[Webkit-unassigned] [Bug 202045] New: bmalloc::IsoAllocator<bmalloc:: IsoConfig<>>:allocateSlow(bool) Crash on iOS 12.4 and newer OS
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Sep 20 05:56:38 PDT 2019
https://bugs.webkit.org/show_bug.cgi?id=202045
Bug ID: 202045
Summary: bmalloc::IsoAllocator<bmalloc::
IsoConfig<>>:allocateSlow(bool) Crash on iOS 12.4 and
newer OS
Product: WebKit
Version: Other
Hardware: Unspecified
OS: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: bmalloc
Assignee: webkit-unassigned at lists.webkit.org
Reporter: ljin.zq at gmail.com
CC: ggaren at apple.com
1. create a UIWebView
2. access a big document webpage ,such as https://www.5554443.com
It will crash soon.
It seems it can not allocate memory, but at iOS 12.0 it works great.
Could you tell me what's the reason?
Did WebCore's memory allocate has been modified ?
Many devloper talk about this:
https://forums.developer.apple.com/thread/121480
Callstack:
0 WebCore 0x19d5ec330 bmalloc::IsoAllocator<bmalloc::IsoConfig<96u> >::allocateSlow(bool) + 252
1 WebCore 0x19d5ea594 WebCore::Attr::create(WebCore::Element&, WebCore::QualifiedName const&) + 256
2 WebCore 0x19d657c94 WebCore::Element::ensureAttr(WebCore::QualifiedName const&) + 140
3 WebCore 0x19d681740 WebCore::NamedNodeMap::item(unsigned int) const + 152
4 WebCore 0x19cef9a28 WebCore::JSNamedNodeMap::getOwnPropertySlotByIndex(JSC::JSObject*, JSC::ExecState*, unsigned int, JSC::PropertySlot&) + 140
5 JavaScriptCore 0x19ba71ad0 llint_slow_path_get_by_val + 5312
6 JavaScriptCore 0x19b48e5cc llint_entry + 34380
7 JavaScriptCore 0x19b49a304 llint_entry + 82820
8 JavaScriptCore 0x19b49a304 llint_entry + 82820
9 JavaScriptCore 0x19b49a304 llint_entry + 82820
10 JavaScriptCore 0x19b49a3a4 llint_entry + 82980
11 JavaScriptCore 0x19b485cec vmEntryToJavaScript + 268
12 JavaScriptCore 0x19b9b74d0 JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 424
13 JavaScriptCore 0x19bb9968c JSC::profiledCall(JSC::ExecState*, JSC::ProfilingReason, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, ***::NakedPtr<JSC::Exception>&) + 200
14 WebCore 0x19d3d7acc WebCore::JSExecState::profiledCall(JSC::ExecState*, JSC::ProfilingReason, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, ***::NakedPtr<JSC::Exception>&) + 140
15 WebCore 0x19d406a50 WebCore::ScheduledAction::executeFunctionInContext(JSC::JSGlobalObject*, JSC::JSValue, WebCore::ScriptExecutionContext&) + 424
16 WebCore 0x19d4066d4 WebCore::ScheduledAction::execute(WebCore::Document&) + 144
17 WebCore 0x19da67b20 WebCore::DOMTimer::fired() + 816
18 WebCore 0x19db565bc WebCore::ThreadTimers::sharedTimerFiredInternal() + 216
19 WebCore 0x19db76608 WebCore::timerFired(__CFRunLoopTimer*, void*) + 28
20 CoreFoundation 0x194074d60 __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__ + 28
21 CoreFoundation 0x194074a90 __CFRunLoopDoTimer + 864
22 CoreFoundation 0x1940742c4 __CFRunLoopDoTimers + 248
23 CoreFoundation 0x19406f214 __CFRunLoopRun + 1844
24 CoreFoundation 0x19406e7c0 CFRunLoopRunSpecific + 436
25 WebCore 0x19cd61fc4 RunWebThread(void*) + 600
26 libsystem_pthread.dylib 0x193d012c0 _pthread_body + 128
27 libsystem_pthread.dylib 0x193d01220 _pthread_start + 44
28 libsystem_pthread.dylib 0x193d04cdc thread_start + 4
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20190920/1253834d/attachment-0001.html>
More information about the webkit-unassigned
mailing list