[Webkit-unassigned] [Bug 108815] New: [QT4] JSC a oversize block related crash

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Feb 4 04:21:46 PST 2013


           Summary: [QT4] JSC a oversize block related crash
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: PC
        OS/Version: Linux
            Status: UNCONFIRMED
          Severity: Normal
          Priority: P2
         Component: JavaScriptCore
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: honda at math.sci.hokudai.ac.jp

When accessing a gmail web site, sooner or later,  qtwebkit 2.3 related browsers (quppzila, arora, etc) crash.
Gdb said that this crash occurs in the following path:

m_workList.clear() HERE!!.

Clearly memory corruptions happened in oversized blocks beofore clear() deallocation.
After some investigation, I found that the change set 138067 clearly explains its cause, and
the change sets 137961 and 138067 resolve the issue completely.

Taking the importance of these change sets into account, they are better to be included
in the current qtwebkit 2.3.

Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list