Bug 114610

Summary:

[BlackBerry] Filesystem callback notifyCreateSnapshotFileAndReadMetadata can be called on the wring thread

Product:

WebKit

Reporter:

Carlos Garcia Campos <cgarcia>

Component:

WebKit BlackBerry

Assignee:

Nobody <webkit-unassigned>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

commit-queue, leoyang, mifenton, rwlbuis, tonikitoo, xan.lopez

Priority:

Version:

528+ (Nightly build)

Hardware:

Unspecified

OS:

Unspecified

Attachments:

Description	Flags
Patch	none

Carlos Garcia Campos

Reported 2013-04-15 02:18:56 PDT

This causes an assert in debug builds: Program terminated with signal 11, Segmentation fault. #0 0x794068ba in JSC::Heap::allocateWithImmortalStructureDestructor (this=0x8447e40, bytes=64) at /home/cgarcia/rim/webkit/Source/JavaScriptCore/heap/Heap.h:377 377 ASSERT(isValidAllocation(bytes)); (gdb) bt #0 0x794068ba in JSC::Heap::allocateWithImmortalStructureDestructor (this=0x8447e40, bytes=64) at /home/cgarcia/rim/webkit/Source/JavaScriptCore/heap/Heap.h:377 #1 0x7940cece in JSC::allocateCell<JSC::Structure> (heap=..., size=64) at /home/cgarcia/rim/webkit/Source/JavaScriptCore/runtime/JSCellInlines.h:92 #2 0x7940b67a in JSC::allocateCell<JSC::Structure> (heap=...) at /home/cgarcia/rim/webkit/Source/JavaScriptCore/runtime/JSCellInlines.h:104 #3 0x7940a262 in JSC::Structure::create (globalData=..., globalObject=0x89bf838, prototype=..., typeInfo=..., classInfo=0x7faac148, indexingType=0 '\000', inlineCapacity=0) at /home/cgarcia/rim/webkit/Source/JavaScriptCore/runtime/StructureInlines.h:38 #4 0x7d4e3d04 in WebCore::JSBlobPrototype::createStructure (globalData=..., globalObject=0x89bf838, prototype=...) at /home/cgarcia/rim/webkit/WebKitBuild/armle-v7/Debug/DerivedSources/WebCore/JSBlob.h:104 #5 0x7d4e322e in WebCore::JSBlob::createPrototype (exec=0x89bf9a0, globalObject=0x89bf838) at /home/cgarcia/rim/webkit/WebKitBuild/armle-v7/Debug/DerivedSources/WebCore/JSBlob.cpp:146 #6 0x7d2de2c0 in WebCore::getDOMStructure<WebCore::JSBlob> (exec=0x89bf9a0, globalObject=0x89bf838) at /home/cgarcia/rim/webkit/Source/WebCore/bindings/js/JSDOMBinding.h:116 #7 0x7d4e4062 in WebCore::getDOMPrototype<WebCore::JSBlob> (exec=0x89bf9a0, globalObject=0x89bf838) at /home/cgarcia/rim/webkit/Source/WebCore/bindings/js/JSDOMBinding.h:127 #8 0x7d4e308a in WebCore::JSBlobPrototype::self (exec=0x89bf9a0, globalObject=0x89bf838) at /home/cgarcia/rim/webkit/WebKitBuild/armle-v7/Debug/DerivedSources/WebCore/JSBlob.cpp:110 #9 0x7d4e4c02 in WebCore::JSFile::createPrototype (exec=0x89bf9a0, globalObject=0x89bf838) at /home/cgarcia/rim/webkit/WebKitBuild/armle-v7/Debug/DerivedSources/WebCore/JSFile.cpp:121 #10 0x7d2de44c in WebCore::getDOMStructure<WebCore::JSFile> (exec=0x89bf9a0, globalObject=0x89bf838) at /home/cgarcia/rim/webkit/Source/WebCore/bindings/js/JSDOMBinding.h:116 #11 0x7d2de1d4 in WebCore::createWrapper<WebCore::JSFile, WebCore::File> (exec=0x89bf9a0, globalObject=0x89bf838, node=0x82d8a70) at /home/cgarcia/rim/webkit/Source/WebCore/bindings/js/JSDOMBinding.h:186 #12 0x7d2ddbf8 in WebCore::wrap<WebCore::JSFile, WebCore::File> (exec=0x89bf9a0, globalObject=0x89bf838, domObject=0x82d8a70) at /home/cgarcia/rim/webkit/Source/WebCore/bindings/js/JSDOMBinding.h:199 #13 0x7d4e500c in WebCore::toJS (exec=0x89bf9a0, globalObject=0x89bf838, impl=0x82d8a70) at /home/cgarcia/rim/webkit/WebKitBuild/armle-v7/Debug/DerivedSources/WebCore/JSFile.cpp:171 #14 0x7d3ad830 in WebCore::JSFileCallback::handleEvent (this=0x8b03b50, file=0x82d8a70) at /home/cgarcia/rim/webkit/WebKitBuild/armle-v7/Debug/DerivedSources/WebCore/JSFileCallback.cpp:68 #15 0x7c5397ae in WebCore::(anonymous namespace)::SnapshotFileCallback::didCreateSnapshotFile (this=0x84b5998, metadata=..., snapshot=...) at /home/cgarcia/rim/webkit/Source/WebCore/Modules/filesystem/DOMFileSystem.cpp:174 #16 0x7d879198 in WebCore::PlatformAsyncFileSystemCallbacks::notifyCreateSnapshotFileAndReadMetadata (this=0x83ecdb8, fileInfo=...) at /home/cgarcia/rim/webkit/Source/WebCore/platform/blackberry/PlatformAsyncFileSystemCallbacks.cpp:75

Attachments
Patch (5.07 KB, patch) 2013-04-15 02:22 PDT, Carlos Garcia Campos	no flags	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Carlos Garcia Campos

Comment 1 2013-04-15 02:22:49 PDT

Created attachment 198039 [details] Patch

Xan Lopez

Comment 2 2013-04-15 02:36:46 PDT

Comment on attachment 198039 [details] Patch Makes sense, seems every other thing in the file is following the same pattern.

WebKit Commit Bot

Comment 3 2013-04-15 03:10:15 PDT

Comment on attachment 198039 [details] Patch Clearing flags on attachment: 198039 Committed r148425: <http://trac.webkit.org/changeset/148425>

WebKit Commit Bot

Comment 4 2013-04-15 03:10:17 PDT

All reviewed patches have been landed. Closing bug.

Note You need to log in before you can comment on or make changes to this bug.