<html>

    <head>

      <base href="https://bugs.webkit.org/" />

    </head>

    <body><table border="1" cellspacing="0" cellpadding="8">

        <tr>

          <th>Bug ID</th>

          <td><a class="bz_bug_link 

          bz_status_NEW "

   title="NEW - Bmalloc: Crash on 32-bit Linux at bmalloc::Heap::allocateLarge() -&gt; bmalloc::VMHeap::grow() ."

   href="https://bugs.webkit.org/show_bug.cgi?id=146598">146598</a>

          </td>

        </tr>

        <tr>

          <th>Summary</th>

          <td>Bmalloc: Crash on 32-bit Linux at bmalloc::Heap::allocateLarge() -&gt; bmalloc::VMHeap::grow() .

          </td>

        </tr>

        <tr>

          <th>Classification</th>

          <td>Unclassified

          </td>

        </tr>

        <tr>

          <th>Product</th>

          <td>WebKit

          </td>

        </tr>

        <tr>

          <th>Version</th>

          <td>528+ (Nightly build)

          </td>

        </tr>

        <tr>

          <th>Hardware</th>

          <td>Unspecified

          </td>

        </tr>

        <tr>

          <th>OS</th>

          <td>Linux

          </td>

        </tr>

        <tr>

          <th>Status</th>

          <td>NEW

          </td>

        </tr>

        <tr>

          <th>Severity</th>

          <td>Normal

          </td>

        </tr>

        <tr>

          <th>Priority</th>

          <td>P2

          </td>

        </tr>

        <tr>

          <th>Component</th>

          <td>New Bugs

          </td>

        </tr>

        <tr>

          <th>Assignee</th>

          <td>webkit-unassigned&#64;lists.webkit.org

          </td>

        </tr>

        <tr>

          <th>Reporter</th>

          <td>clopez&#64;igalia.com

          </td>

        </tr>

        <tr>

          <th>CC</th>

          <td>cgarcia&#64;igalia.com, ggaren&#64;apple.com, mario&#64;webkit.org

          </td>

        </tr></table>

      <p>

        <div>

        <pre>Steps to reproduce the crash:

1. Build WebKitGTK+ on 32-bit Linux (I tested this with i686 and ARM builds, both are affected).

2. Open a Web page that tries to allocate a fairly amount of ram.

# For example use the test case of <a class="bz_bug_link 

          bz_status_NEW "

   title="NEW - Decoding of animated PNG (APNG) is not optimized for memory usage."

   href="show_bug.cgi?id=146205">bug 146205</a> that allocates near 3GB (with the GTK port at least)

$ WebKitBuild/Release/bin/MiniBrowser <a href="http://people.igalia.com/clopez/apngmem/withapng.html">http://people.igalia.com/clopez/apngmem/withapng.html</a>

Result: The WebProcess crashes.

3. Now repeat the same but disabling bmalloc at runtime (by setting the env var Malloc=1)

$ Malloc=1 WebKitBuild/Release/bin/MiniBrowser <a href="http://people.igalia.com/clopez/apngmem/withapng.html">http://people.igalia.com/clopez/apngmem/withapng.html</a>

Now it don't crashes.

This is a different than <a class="bz_bug_link 

          bz_status_NEW "

   title="NEW - Crash on xLarge memory allocation using bmalloc on 32bit systems"

   href="show_bug.cgi?id=146440">bug 146440</a> because I tried the workaround of disabling the GCC tree-sra optimization but it didn't helped.</pre>

        </div>

      </p>

      <hr>

      <span>You are receiving this mail because:</span>

      <ul>

          <li>You are the assignee for the bug.</li>

      </ul>

    </body>

</html>