<html>
    <head>
      <base href="https://bugs.webkit.org/">
    </head>
    <body>
      <p>
        <div>
            <b><a class="bz_bug_link 
          bz_status_NEW "
   title="NEW - [WinCairo] Crash in WebCore::Page::setActivityState"
   href="https://bugs.webkit.org/show_bug.cgi?id=228065#c2">Comment # 2</a>
              on <a class="bz_bug_link 
          bz_status_NEW "
   title="NEW - [WinCairo] Crash in WebCore::Page::setActivityState"
   href="https://bugs.webkit.org/show_bug.cgi?id=228065">bug 228065</a>
              from <span class="vcard"><a class="email" href="mailto:Hironori.Fujii@sony.com" title="Fujii Hironori <Hironori.Fujii@sony.com>"> <span class="fn">Fujii Hironori</span></a>
</span></b>
        <pre>I reproduce the crash with CheckedPtr patch.
Callstack with <span class=""><a href="attachment.cgi?id=433765&action=diff" name="attach_433765" title="CheckedPtr patch">attachment#433765</a> <a href="attachment.cgi?id=433765&action=edit" title="CheckedPtr patch">[details]</a></span> 

<span class="quote">> WTF.dll!WTFCrash() Line 321    C++
> WebKit2.dll!WTF::in_place<0>(WTF::__in_place_private::__value_holder<0> & __formal) Line 105       C++
> [Inline Frame] WebKit2.dll!WTF::CanMakeCheckedPtr::{dtor}() Line 201       C++
> [Inline Frame] WebKit2.dll!WebCore::ActivityStateChangeObserver::{dtor}() Line 37  C++
> WebKit2.dll!WebCore::WebGLRenderingContextBase::~WebGLRenderingContextBase() Line 1064     C++
> WebKit2.dll!WebCore::WebGL2RenderingContext::`scalar deleting destructor'(unsigned int)    C++
> [Inline Frame] WebKit2.dll!std::default_delete<WebCore::CanvasRenderingContext>::operator()(WebCore::CanvasRenderingContext *) Line 3120     C++
> [Inline Frame] WebKit2.dll!std::unique_ptr<WebCore::CanvasRenderingContext,std::default_delete<WebCore::CanvasRenderingContext>>::reset(WebCore::CanvasRenderingContext *) Line 3265   C++
> [Inline Frame] WebKit2.dll!std::unique_ptr<WebCore::CanvasRenderingContext,std::default_delete<WebCore::CanvasRenderingContext>>::operator=(void *) Line 3168  C++
> WebKit2.dll!WebCore::HTMLCanvasElement::~HTMLCanvasElement() Line 160      C++
> WebKit2.dll!WebCore::HTMLCanvasElement::`scalar deleting destructor'(unsigned int) C++
> [Inline Frame] WebKit2.dll!WebCore::Node::deref() Line 799 C++
> [Inline Frame] WebKit2.dll!WTF::DefaultRefDerefTraits<WebCore::Node>::derefIfNotNull(WebCore::Node *) Line 43        C++
> [Inline Frame] WebKit2.dll!WTF::RefPtr<WebCore::Node,WTF::RawPtrTraits<WebCore::Node>,WTF::DefaultRefDerefTraits<WebCore::Node>>::{dtor}() Line 75       C++
> [Inline Frame] WebKit2.dll!WTF::RefPtr<WebCore::Node,WTF::RawPtrTraits<WebCore::Node>,WTF::DefaultRefDerefTraits<WebCore::Node>>::operator=(const WTF::RefPtr<WebCore::Node,WTF::RawPtrTraits<WebCore::Node>,WTF::DefaultRefDerefTraits<WebCore::Node>> &) Line 138        C++
> WebKit2.dll!WebCore::addChildNodesToDeletionQueue(WebCore::Node * & head, WebCore::Node * & tail, WebCore::ContainerNode & container) Line 186 C++
> [Inline Frame] WebKit2.dll!WebCore::removeDetachedChildrenInContainer(WebCore::ContainerNode &) Line 225       C++
> [Inline Frame] WebKit2.dll!WebCore::ContainerNode::removeDetachedChildren() Line 282       C++
> WebKit2.dll!WebCore::ContainerNode::~ContainerNode() Line 316      C++
> WebKit2.dll!WebCore::HTMLUnknownElement::`scalar deleting destructor'(unsigned int)        C++
> WebKit2.dll!WebCore::`anonymous namespace'::ChildListRecord::~ChildListRecord()    C++
> WebKit2.dll!WebCore::`anonymous namespace'::ChildListRecord::`scalar deleting destructor'(unsigned int)    C++
> [Inline Frame] JavaScriptCore.dll!JSC::JSDestructibleObjectDestroyFunc::operator()(JSC::VM &) Line 38  C++
> [Inline Frame] JavaScriptCore.dll!JSC::MarkedBlock::Handle::specializedSweep::__l2::<lambda_9b5a43e7afa45d9559d44d5666c9d583>::operator()(void *) Line 260   C++
> JavaScriptCore.dll!JSC::MarkedBlock::Handle::specializedSweep<1,0,0,1,0,1,0,JSC::JSDestructibleObjectDestroyFunc>(JSC::FreeList * freeList, JSC::MarkedBlock::Handle::EmptyMode emptyMode, JSC::MarkedBlock::Handle::SweepMode sweepMode, JSC::MarkedBlock::Handle::SweepDestructionMode destructionMode, JSC::MarkedBlock::Handle::ScribbleMode scribbleMode, JSC::MarkedBlock::Handle::NewlyAllocatedMode newlyAllocatedMode, JSC::MarkedBlock::Handle::MarksMode marksMode, const JSC::JSDestructibleObjectDestroyFunc & destroyFunc) Line 294        C++
> JavaScriptCore.dll!JSC::MarkedBlock::Handle::finishSweepKnowingHeapCellType::__l2::<lambda>() Line 394       C++
> JavaScriptCore.dll!JSC::MarkedBlock::Handle::finishSweepKnowingHeapCellType<JSC::JSDestructibleObjectDestroyFunc>(JSC::FreeList * freeList, const JSC::JSDestructibleObjectDestroyFunc & destroyFunc) Line 435   C++
> JavaScriptCore.dll!JSC::JSDestructibleObjectHeapCellType::finishSweep(JSC::MarkedBlock::Handle & handle, JSC::FreeList * freeList) Line 54     C++
> JavaScriptCore.dll!JSC::MarkedBlock::Handle::sweep(JSC::FreeList * freeList) Line 416      C++
> [Inline Frame] JavaScriptCore.dll!JSC::IncrementalSweeper::sweepNextBlock(JSC::VM &) Line 88   C++
> [Inline Frame] JavaScriptCore.dll!JSC::IncrementalSweeper::doSweep(JSC::VM &) Line 58  C++
> JavaScriptCore.dll!JSC::IncrementalSweeper::doWork(JSC::VM & vm) Line 53       C++
> [Inline Frame] JavaScriptCore.dll!JSC::JSRunLoopTimer::timerDidFire() Line 230     C++
> JavaScriptCore.dll!JSC::JSRunLoopTimer::Manager::timerDidFire() Line 106   C++
> [Inline Frame] WTF.dll!WTF::RunLoop::TimerBase::timerFired() Line 164      C++
> [Inline Frame] WTF.dll!WTF::RunLoop::wndProc(HWND__ *) Line 59     C++
> WTF.dll!WTF::RunLoop::RunLoopWndProc(HWND__ * hWnd, unsigned int message, unsigned __int64 wParam, __int64 lParam) Line 39 C++
> user32.dll!00007ffd46a7e858()      Unknown
> user32.dll!00007ffd46a7e299()      Unknown
> WTF.dll!WTF::RunLoop::run() Line 73        C++
> [Inline Frame] WebKit2.dll!WebKit::AuxiliaryProcessMainBase<WebKit::WebProcess,1>::run(int) Line 70  C++
> [Inline Frame] WebKit2.dll!WebKit::AuxiliaryProcessMain(int) Line 96       C++
> WebKit2.dll!WebKit::WebProcessMain(int argc, char * * argv) Line 57        C++
> WebKitWebProcess.exe!main(int argc, char * * argv) Line 35 C++
> [Inline Frame] WebKitWebProcess.exe!invoke_main() Line 78  C++
> WebKitWebProcess.exe!__scrt_common_main_seh() Line 288     C++
> kernel32.dll!00007ffd45127034()    Unknown
> ntdll.dll!00007ffd46f42651()       Unknown</span ></pre>
        </div>
      </p>


      <hr>
      <span>You are receiving this mail because:</span>

      <ul>
          <li>You are the assignee for the bug.</li>
      </ul>
    </body>
</html>