[Webkit-unassigned] [Bug 121972] testapi test crashes on Windows in WTF::Vector<wchar_t, 64, WTF::UnsafeVectorOverflow>::size()

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Dec 3 07:47:19 PST 2013


peavo at outlook.com changed:

           What    |Removed                     |Added
                 CC|                            |peavo at outlook.com

--- Comment #9 from peavo at outlook.com  2013-12-03 07:45:39 PST ---
The reason for the crash is that the wrong memory block is decommitted.
This can happen if no memory has been committed in the reserved block before the JSStack object is destroyed.
In the JSStack destructor, the pointer to decommit then points to the end of the block (or the start of the next), and the decommit size is zero.
If there is a block just after the block we are trying to decommit, this block will be decommitted, since Windows will decommit the whole block,
if the decommit size is zero (see VirtualFree). When somebody tries to read/write to this block later, we crash.

Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list