[Webkit-unassigned] [Bug 209847] [WinCairo][WK2] random crashes by 0xC0000374 (STATUS_HEAP_CORRUPTION) in UI process
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Apr 9 14:45:20 PDT 2020
https://bugs.webkit.org/show_bug.cgi?id=209847
--- Comment #15 from Fujii Hironori <Hironori.Fujii at sony.com> ---
Created attachment 396013
--> https://bugs.webkit.org/attachment.cgi?id=396013&action=review
[Patch] Adding HeapValidate
I added HeapValidate(GetProcessHeap(), 0, nullptr) in TestController::clearIndexedDatabases before and after WKWebsiteDataStoreRemoveAllIndexedDatabases.
The first HeapValidate doesn't crash, but the second crashs.
So, WKWebsiteDataStoreRemoveAllIndexedDatabases seems the culprit.
Surprisingly, stopping calling WKWebsiteDataStoreRemoveAllIndexedDatabases doesn't solve the head corruption crashes.
After stopping calling WKWebsiteDataStoreRemoveAllIndexedDatabases, most crashes happens in WebKit::BackingStore::incorporateUpdate.
https://gist.github.com/fujii/78afed5686d6e48d8b42a2fdf9e6295e
My current hypothesis are:
1. There are several threading issues in WKWebsiteDataStoreRemoveAllIndexedDatabases and WebKit::BackingStore::incorporateUpdate and more.
2. There is a threading issue in thread primitive or fundamental part.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20200409/0d018334/attachment.htm>
More information about the webkit-unassigned
mailing list