[Webkit-unassigned] [Bug 198320] New: [curl] Heap corruption in ~CurlResponse

[bugzilla-daemon at webkit.org]

https://bugs.webkit.org/show_bug.cgi?id=198320

            Bug ID: 198320
           Summary: [curl] Heap corruption in ~CurlResponse
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: Platform
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: Hironori.Fujii at sony.com

[curl] Heap corruption in ~CurlResponse

I run run-webkit-tests with WinCairo port Debug builds of trunk at 245803.

> python ./Tools/Scripts/run-webkit-tests --debug  --wincairo --no-new-test-results --dump-render-tree

Some tests are crashing flaky with a following callstack.

STACK_TEXT:  
> 00007fff`26e12848 00007fff`26d4ecb1 ntdll!RtlpLogHeapFailure+0x45
> 00007fff`26e12850 00007fff`26d5ce22 ntdll!RtlFreeHeap+0x9a9a2
> 00007fff`26e12858 00007fff`235fc7eb ucrtbase!_free_base+0x1b
> 00007fff`26e12860 00007ffe`f792d924 WTF!WTF::fastFree+0x14
> 00007fff`26e12868 00007ffe`f79fd7cd WTF!WTF::StringImpl::destroy+0x1d
> 00007fff`26e12870 00007ffe`f7914781 WTF!WTF::StringImpl::deref+0x31
> 00007fff`26e12878 00007ffe`f791470f WTF!WTF::derefIfNotNull<WTF::StringImpl>+0x1f
> 00007fff`26e12880 00007ffe`f79145d8 WTF!WTF::RefPtr<WTF::StringImpl,WTF::DumbPtrTraits<WTF::StringImpl> >::~RefPtr+0x38
> 00007fff`26e12888 00007ffe`f79131a3 WTF!WTF::String::~String+0x13
> 00007fff`26e12890 00007ffe`f798b2a3 WTF!WTF::URL::~URL+0x13
> 00007fff`26e12898 00007ffe`e92f14cf WebKit!WebCore::CurlResponse::~CurlResponse+0x3f
> 00007fff`26e128a0 00007ffe`e92f2ac2 WebKit!WebCore::CurlRequest::~CurlRequest+0x72
> 00007fff`26e128a8 00007ffe`e92f1bac WebKit!WebCore::CurlRequest::~CurlRequest+0x2c
> 00007fff`26e128b0 00007ffe`e7984bd1 WebKit!WTF::ThreadSafeRefCounted<WebCore::CurlRequest,WTF::DestructionThread::Any>::deref+0x61
> 00007fff`26e128b8 00007ffe`e92f1b07 WebKit!WebCore::CurlRequest::release+0x17
> 00007fff`26e128c0 00007ffe`ea52d717 WebKit!WebCore::CurlRequestScheduler::finalizeTransfer::<unnamed-tag>::operator+0x17
> 00007fff`26e128c8 00007ffe`ea52d6d7 WebKit!WTF::Detail::CallableWrapper<`lambda at ..\..\Source\WebCore\platform\network\curl\CurlRequestScheduler.cpp:259:26',void>::call+0x17
> 00007fff`26e128d0 00007ffe`f7925380 WTF!WTF::Function<void +0x90
> 00007fff`26e128d8 00007ffe`f7946ba4 WTF!WTF::dispatchFunctionsFromMainThread+0x164
> 00007fff`26e128e0 00007ffe`f7a37d9c WTF!WTF::ThreadingWindowWndProc+0x2c
> 00007fff`26e128e8 00007fff`2492ca66 USER32!UserCallWinProcCheckWow+0x266
> 00007fff`26e128f0 00007fff`2492c582 USER32!DispatchMessageWorker+0x1b2
> 00007fff`26e128f8 00007ffe`f7afd98d DumpRenderTreeLib!runTest+0xd3d
> 00007fff`26e12900 00007ffe`f7afc00a DumpRenderTreeLib!main+0x69a
> 00007fff`26e12908 00007ffe`f7afdebb DumpRenderTreeLib!dllLauncherEntryPoint+0x1b
> 00007fff`26e12910 00007ff7`30911423 DumpRenderTree!main+0x423
> 00007fff`26e12918 00007ff7`30914bc4 DumpRenderTree!__scrt_common_main_seh+0x10c
> 00007fff`26e12920 00007fff`24667974 KERNEL32!BaseThreadInitThunk+0x14
> 00007fff`26e12928 00007fff`26d1a271 ntdll!RtlUserThreadStart+0x21

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20190529/01f328c5/attachment.html>