[Webkit-unassigned] [Bug 108815] New: [QT4] JSC a oversize block related crash
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Feb 4 04:21:46 PST 2013
https://bugs.webkit.org/show_bug.cgi?id=108815
Summary: [QT4] JSC a oversize block related crash
Product: WebKit
Version: 528+ (Nightly build)
Platform: PC
OS/Version: Linux
Status: UNCONFIRMED
Severity: Normal
Priority: P2
Component: JavaScriptCore
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: honda at math.sci.hokudai.ac.jp
When accessing a gmail web site, sooner or later, qtwebkit 2.3 related browsers (quppzila, arora, etc) crash.
Gdb said that this crash occurs in the following path:
SlotVisitor::copyLater()
m_shared.m_copiedSpace->pin(CopiedSpace::oversizeBlockFor(ptr))
CopiedBlock::pin()
m_workList.clear() HERE!!.
Clearly memory corruptions happened in oversized blocks beofore clear() deallocation.
After some investigation, I found that the change set 138067 clearly explains its cause, and
the change sets 137961 and 138067 resolve the issue completely.
Taking the importance of these change sets into account, they are better to be included
in the current qtwebkit 2.3.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list