[Webkit-unassigned] [Bug 146598] New: Bmalloc: Crash on 32-bit Linux at bmalloc::Heap::allocateLarge() -> bmalloc::VMHeap::grow() .

[bugzilla-daemon at webkit.org]

https://bugs.webkit.org/show_bug.cgi?id=146598

            Bug ID: 146598
           Summary: Bmalloc: Crash on 32-bit Linux at
                    bmalloc::Heap::allocateLarge() ->
                    bmalloc::VMHeap::grow() .
    Classification: Unclassified
           Product: WebKit
           Version: 528+ (Nightly build)
          Hardware: Unspecified
                OS: Linux
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: New Bugs
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: clopez at igalia.com
                CC: cgarcia at igalia.com, ggaren at apple.com, mario at webkit.org

Steps to reproduce the crash:

1. Build WebKitGTK+ on 32-bit Linux (I tested this with i686 and ARM builds, both are affected).

2. Open a Web page that tries to allocate a fairly amount of ram.

# For example use the test case of bug 146205 that allocates near 3GB (with the GTK port at least)
$ WebKitBuild/Release/bin/MiniBrowser http://people.igalia.com/clopez/apngmem/withapng.html

Result: The WebProcess crashes.



3. Now repeat the same but disabling bmalloc at runtime (by setting the env var Malloc=1)

$ Malloc=1 WebKitBuild/Release/bin/MiniBrowser http://people.igalia.com/clopez/apngmem/withapng.html

Now it don't crashes.


This is a different than bug 146440 because I tried the workaround of disabling the GCC tree-sra optimization but it didn't helped.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20150703/abfdcd4e/attachment.html>