[Webkit-unassigned] [Bug 121972] testapi test crashes on Windows in WTF::Vector<wchar_t, 64, WTF::UnsafeVectorOverflow>::size()
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Dec 3 13:45:14 PST 2013
https://bugs.webkit.org/show_bug.cgi?id=121972
--- Comment #13 from Mark Lam <mark.lam at apple.com> 2013-12-03 13:43:34 PST ---
(In reply to comment #9)
> The reason for the crash is that the wrong memory block is decommitted.
> This can happen if no memory has been committed in the reserved block before the JSStack object is destroyed.
> In the JSStack destructor, the pointer to decommit then points to the end of the block (or the start of the next), and the decommit size is zero.
> If there is a block just after the block we are trying to decommit, this block will be decommitted, since Windows will decommit the whole block,
> if the decommit size is zero (see VirtualFree). When somebody tries to read/write to this block later, we crash.
Nice catch. However, I think the better fix would be to make OSAllocator::decommit() handle a 0 size as one would expect i.e. do nothing. The behavior of Window's VirtualFree() in terms of its interpretation of what a 0 size means is not intuitive. I'll look into fixing this in separate patch + bug. Fixing the interpretation of size 0 in OSAllocator will also help avoid future surprises like this from manifesting.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list