Bug 114610

Summary:

[BlackBerry] Filesystem callback notifyCreateSnapshotFileAndReadMetadata can be called on the wring thread

Product:

WebKit

Reporter:

Carlos Garcia Campos <cgarcia>

Component:

WebKit BlackBerry

Assignee:

Nobody <webkit-unassigned>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

commit-queue, leoyang, mifenton, rwlbuis, tonikitoo, xan.lopez

Priority:

Version:

528+ (Nightly build)

Hardware:

Unspecified

OS:

Unspecified

Attachments:

Description	Flags
Patch	none

Description Carlos Garcia Campos 2013-04-15 02:18:56 PDT

This causes an assert in debug builds:

Program terminated with signal 11, Segmentation fault.
#0  0x794068ba in JSC::Heap::allocateWithImmortalStructureDestructor (this=0x8447e40, bytes=64) at /home/cgarcia/rim/webkit/Source/JavaScriptCore/heap/Heap.h:377
377	        ASSERT(isValidAllocation(bytes));
(gdb) bt
#0  0x794068ba in JSC::Heap::allocateWithImmortalStructureDestructor (this=0x8447e40, bytes=64) at /home/cgarcia/rim/webkit/Source/JavaScriptCore/heap/Heap.h:377
#1  0x7940cece in JSC::allocateCell<JSC::Structure> (heap=..., size=64) at /home/cgarcia/rim/webkit/Source/JavaScriptCore/runtime/JSCellInlines.h:92
#2  0x7940b67a in JSC::allocateCell<JSC::Structure> (heap=...) at /home/cgarcia/rim/webkit/Source/JavaScriptCore/runtime/JSCellInlines.h:104
#3  0x7940a262 in JSC::Structure::create (globalData=..., globalObject=0x89bf838, prototype=..., typeInfo=..., classInfo=0x7faac148, indexingType=0 '\000', inlineCapacity=0)
    at /home/cgarcia/rim/webkit/Source/JavaScriptCore/runtime/StructureInlines.h:38
#4  0x7d4e3d04 in WebCore::JSBlobPrototype::createStructure (globalData=..., globalObject=0x89bf838, prototype=...)
    at /home/cgarcia/rim/webkit/WebKitBuild/armle-v7/Debug/DerivedSources/WebCore/JSBlob.h:104
#5  0x7d4e322e in WebCore::JSBlob::createPrototype (exec=0x89bf9a0, globalObject=0x89bf838) at /home/cgarcia/rim/webkit/WebKitBuild/armle-v7/Debug/DerivedSources/WebCore/JSBlob.cpp:146
#6  0x7d2de2c0 in WebCore::getDOMStructure<WebCore::JSBlob> (exec=0x89bf9a0, globalObject=0x89bf838) at /home/cgarcia/rim/webkit/Source/WebCore/bindings/js/JSDOMBinding.h:116
#7  0x7d4e4062 in WebCore::getDOMPrototype<WebCore::JSBlob> (exec=0x89bf9a0, globalObject=0x89bf838) at /home/cgarcia/rim/webkit/Source/WebCore/bindings/js/JSDOMBinding.h:127
#8  0x7d4e308a in WebCore::JSBlobPrototype::self (exec=0x89bf9a0, globalObject=0x89bf838) at /home/cgarcia/rim/webkit/WebKitBuild/armle-v7/Debug/DerivedSources/WebCore/JSBlob.cpp:110
#9  0x7d4e4c02 in WebCore::JSFile::createPrototype (exec=0x89bf9a0, globalObject=0x89bf838) at /home/cgarcia/rim/webkit/WebKitBuild/armle-v7/Debug/DerivedSources/WebCore/JSFile.cpp:121
#10 0x7d2de44c in WebCore::getDOMStructure<WebCore::JSFile> (exec=0x89bf9a0, globalObject=0x89bf838) at /home/cgarcia/rim/webkit/Source/WebCore/bindings/js/JSDOMBinding.h:116
#11 0x7d2de1d4 in WebCore::createWrapper<WebCore::JSFile, WebCore::File> (exec=0x89bf9a0, globalObject=0x89bf838, node=0x82d8a70)
    at /home/cgarcia/rim/webkit/Source/WebCore/bindings/js/JSDOMBinding.h:186
#12 0x7d2ddbf8 in WebCore::wrap<WebCore::JSFile, WebCore::File> (exec=0x89bf9a0, globalObject=0x89bf838, domObject=0x82d8a70)
    at /home/cgarcia/rim/webkit/Source/WebCore/bindings/js/JSDOMBinding.h:199
#13 0x7d4e500c in WebCore::toJS (exec=0x89bf9a0, globalObject=0x89bf838, impl=0x82d8a70) at /home/cgarcia/rim/webkit/WebKitBuild/armle-v7/Debug/DerivedSources/WebCore/JSFile.cpp:171
#14 0x7d3ad830 in WebCore::JSFileCallback::handleEvent (this=0x8b03b50, file=0x82d8a70) at /home/cgarcia/rim/webkit/WebKitBuild/armle-v7/Debug/DerivedSources/WebCore/JSFileCallback.cpp:68
#15 0x7c5397ae in WebCore::(anonymous namespace)::SnapshotFileCallback::didCreateSnapshotFile (this=0x84b5998, metadata=..., snapshot=...)
    at /home/cgarcia/rim/webkit/Source/WebCore/Modules/filesystem/DOMFileSystem.cpp:174
#16 0x7d879198 in WebCore::PlatformAsyncFileSystemCallbacks::notifyCreateSnapshotFileAndReadMetadata (this=0x83ecdb8, fileInfo=...)
    at /home/cgarcia/rim/webkit/Source/WebCore/platform/blackberry/PlatformAsyncFileSystemCallbacks.cpp:75

Comment 1 Carlos Garcia Campos 2013-04-15 02:22:49 PDT

Created attachment 198039 [details]
Patch

Comment 2 Xan Lopez 2013-04-15 02:36:46 PDT

Comment on attachment 198039 [details]
Patch

Makes sense, seems every other thing in the file is following the same pattern.

Comment 3 WebKit Commit Bot 2013-04-15 03:10:15 PDT

Comment on attachment 198039 [details]
Patch

Clearing flags on attachment: 198039

Committed r148425: <http://trac.webkit.org/changeset/148425>

Comment 4 WebKit Commit Bot 2013-04-15 03:10:17 PDT

All reviewed patches have been landed.  Closing bug.