[Webkit-unassigned] [Bug 209847] [WinCairo][WK2] random crashes by 0xC0000374 (STATUS_HEAP_CORRUPTION) in UI process
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Sun Apr 12 17:51:34 PDT 2020
https://bugs.webkit.org/show_bug.cgi?id=209847
--- Comment #18 from Fujii Hironori <Hironori.Fujii at sony.com> ---
(In reply to Fujii Hironori from comment #15)
> Created attachment 396013 [details]
> [Patch] Adding HeapValidate
>
> I added HeapValidate(GetProcessHeap(), 0, nullptr) in
> TestController::clearIndexedDatabases before and after
> WKWebsiteDataStoreRemoveAllIndexedDatabases.
> The first HeapValidate doesn't crash, but the second crashs.
> So, WKWebsiteDataStoreRemoveAllIndexedDatabases seems the culprit.
>
> Surprisingly, stopping calling WKWebsiteDataStoreRemoveAllIndexedDatabases
> doesn't solve the head corruption crashes.
> After stopping calling WKWebsiteDataStoreRemoveAllIndexedDatabases, most
> crashes happens in WebKit::BackingStore::incorporateUpdate.
> https://gist.github.com/fujii/78afed5686d6e48d8b42a2fdf9e6295e
>
> My current hypothesis are:
>
> 1. There are several threading issues in
> WKWebsiteDataStoreRemoveAllIndexedDatabases and
> WebKit::BackingStore::incorporateUpdate and more.
> 2. There is a threading issue in thread primitive or fundamental part.
It turned out these ideas were wrong.
The crashes happen by running the run loop.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20200413/6dafb96f/attachment-0001.htm>
More information about the webkit-unassigned
mailing list