[Webkit-unassigned] [Bug 143088] New: [WinCairo] Crash when closing window while video is loading
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Mar 26 03:05:54 PDT 2015
https://bugs.webkit.org/show_bug.cgi?id=143088
Bug ID: 143088
Summary: [WinCairo] Crash when closing window while video is
loading
Classification: Unclassified
Product: WebKit
Version: 528+ (Nightly build)
Hardware: PC
OS: Windows 7
Status: NEW
Severity: Normal
Priority: P2
Component: WebCore Misc.
Assignee: webkit-unassigned at lists.webkit.org
Reporter: arcoun at gmail.com
A crash can be easily reproduced when closing a window or leaving a page while the video is still loading (not yet playing).
Test Url can be http://www.quirksmode.org/html5/tests/video.html
Reproduced with WebKit 601.1.24 which include recent related crash fixes:
- Bug 142578 - [WinCairo] Crash when leaving page while video is playing.
- Bug 141248 - [WinCairo] Crash when media player is destroyed.
Also reproduced using WinLauncher, exception analysis (WinDbg) below. Seems to be a double-free.
*******************************************************************************
* *
* Exception Analysis *
* *
*******************************************************************************
FAULTING_IP:
ntdll!RtlReportCriticalFailure+29
77043845 cc int 3
EXCEPTION_RECORD: ffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 77043845 (ntdll!RtlReportCriticalFailure+0x00000029)
ExceptionCode: 80000003 (Break instruction exception)
ExceptionFlags: 00000000
NumberParameters: 3
Parameter[0]: 00000000
Parameter[1]: 84a30030
Parameter[2]: 0012ecc9
CONTEXT: 00000000 -- (.cxr 0x0;r)
eax=00000000 ebx=00000000 ecx=76fa179f edx=0012ecc9 esi=04080000 edi=04086bb8
eip=77043845 esp=0012ef1c ebp=0012ef94 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!RtlReportCriticalFailure+0x29:
77043845 cc int 3
FAULTING_THREAD: 00000e04
PROCESS_NAME: WinLauncher.exe
OVERLAPPED_MODULE: Address regions for 'rgb9rast' and 'vm3dum.dll' overlap
ERROR_CODE: (NTSTATUS) 0x80000003 - {EXCEPTION} Breakpoint A breakpoint has been reached.
EXCEPTION_CODE: (HRESULT) 0x80000003 (2147483651) - One or more arguments are invalid
EXCEPTION_PARAMETER1: 00000000
EXCEPTION_PARAMETER2: 84a30030
EXCEPTION_PARAMETER3: 0012ecc9
NTGLOBALFLAG: 0
APPLICATION_VERIFIER_FLAGS: 0
APP: winlauncher.exe
ANALYSIS_VERSION: 6.3.9600.17298 (debuggers(dbg).141024-1500) x86fre
LAST_CONTROL_TRANSFER: from 770447a3 to 77043845
BUGCHECK_STR: APPLICATION_FAULT_ACTIONABLE_HEAP_CORRUPTION_heap_failure_block_not_busy_DOUBLE_FREE
PRIMARY_PROBLEM_CLASS: ACTIONABLE_HEAP_CORRUPTION_heap_failure_block_not_busy
DEFAULT_BUCKET_ID: ACTIONABLE_HEAP_CORRUPTION_heap_failure_block_not_busy
STACK_TEXT:
7705ce10 76ffddff ntdll!RtlFreeHeap+0x64
7705ce14 75a8c3d4 kernel32!HeapFree+0x14
7705ce18 62d24c1a d3d9!MemFree+0x1b
7705ce1c 62d39e7e d3d9!CEnum::Release+0xe6
7705ce20 6817314d evr!CMonitorArray9::TerminateDisplaySystem+0x1c
7705ce24 68173691 evr!CMFVideoPresenter::~CMFVideoPresenter+0x8f
7705ce28 68172fda evr!CUnknown::NonDelegatingRelease+0x23
7705ce2c 68162d3e evr!CBaseAllocator::Release+0x11
7705ce30 76c14977 oleaut32!VariantClear+0xb9
7705ce34 76aeb8fa ole32!PropVariantClearWorker+0x72
7705ce38 76af3d88 ole32!PropVariantClear+0xf
7705ce3c 624d54e5 mf!MFCreateMP3MediaSink+0x397a
7705ce40 624d8d4f mf!MFCreateTopology+0x254
7705ce44 624d73b2 mf!MFCreateTopologyNode+0x1a15
7705ce48 624d88e6 mf!MFCreateTopologyNode+0x2f49
7705ce4c 624d5228 mf!MFCreateMP3MediaSink+0x36bd
7705ce50 01db690b webkit!WebCore::MediaPlayerPrivateMediaFoundation::~MediaPlayerPrivateMediaFoundation+0x7b
7705ce54 01c427f6 webkit!WebCore::MediaPlayer::~MediaPlayer+0x86
7705ce58 0164c3d5 webkit!WebCore::HTMLMediaElement::clearMediaPlayer+0x25
7705ce5c 0164c275 webkit!WebCore::HTMLMediaElement::userCancelledLoad+0x25
7705ce60 015d7671 webkit!WebCore::Document::prepareForDestruction+0xa1
7705ce64 01a8b276 webkit!WebCore::Frame::createView+0x36
7705ce68 014c80d2 webkit!WebFrameLoaderClient::transitionToCommittedForNewPage+0xb2
7705ce6c 01571bcc webkit!WebCore::FrameLoader::transitionToCommitted+0x1ac
7705ce70 01570295 webkit!WebCore::FrameLoader::commitProvisionalLoad+0x165
7705ce74 01568c9c webkit!WebCore::DocumentLoader::commitLoad+0x3c
7705ce78 01569a6c webkit!WebCore::DocumentLoader::dataReceived+0x7c
7705ce7c 01bad690 webkit!WebCore::CachedRawResource::notifyClientsDataWasReceived+0x40
7705ce80 01bacdfd webkit!WebCore::CachedRawResource::addDataBuffer+0x8d
7705ce84 01b9a639 webkit!WebCore::SubresourceLoader::didReceiveDataOrBuffer+0x89
7705ce88 01b9a210 webkit!WebCore::SubresourceLoader::didReceiveData+0x20
7705ce8c 01565147 webkit!WebCore::ResourceLoader::didReceiveData+0x17
STACK_COMMAND: .ecxr ; kb ; dps 7705ce10 ; kb
FOLLOWUP_IP:
EVR!CMonitorArray9::TerminateDisplaySystem+1c
6817314d 832600 and dword ptr [esi],0
SYMBOL_STACK_INDEX: 4
SYMBOL_NAME: evr!CMonitorArray9::TerminateDisplaySystem+1c
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: EVR
IMAGE_NAME: EVR.dll
DEBUG_FLR_IMAGE_TIMESTAMP: 4ce7b86c
FAILURE_BUCKET_ID: ACTIONABLE_HEAP_CORRUPTION_heap_failure_block_not_busy_80000003_EVR.dll!CMonitorArray9::TerminateDisplaySystem
BUCKET_ID: APPLICATION_FAULT_ACTIONABLE_HEAP_CORRUPTION_heap_failure_block_not_busy_DOUBLE_FREE_evr!CMonitorArray9::TerminateDisplaySystem+1c
ANALYSIS_SOURCE: UM
FAILURE_ID_HASH_STRING: um:actionable_heap_corruption_heap_failure_block_not_busy_80000003_evr.dll!cmonitorarray9::terminatedisplaysystem
FAILURE_ID_HASH: {5042ab70-5cbd-dae5-520a-04daa1b8d317}
Followup: MachineOwner
---------
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20150326/2acd93ae/attachment-0002.html>
More information about the webkit-unassigned
mailing list