[Webkit-unassigned] [Bug 98592] New: Crash in WTF::MetaAllocatorHandle::~MetaAllocatorHandle()

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Sat Oct 6 02:09:07 PDT 2012 

https://bugs.webkit.org/show_bug.cgi?id=98592

           Summary: Crash in
                    WTF::MetaAllocatorHandle::~MetaAllocatorHandle()
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: Macintosh Intel
               URL: https://maps.google.com/maps?vector=1
        OS/Version: Mac OS X 10.8
            Status: UNCONFIRMED
          Severity: Normal
          Priority: P2
         Component: JavaScriptCore
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: rex_4539 at yahoo.com


Created an attachment (id=167449)
 --> (https://bugs.webkit.org/attachment.cgi?id=167449&action=review)
Crash log.

r130578

Reproducibility: once

Steps:
1. https://maps.google.com/maps?vector=1
2. Moved the map around with the mouse.

What happened:
2. Crash.

Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0   com.apple.JavaScriptCore          0x000000010cf73289 WTF::MetaAllocatorHandle::~MetaAllocatorHandle() + 25 (Atomics.h:147)
1   com.apple.JavaScriptCore          0x000000010cd540c9 JSC::DFG::JITCompiler::compileFunction(JSC::JITCode&, JSC::MacroAssemblerCodePtr&) + 3113 (RefCounted.h:197)
2   com.apple.JavaScriptCore          0x000000010cd4daae JSC::DFG::compile(JSC::DFG::CompileMode, JSC::ExecState*, JSC::CodeBlock*, JSC::JITCode&, JSC::MacroAssemblerCodePtr*, unsigned int) + 830 (DFGDriver.cpp:155)
3   com.apple.JavaScriptCore          0x000000010cd4d76d JSC::DFG::tryCompileFunction(JSC::ExecState*, JSC::CodeBlock*, JSC::JITCode&, JSC::MacroAssemblerCodePtr&, unsigned int) + 29 (DFGDriver.cpp:173)
4   com.apple.JavaScriptCore          0x000000010cdbbad5 JSC::jitCompileFunctionIfAppropriate(JSC::ExecState*, WTF::OwnPtr<JSC::FunctionCodeBlock>&, JSC::JITCode&, JSC::MacroAssemblerCodePtr&, JSC::WriteBarrier<JSC::SharedSymbolTable>&, JSC::JITCode::JITType, unsigned int, JSC::JITCompilationEffort) + 325 (OwnPtr.h:72)
5   com.apple.JavaScriptCore          0x000000010cdba4af JSC::FunctionExecutable::compileForCallInternal(JSC::ExecState*, JSC::JSScope*, JSC::JITCode::JITType, unsigned int) + 287 (ExecutionHarness.h:64)
6   com.apple.JavaScriptCore          0x000000010ce0926d cti_optimize + 237 (JITStubs.cpp:2027)
7   ???                               0x00003b250073a1a4 0 + 65030107406756
8   com.apple.JavaScriptCore          0x000000010cdc9c22 JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 994 (JSValueInlineMethods.h:371)
9   com.apple.JavaScriptCore          0x000000010cd15225 JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 69 (CallData.cpp:39)
10  com.apple.JavaScriptCore          0x000000010ce17038 JSC::boundFunctionCall(JSC::ExecState*) + 504 (JSBoundFunction.cpp:56)
11  ???                               0x00003b2500001265 0 + 65030099833445
12  com.apple.JavaScriptCore          0x000000010cdc9c22 JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 994 (JSValueInlineMethods.h:371)
13  com.apple.JavaScriptCore          0x000000010cd15225 JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 69 (CallData.cpp:39)
14  com.apple.JavaScriptCore          0x000000010ce17038 JSC::boundFunctionCall(JSC::ExecState*) + 504 (JSBoundFunction.cpp:56)
15  ???                               0x00003b2500001265 0 + 65030099833445
16  com.apple.JavaScriptCore          0x000000010cdc9c22 JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 994 (JSValueInlineMethods.h:371)
17  com.apple.JavaScriptCore          0x000000010cd15225 JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 69 (CallData.cpp:39)
18  com.apple.WebCore                 0x000000010d70a69f WebCore::JSMainThreadExecState::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 143 (JSMainThreadExecState.h:56)
19  com.apple.WebCore                 0x000000010d7c540e WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext*, WebCore::Event*) + 894 (JSEventListener.cpp:126)
20  com.apple.WebCore                 0x000000010d4b05a4 WebCore::EventTarget::fireEventListeners(WebCore::Event*, WebCore::EventTargetData*, WTF::Vector<WebCore::RegisteredEventListener, 1ul>&) + 212 (InspectorInstrumentation.h:254)
21  com.apple.WebCore                 0x000000010d4b04a2 WebCore::EventTarget::fireEventListeners(WebCore::Event*) + 66 (Event.h:139)
22  com.apple.WebCore                 0x000000010de787d9 WebCore::WindowEventContext::handleLocalEvents(WebCore::Event*) + 89 (WindowEventContext.cpp:60)
23  com.apple.WebCore                 0x000000010d49c678 WebCore::EventDispatcher::dispatchEvent(WTF::PassRefPtr<WebCore::Event>) + 1016 (EventDispatcher.cpp:329)
24  com.apple.WebCore                 0x000000010da68a98 WebCore::MouseEventDispatchMediator::dispatchEvent(WebCore::EventDispatcher*) const + 168 (PassRefPtr.h:68)
25  com.apple.WebCore                 0x000000010d49ae82 WebCore::EventDispatcher::dispatchEvent(WebCore::Node*, WTF::PassRefPtr<WebCore::EventDispatchMediator>) + 130 (EventDispatcher.cpp:129)
26  com.apple.WebCore                 0x000000010da7c0dc WebCore::Node::dispatchMouseEvent(WebCore::PlatformMouseEvent const&, WTF::AtomicString const&, int, WebCore::Node*) + 124 (Node.cpp:2621)
27  com.apple.WebCore                 0x000000010d4a2fbc WebCore::EventHandler::dispatchMouseEvent(WTF::AtomicString const&, WebCore::Node*, bool, int, WebCore::PlatformMouseEvent const&, bool) + 108 (EventHandler.cpp:2281)
28  com.apple.WebCore                 0x000000010d4a48f4 WebCore::EventHandler::handleMouseReleaseEvent(WebCore::PlatformMouseEvent const&) + 852 (EventHandler.cpp:1889)
29  com.apple.WebKit2                 0x000000010c87fcce WebKit::handleMouseEvent(WebKit::WebMouseEvent const&, WebKit::WebPage*, bool) + 429 (WebPage.cpp:1370)
30  com.apple.WebKit2                 0x000000010c87faf3 WebKit::WebPage::mouseEvent(WebKit::WebMouseEvent const&) + 127 (WebPage.cpp:1308)
31  com.apple.WebKit2                 0x000000010c88c87f void CoreIPC::handleMessage<Messages::WebPage::MouseEvent, WebKit::WebPage, void (WebKit::WebPage::*)(WebKit::WebMouseEvent const&)>(CoreIPC::ArgumentDecoder*, WebKit::WebPage*, void (WebKit::WebPage::*)(WebKit::WebMouseEvent const&)) + 83 (HandleMessage.h:303)
32  com.apple.WebKit2                 0x000000010c843c14 WebKit::WebConnectionToUIProcess::didReceiveMessage(CoreIPC::Connection*, CoreIPC::MessageID, CoreIPC::ArgumentDecoder*) + 180 (WebConnectionToUIProcess.cpp:88)
33  com.apple.WebKit2                 0x000000010c7dd065 CoreIPC::Connection::dispatchMessage(CoreIPC::Connection::Message<CoreIPC::ArgumentDecoder>&) + 165 (ArgumentDecoder.h:47)
34  com.apple.WebKit2                 0x000000010c7de565 CoreIPC::Connection::dispatchOneMessage() + 139 (Connection.cpp:711)
35  com.apple.WebCore                 0x000000010dc3c239 WebCore::RunLoop::performWork() + 153 (Functional.h:614)
36  com.apple.WebCore                 0x000000010dc3c935 WebCore::RunLoop::performWork(void*) + 53 (RunLoopCF.cpp:67)
37  com.apple.CoreFoundation          0x00007fff8b12b101 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17
38  com.apple.CoreFoundation          0x00007fff8b12aa25 __CFRunLoopDoSources0 + 245
39  com.apple.CoreFoundation          0x00007fff8b14ddc5 __CFRunLoopRun + 789
40  com.apple.CoreFoundation          0x00007fff8b14d6b2 CFRunLoopRunSpecific + 290
41  com.apple.HIToolbox               0x00007fff934420a4 RunCurrentEventLoopInMode + 209
42  com.apple.HIToolbox               0x00007fff93441e42 ReceiveNextEventCommon + 356
43  com.apple.HIToolbox               0x00007fff93441cd3 BlockUntilNextEventMatchingListInMode + 62
44  com.apple.AppKit                  0x00007fff91908613 _DPSNextEvent + 685
45  com.apple.AppKit                  0x00007fff91907ed2 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 128
46  com.apple.AppKit                  0x00007fff918ff283 -[NSApplication run] + 517
47  com.apple.WebCore                 0x000000010dc3cf13 WebCore::RunLoop::run() + 67 (RunLoopMac.mm:36)
48  com.apple.WebKit2                 0x000000010c8c6487 WebKit::WebProcessMain(WebKit::CommandLine const&) + 3888 (WebProcessMainMac.mm:190)
49  com.apple.WebKit2                 0x000000010c8739cb WebKitMain + 311 (WebKitMain.cpp:50)
50  com.apple.WebProcess              0x000000010c799e7b main + 214 (MainMacProcess.cpp:69)
51  libdyld.dylib                     0x00007fff881c47e1 start + 1

Expected result:
2. WebKit does not crash.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list