<html>
<head>
<base href="https://bugs.webkit.org/" />
</head>
<body><table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Bug ID</th>
<td><a class="bz_bug_link
bz_status_NEW "
title="NEW - [WinCairo] heap corruption is detected when destructing JSGlobalObject"
href="https://bugs.webkit.org/show_bug.cgi?id=156831">156831</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>[WinCairo] heap corruption is detected when destructing JSGlobalObject
</td>
</tr>
<tr>
<th>Classification</th>
<td>Unclassified
</td>
</tr>
<tr>
<th>Product</th>
<td>WebKit
</td>
</tr>
<tr>
<th>Version</th>
<td>WebKit Nightly Build
</td>
</tr>
<tr>
<th>Hardware</th>
<td>Unspecified
</td>
</tr>
<tr>
<th>OS</th>
<td>Unspecified
</td>
</tr>
<tr>
<th>Status</th>
<td>NEW
</td>
</tr>
<tr>
<th>Severity</th>
<td>Normal
</td>
</tr>
<tr>
<th>Priority</th>
<td>P2
</td>
</tr>
<tr>
<th>Component</th>
<td>JavaScriptCore
</td>
</tr>
<tr>
<th>Assignee</th>
<td>webkit-unassigned@lists.webkit.org
</td>
</tr>
<tr>
<th>Reporter</th>
<td>Hironori.Fujii@sony.com
</td>
</tr></table>
<p>
<div>
<pre>[WinCairo] heap corruption is detected when destructing JSGlobalObject
trunk@199765
perl Tools/Scripts/build-webkit --debug --wincairo --64-bit
fast/dom/insertedIntoDocument-iframe.html
Log:
<span class="quote">> Critical error detected c0000374</span >
Callstack:
<span class="quote">> ntdll.dll!00007fff7168e6db() Unknown
> ntdll.dll!00007fff71690dc6() Unknown
> ntdll.dll!00007fff71644b4a() Unknown
> ntdll.dll!00007fff715c0f36() Unknown
> ntdll.dll!00007fff715c09fd() Unknown
> JavaScriptCore.dll!_free_base(void * block) Line 107 C++
> [External Code]
> JavaScriptCore.dll!WTF::HashTable<OpaqueJSClass * __ptr64,WTF::KeyValuePair<OpaqueJSClass * __ptr64,std::unique_ptr<OpaqueJSClassContextData,std::default_delete<OpaqueJSClassContextData> > >,WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<OpaqueJSClass * __ptr64,std::unique_ptr<OpaqueJSClassContextData,std::default_delete<OpaqueJSClassContextData> > > >,WTF::PtrHash<OpaqueJSClass * __ptr64>,WTF::HashMap<OpaqueJSClass * __ptr64,std::unique_ptr<OpaqueJSClassContextData,std::default_delete<OpaqueJSClassContextData> >,WTF::PtrHash<OpaqueJSClass * __ptr64>,WTF::HashTraits<OpaqueJSClass * __ptr64>,WTF::HashTraits<std::unique_ptr<OpaqueJSClassContextData,std::default_delete<OpaqueJSClassContextData> > > >::KeyValuePairTraits,WTF::HashTraits<OpaqueJSClass * __ptr64> >::~HashTable<OpaqueJSClass * __ptr64,WTF::KeyValuePair<OpaqueJSClass * __ptr64,std::unique_ptr<OpaqueJSCla
> [External Code]
> JavaScriptCore.dll!JSC::JSGlobalObject::~JSGlobalObject() Line 248 C++
> [External Code]
> WebKit.dll!WebCore::JSDOMWindowBase::destroy(JSC::JSCell * cell) Line 100 C++
> JavaScriptCore.dll!JSC::Heap::FinalizerOwner::finalize(JSC::Handle<enum JSC::Unknown> handle, void * context) Line 1560 C++
> JavaScriptCore.dll!JSC::WeakBlock::finalize(JSC::WeakImpl * weakImpl) Line 53 C++
> JavaScriptCore.dll!JSC::WeakBlock::sweep() Line 85 C++
> JavaScriptCore.dll!JSC::WeakSet::sweep() Line 51 C++
> JavaScriptCore.dll!JSC::MarkedBlock::sweep(JSC::MarkedBlock::SweepMode sweepMode) Line 134 C++
> JavaScriptCore.dll!JSC::Sweep::operator()(JSC::MarkedBlock * block) Line 48 C++
> JavaScriptCore.dll!JSC::MarkedAllocator::forEachBlock<JSC::Sweep>(JSC::Sweep & functor) Line 159 C++
> JavaScriptCore.dll!JSC::MarkedSpace::forEachBlock<JSC::Sweep>(JSC::Sweep & functor) Line 228 C++
> JavaScriptCore.dll!JSC::MarkedSpace::forEachBlock<JSC::Sweep>() Line 244 C++
> JavaScriptCore.dll!JSC::MarkedSpace::sweep() Line 95 C++
> JavaScriptCore.dll!JSC::Heap::collectAndSweep(JSC::HeapOperation collectionType) Line 1102 C++
> WebKit.dll!JSC::Heap::collectAllGarbage() Line 168 C++
> WebKit.dll!WebCore::GCController::garbageCollectNow() Line 87 C++
> WebKit.dll!WebJavaScriptCollector::collect() Line 97 C++
> DumpRenderTreeLib.dll!GCController::collect() Line 43 C++
> DumpRenderTreeLib.dll!collectCallback(const OpaqueJSContext * context, OpaqueJSValue * function, OpaqueJSValue * thisObject, unsigned __int64 argumentCount, const OpaqueJSValue * const * arguments, const OpaqueJSValue * * exception) Line 49 C++
> JavaScriptCore.dll!JSC::APICallbackFunction::call<JSC::JSCallbackFunction>(JSC::ExecState * exec) Line 61 C++
> JavaScriptCore.dll!JSC::LLInt::handleHostCall(JSC::ExecState * execCallee, JSC::Instruction * pc, JSC::JSValue callee, JSC::CodeSpecializationKind kind) Line 1132 C++
> JavaScriptCore.dll!JSC::LLInt::setUpCall(JSC::ExecState * execCallee, JSC::Instruction * pc, JSC::CodeSpecializationKind kind, JSC::JSValue calleeAsValue, JSC::LLIntCallLinkInfo * callLinkInfo) Line 1178 C++
> JavaScriptCore.dll!JSC::LLInt::genericCall(JSC::ExecState * exec, JSC::Instruction * pc, JSC::CodeSpecializationKind kind) Line 1262 C++
> JavaScriptCore.dll!llint_slow_path_call(JSC::ExecState * exec, JSC::Instruction * pc) Line 1268 C++
> JavaScriptCore.dll!llint_entry() Line 8582 Unknown
> [External Code]</span ></pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are the assignee for the bug.</li>
</ul>
</body>
</html>