[Webkit-unassigned] [Bug 138749] New: Crash under WebCore::TimerBase::heapDeleteMin()

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri Nov 14 11:36:24 PST 2014 

https://bugs.webkit.org/show_bug.cgi?id=138749

            Bug ID: 138749
           Summary: Crash under WebCore::TimerBase::heapDeleteMin()
    Classification: Unclassified
           Product: WebKit
           Version: 528+ (Nightly build)
          Hardware: iOS
                OS: iOS 8.1
            Status: NEW
          Severity: Major
          Priority: P2
         Component: WebCore Misc.
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: stuartmorgan at chromium.org

A significant number of UIWebView crashes in Chrome for iOS look like this:

Thread 18 CRASHED [EXC_BAD_ACCESS / KERN_INVALID_ADDRESS @ 0x10000000000000000] MAGIC SIGNATURE THREAD
0x00000001936dd1b0    [WebCore + 0x000291b0 ]    void std::__1::__push_heap_front<WebCore::TimerHeapLessThanFunction&, WebCore::TimerHeapIterator>(WebCore::TimerHeapIterator, WebCore::TimerHeapIterator, WebCore::TimerHeapLessThanFunction&, std::__1::iterator_traits<WebCore::TimerHeapIterator>::difference_type)
0x00000001936dd0c4    [WebCore + 0x000290c4 ]    WebCore::TimerBase::heapDeleteMin()
0x00000001936dcf50    [WebCore + 0x00028f50 ]    WebCore::ThreadTimers::sharedTimerFiredInternal()
0x00000001936dcec0    [WebCore + 0x00028ec0 ]    WebCore::timerFired(__CFRunLoopTimer*, void*)
0x0000000185c91fd0    [CoreFoundation + 0x000ddfd0 ]    __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__
0x0000000185c91c80    [CoreFoundation + 0x000ddc80 ]    __CFRunLoopDoTimer
0x0000000185c8f6cc    [CoreFoundation + 0x000db6cc ]    __CFRunLoopRun
0x0000000185bbd1f0    [CoreFoundation + 0x000091f0 ]    CFRunLoopRunSpecific
0x0000000193763fe8    [WebCore + 0x000affe8 ]    RunWebThread(void*)
0x0000000196befe7c    [libsystem_pthread.dylib + 0x00003e7c ]    _pthread_body
0x0000000196befdd8    [libsystem_pthread.dylib + 0x00003dd8 ]    _pthread_start
0x0000000196becfac    [libsystem_pthread.dylib + 0x00000fac ]    thread_start

Unfortunately these are coming from automated reports, and we don't have repro steps. Is there any information we could gather from aggregated reports that could help pinpoint this?

Note that this is also filed as rdar//16068939

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20141114/2f1e2b45/attachment-0002.html>

More information about the webkit-unassigned mailing list