[Webkit-unassigned] [Bug 120246] New: REGRESSION(r154498): Crashes on EFL, GTK, Qt on release configurations

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Sat Aug 24 02:36:18 PDT 2013


https://bugs.webkit.org/show_bug.cgi?id=120246

           Summary: REGRESSION(r154498): Crashes on EFL, GTK, Qt on
                    release configurations
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: Unspecified
        OS/Version: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebKit Gtk
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: zandobersek at gmail.com
                CC: oliver at apple.com, barraclough at apple.com,
                    ossy at webkit.org, cgarcia at igalia.com,
                    zarvai at inf.u-szeged.hu, kadam at inf.u-szeged.hu,
                    dchris at gmail.com


Crashes are occurring when running JSC and layout tests on the EFL, GTK and Qt ports after r154498.
http://trac.webkit.org/changeset/154498

http://build.webkit.org/builders/GTK%20Linux%2064-bit%20Release/builds/40093
http://build.webkit.org/builders/EFL%20Linux%2064-bit%20Release%20WK1/builds/1428
http://build.webkit.org/builders/Qt%20Linux%20Release/builds/62368

The crashes are occurring only on release builds due to the TcMalloc use being enforced under that configuration. The crashes disappear if ENABLE_GLOBAL_FASTMALLOC_NEW is defined to 1, or if the system malloc is also enforced for the release configuration. All the affected ports set this define to 0 (and so does the AppleWin port, but it doesn't currently build so I can't confirm crashes there).

Disabling the optimizations shows that the crash occurs in WTF::deleteOwnedPtr<WTF::CompressedVector<JSC::ExpressionRangeInfo> >(WTF::CompressedVector<JSC::ExpressionRangeInfo>*), due to the `delete ptr` call. The crash occurs because the pointer was allocated through fastMalloc (in GenericCompressedData::create), but is being freed as if it were allocated by the system malloc on the affected systems. fastFree() should be used instead.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.



More information about the webkit-unassigned mailing list