Bug 100504

Summary: [BlackBerry] ASSERT currentThreadIsHoldingLock() failed in MarkedAllocator::allocateSlowCase()
Product: WebKit Reporter: Sean Wang <xuewen.ok>
Component: WebKit BlackBerryAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: mifenton, rwlbuis, tonikitoo, webkit.review.bot, yong.li.webkit
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
patch none

Description Sean Wang 2012-10-26 05:02:39 PDT 
DESCRIPTION:
This is similar with a resolved bug 95492, but it has different code path.
I will make a patch in the same way.

HOW TO REPRODUCE:
1) Build debug version webkit
2) open bing.com
3) after it loaded, open baidu.com

EXPECTED:
Baidu.com is loaded and browser should not crash

ACTUAL:
Browser crashed at the assertion failure as following.

Thread [3] (Suspended: Signal 'SIGSEGV' received. Description: Segmentation
fault.)    
    22 JSC::MarkedAllocator::allocateSlowCase() MarkedAllocator.cpp:76
0x02954174    
    21 JSC::MarkedAllocator::allocate() MarkedAllocator.h:83 0x793f43e4    
    20 JSC::MarkedSpace::allocateWithDestructor() MarkedSpace.h:197 0x793f4518  
    19 JSC::Heap::allocateWithDestructor() Heap.h:366 0x793f4668    
    18 JSC::allocateCell<JSC::JSAPIValueWrapper>() JSCell.h:337 0x793ff2ac    
    17 JSC::JSAPIValueWrapper::create() JSAPIValueWrapper.h:49 0x793fb664    
    16 JSC::jsAPIValueWrapper() JSAPIValueWrapper.h:73 0x793fb814    
    15 toRef() APICast.h:114 0x793fb8a0    
    14 BlackBerry::WebKit::WebPagePrivate::executeJavaScriptInIsolatedWorld()
WebPage.cpp:860 0x793d9f08    
    13 BlackBerry::WebKit::WebPage::executeJavaScriptInIsolatedWorld()
WebPage.cpp:915 0x793da308
Comment 1 Sean Wang 2012-10-26 05:28:56 PDT 
Created attachment 170903 [details]
patch

Petter Wang had internally reviewed+. It's better to have YongLi to have a look.
Comment 2 Yong Li 2012-10-26 07:23:55 PDT 
Comment on attachment 170903 [details]
patch

r+ with more confidence when it is internally reviewed first.
Comment 3 WebKit Review Bot 2012-10-26 07:30:26 PDT 
Comment on attachment 170903 [details]
patch

Clearing flags on attachment: 170903

Committed r132653: <http://trac.webkit.org/changeset/132653>
Comment 4 WebKit Review Bot 2012-10-26 07:30:30 PDT 
All reviewed patches have been landed.  Closing bug.