebkitGtk as its mailer renderer, I observed these valgrind warnings (see below). This is with webkitgtk-1.8.0 tarball release.
The first is when opening a message in a separate window in evolution (double click in a message list).
The second is when closing the message window.
==3268== Thread 1:
==3268== Invalid read of size 4
==3268== at 0x7E93DF0: WebKit::DOMObjectCache::clearByFrame(WebCore::Frame*) (in /build/local/lib/libwebkitgtk-3.0.so.0.13.1)
==3268== by 0x83ED832: WebCore::FrameLoader::commitProvisionalLoad() (in /build/local/lib/libwebkitgtk-3.0.so.0.13.1)
==3268== by 0x83D7819: WebCore::DocumentLoader::commitLoad(char const*, int) (in /build/local/lib/libwebkitgtk-3.0.so.0.13.1)
==3268== by 0x841F027: WebCore::ResourceLoader::didReceiveData(char const*, int, long long, bool) (in /build/local/lib/libwebkitgtk-3.0.so.0.13.1)
==3268== by 0x840A4D4: WebCore::MainResourceLoader::didReceiveData(char const*, int, long long, bool) (in /build/local/lib/libwebkitgtk-3.0.so.0.13.1)
==3268== by 0x841E4DD: WebCore::ResourceLoader::didReceiveData(WebCore::ResourceHandle*, char const*, int, int) (in /build/local/lib/libwebkitgtk-3.0.so.0.13.1)
==3268== by 0x8546E19: WebCore::readCallback(_GObject*, _GAsyncResult*, void*) (in /build/local/lib/libwebkitgtk-3.0.so.0.13.1)
==3268== by 0xA3A37F0: async_ready_callback_wrapper (ginputstream.c:470)
==3268== by 0xA3BBB7A: g_simple_async_result_complete (gsimpleasyncresult.c:767)
==3268== by 0xA3BBBAC: complete_in_idle_cb (gsimpleasyncresult.c:779)
==3268== by 0xAD76800: g_idle_dispatch (gmain.c:4634)
==3268== by 0xAD740AA: g_main_dispatch (gmain.c:2515)
==3268== by 0xAD74D6B: g_main_context_dispatch (gmain.c:3052)
==3268== by 0xAD74F4E: g_main_context_iterate (gmain.c:3123)
==3268== by 0xAD75377: g_main_loop_run (gmain.c:3317)
==3268== by 0x39E4F517FC: gtk_main (gtkmain.c:1362)
==3268== by 0x403603: main (main.c:681)
==3268== Address 0x34bfb760 is 16 bytes inside a block of size 24 free'd
==3268== at 0x4A0662E: free (vg_replace_malloc.c:366)
==3268== by 0xAD7C332: standard_free (gmem.c:98)
==3268== by 0xAD7C4F5: g_free (gmem.c:252)
==3268== by 0xAD945D7: g_slice_free1 (gslice.c:1111)
==3268== by 0x7E93FD7: WebKit::DOMObjectCache::forget(void*) (in /build/local/lib/libwebkitgtk-3.0.so.0.13.1)
==3268== by 0x7EE1DA9: webkit_dom_document_finalize(_GObject*) (in /build/local/lib/libwebkitgtk-3.0.so.0.13.1)
==3268== by 0xA8EA32C: g_object_unref (gobject.c:3018)
==3268== by 0x7E93E20: WebKit::DOMObjectCache::clearByFrame(WebCore::Frame*) (in /build/local/lib/libwebkitgtk-3.0.so.0.13.1)
==3268== by 0x83ED832: WebCore::FrameLoader::commitProvisionalLoad() (in /build/local/lib/libwebkitgtk-3.0.so.0.13.1)
==3268== by 0x83D7819: WebCore::DocumentLoader::commitLoad(char const*, int) (in /build/local/lib/libwebkitgtk-3.0.so.0.13.1)
==3268== by 0x841F027: WebCore::ResourceLoader::didReceiveData(char const*, int, long long, bool) (in /build/local/lib/libwebkitgtk-3.0.so.0.13.1)
==3268== by 0x840A4D4: WebCore::MainResourceLoader::didReceiveData(char const*, int, long long, bool) (in /build/local/lib/libwebkitgtk-3.0.so.0.13.1)
==3268== by 0x841E4DD: WebCore::ResourceLoader::didReceiveData(WebCore::ResourceHandle*, char const*, int, int) (in /build/local/lib/libwebkitgtk-3.0.so.0.13.1)
==3268== by 0x8546E19: WebCore::readCallback(_GObject*, _GAsyncResult*, void*) (in /build/local/lib/libwebkitgtk-3.0.so.0.13.1)
==3268== by 0xA3A37F0: async_ready_callback_wrapper (ginputstream.c:470)
==3268== by 0xA3BBB7A: g_simple_async_result_complete (gsimpleasyncresult.c:767)
==3268== by 0xA3BBBAC: complete_in_idle_cb (gsimpleasyncresult.c:779)
==3268== by 0xAD76800: g_idle_dispatch (gmain.c:4634)
==3268== by 0xAD740AA: g_main_dispatch (gmain.c:2515)
==3268== by 0xAD74D6B: g_main_context_dispatch (gmain.c:3052)
==3268== by 0xAD74F4E: g_main_context_iterate (gmain.c:3123)
==3268== by 0xAD75377: g_main_loop_run (gmain.c:3317)
==3268== by 0x39E4F517FC: gtk_main (gtkmain.c:1362)
==3268== by 0x403603: main (main.c:681)
==3268== Invalid read of size 4
==3268== at 0x7E93DF0: WebKit::DOMObjectCache::clearByFrame(WebCore::Frame*) (in /build/local/lib/libwebkitgtk-3.0.so.0.13.1)
==3268== by 0x7EBC301: webkit_web_frame_core_frame_gone (in /build/local/lib/libwebkitgtk-3.0.so.0.13.1)
==3268== by 0x7EA44CC: WebKit::FrameLoaderClient::frameLoaderDestroyed() (in /build/local/lib/libwebkitgtk-3.0.so.0.13.1)
==3268== by 0x83E9B61: WebCore::FrameLoader::~FrameLoader() (in /build/local/lib/libwebkitgtk-3.0.so.0.13.1)
==3268== by 0x8478F3B: WebCore::Frame::~Frame() (in /build/local/lib/libwebkitgtk-3.0.so.0.13.1)
==3268== by 0x84963EB: WebCore::Page::~Page() (in /build/local/lib/libwebkitgtk-3.0.so.0.13.1)
==3268== by 0x7ED1347: webkit_web_view_dispose(_GObject*) (in /build/local/lib/libwebkitgtk-3.0.so.0.13.1)
==3268== by 0x57F8A16: web_view_dispose (e-web-view.c:796)
==3268== by 0x1682BAB6: mail_display_dispose (e-mail-display.c:318)
==3268== by 0xA8E52B9: g_object_run_dispose (gobject.c:1061)
==3268== by 0x39E4FB2E7D: gtk_scrolled_window_forall (gtkscrolledwindow.c:1265)
==3268== by 0x39E4ECE1CA: gtk_container_destroy (gtkcontainer.c:1370)
==3268== by 0xA8E10A3: g_cclosure_marshal_VOID__VOID (gmarshal.c:85)
==3268== by 0xA8DE7C8: g_type_class_meta_marshal (gclosure.c:970)
==3268== by 0xA8DE113: g_closure_invoke (gclosure.c:777)
==3268== by 0xA8FAAE4: signal_emit_unlocked_R (gsignal.c:3663)
==3268== by 0xA8F9966: g_signal_emit_valist (gsignal.c:3296)
==3268== by 0xA8F9EAC: g_signal_emit (gsignal.c:3352)
==3268== by 0x39E50895CD: gtk_widget_dispose (gtkwidget.c:10666)
==3268== by 0xA8E52B9: g_object_run_dispose (gobject.c:1061)
==3268== by 0x39E4E8B923: gtk_box_forall (gtkbox.c:1856)
==3268== by 0x39E4ECE1CA: gtk_container_destroy (gtkcontainer.c:1370)
==3268== by 0xA8E10A3: g_cclosure_marshal_VOID__VOID (gmarshal.c:85)
==3268== by 0xA8DE7C8: g_type_class_meta_marshal (gclosure.c:970)
==3268== by 0xA8DE113: g_closure_invoke (gclosure.c:777)
==3268== by 0xA8FAAE4: signal_emit_unlocked_R (gsignal.c:3663)
==3268== by 0xA8F9966: g_signal_emit_valist (gsignal.c:3296)
==3268== by 0xA8F9EAC: g_signal_emit (gsignal.c:3352)
==3268== by 0x39E50895CD: gtk_widget_dispose (gtkwidget.c:10666)
==3268== by 0x57E6783: preview_pane_dispose (e-preview-pane.c:143)
==3268== by 0xA8E52B9: g_object_run_dispose (gobject.c:1061)
==3268== by 0x39E4E8B923: gtk_box_forall (gtkbox.c:1856)
==3268== by 0x39E4ECE1CA: gtk_container_destroy (gtkcontainer.c:1370)
==3268== by 0xA8E10A3: g_cclosure_marshal_VOID__VOID (gmarshal.c:85)
==3268== by 0xA8DE7C8: g_type_class_meta_marshal (gclosure.c:970)
==3268== by 0xA8DE113: g_closure_invoke (gclosure.c:777)
==3268== by 0xA8FAAE4: signal_emit_unlocked_R (gsignal.c:3663)
==3268== by 0xA8F9966: g_signal_emit_valist (gsignal.c:3296)
==3268== by 0xA8F9EAC: g_signal_emit (gsignal.c:3352)
==3268== by 0x39E50895CD: gtk_widget_dispose (gtkwidget.c:10666)
==3268== by 0xA8E52B9: g_object_run_dispose (gobject.c:1061)
==3268== by 0x39E4ECE1CA: gtk_container_destroy (gtkcontainer.c:1370)
==3268== by 0xA8E10A3: g_cclosure_marshal_VOID__VOID (gmarshal.c:85)
==3268== by 0xA8DE7C8: g_type_class_meta_marshal (gclosure.c:970)
==3268== by 0xA8DE113: g_closure_invoke (gclosure.c:777)
==3268== by 0xA8FAAE4: signal_emit_unlocked_R (gsignal.c:3663)
==3268== by 0xA8F9966: g_signal_emit_valist (gsignal.c:3296)
==3268== by 0xA8F9EAC: g_signal_emit (gsignal.c:3352)
==3268== by 0x39E50895CD: gtk_widget_dispose (gtkwidget.c:10666)
==3268== by 0x16829FAD: mail_browser_dispose (e-mail-browser.c:533)
==3268== Address 0x1bebfa10 is 16 bytes inside a block of size 24 free'd
==3268== at 0x4A0662E: free (vg_replace_malloc.c:366)
==3268== by 0xAD7C332: standard_free (gmem.c:98)
==3268== by 0xAD7C4F5: g_free (gmem.c:252)
==3268== by 0xAD945D7: g_slice_free1 (gslice.c:1111)
==3268== by 0x7E93FD7: WebKit::DOMObjectCache::forget(void*) (in /build/local/lib/libwebkitgtk-3.0.so.0.13.1)
==3268== by 0x7EE1DA9: webkit_dom_document_finalize(_GObject*) (in /build/local/lib/libwebkitgtk-3.0.so.0.13.1)
==3268== by 0xA8EA32C: g_object_unref (gobject.c:3018)
==3268== by 0x7E93E20: WebKit::DOMObjectCache::clearByFrame(WebCore::Frame*) (in /build/local/lib/libwebkitgtk-3.0.so.0.13.1)
==3268== by 0x7EBC301: webkit_web_frame_core_frame_gone (in /build/local/lib/libwebkitgtk-3.0.so.0.13.1)
==3268== by 0x7EA44CC: WebKit::FrameLoaderClient::frameLoaderDestroyed() (in /build/local/lib/libwebkitgtk-3.0.so.0.13.1)
==3268== by 0x83E9B61: WebCore::FrameLoader::~FrameLoader() (in /build/local/lib/libwebkitgtk-3.0.so.0.13.1)
==3268== by 0x8478F3B: WebCore::Frame::~Frame() (in /build/local/lib/libwebkitgtk-3.0.so.0.13.1)
==3268== by 0x84963EB: WebCore::Page::~Page() (in /build/local/lib/libwebkitgtk-3.0.so.0.13.1)
==3268== by 0x7ED1347: webkit_web_view_dispose(_GObject*) (in /build/local/lib/libwebkitgtk-3.0.so.0.13.1)
==3268== by 0x57F8A16: web_view_dispose (e-web-view.c:796)
==3268== by 0x1682BAB6: mail_display_dispose (e-mail-display.c:318)
==3268== by 0xA8E52B9: g_object_run_dispose (gobject.c:1061)
==3268== by 0x39E4FB2E7D: gtk_scrolled_window_forall (gtkscrolledwindow.c:1265)
==3268== by 0x39E4ECE1CA: gtk_container_destroy (gtkcontainer.c:1370)
==3268== by 0xA8E10A3: g_cclosure_marshal_VOID__VOID (gmarshal.c:85)
==3268== by 0xA8DE7C8: g_type_class_meta_marshal (gclosure.c:970)
==3268== by 0xA8DE113: g_closure_invoke (gclosure.c:777)
==3268== by 0xA8FAAE4: signal_emit_unlocked_R (gsignal.c:3663)
==3268== by 0xA8F9966: g_signal_emit_valist (gsignal.c:3296)
==3268== by 0xA8F9EAC: g_signal_emit (gsignal.c:3352)
==3268== by 0x39E50895CD: gtk_widget_dispose (gtkwidget.c:10666)
==3268== by 0xA8E52B9: g_object_run_dispose (gobject.c:1061)
==3268== by 0x39E4E8B923: gtk_box_forall (gtkbox.c:1856)
==3268== by 0x39E4ECE1CA: gtk_container_destroy (gtkcontainer.c:1370)
==3268== by 0xA8E10A3: g_cclosure_marshal_VOID__VOID (gmarshal.c:85)
==3268== by 0xA8DE7C8: g_type_class_meta_marshal (gclosure.c:970)
==3268== by 0xA8DE113: g_closure_invoke (gclosure.c:777)
==3268== by 0xA8FAAE4: signal_emit_unlocked_R (gsignal.c:3663)
==3268== by 0xA8F9966: g_signal_emit_valist (gsignal.c:3296)
==3268== by 0xA8F9EAC: g_signal_emit (gsignal.c:3352)
==3268== by 0x39E50895CD: gtk_widget_dispose (gtkwidget.c:10666)
==3268== by 0x57E6783: preview_pane_dispose (e-preview-pane.c:143)
==3268== by 0xA8E52B9: g_object_run_dispose (gobject.c:1061)
==3268== by 0x39E4E8B923: gtk_box_forall (gtkbox.c:1856)
==3268== by 0x39E4ECE1CA: gtk_container_destroy (gtkcontainer.c:1370)
==3268== by 0xA8E10A3: g_cclosure_marshal_VOID__VOID (gmarshal.c:85)
==3268== by 0xA8DE7C8: g_type_class_meta_marshal (gclosure.c:970)
==3268== by 0xA8DE113: g_closure_invoke (gclosure.c:777)
==3268== by 0xA8FAAE4: signal_emit_unlocked_R (gsignal.c:3663)
==3268== by 0xA8F9966: g_signal_emit_valist (gsignal.c:3296)
==3268== by 0xA8F9EAC: g_signal_emit (gsignal.c:3352)
==3268== by 0x39E50895CD: gtk_widget_dispose (gtkwidget.c:10666)
==3268== by 0xA8E52B9: g_object_run_dispose (gobject.c:1061)
==3268== by 0x39E4ECE1CA: gtk_container_destroy (gtkcontainer.c:1370)
==3268== by 0xA8E10A3: g_cclosure_marshal_VOID__VOID (gmarshal.c:85)
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list