[Webkit-unassigned] [Bug 121972] testapi test crashes on Windows in WTF::Vector<wchar_t, 64, WTF::UnsafeVectorOverflow>::size()
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Dec 3 09:09:15 PST 2013
https://bugs.webkit.org/show_bug.cgi?id=121972
--- Comment #12 from Brent Fulgham <bfulgham at webkit.org> 2013-12-03 09:07:34 PST ---
(In reply to comment #9)
> The reason for the crash is that the wrong memory block is decommitted.
> This can happen if no memory has been committed in the reserved block before the JSStack object is destroyed.
> In the JSStack destructor, the pointer to decommit then points to the end of the block (or the start of the next), and the decommit size is zero.
> If there is a block just after the block we are trying to decommit, this block will be decommitted, since Windows will decommit the whole block,
> if the decommit size is zero (see VirtualFree). When somebody tries to read/write to this block later, we crash.
Nice work!
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list