Bug 14707

Summary:	Crashes in StringImpl::length() seen on build bot after r24492
Product:	WebKit	Reporter:	mitz
Component:	Page Loading	Assignee:	Nobody <webkit-unassigned>
Status:	RESOLVED FIXED
Severity:	Normal	CC:	andersca
Priority:	P2	Keywords:	InRadar
Version:	523.x (Safari 3)
Hardware:	Other
OS:	OS X 10.4
URL:	http://build.webkit.org/results/post-commit-leaks-intel-mac-os-x/747/DumpRenderTree.crash.log

mitz

Reported 2007-07-21 14:19:21 PDT

The leaks build slaves have been crashing repeatedly following <http://trac.webkit.org/projects/webkit/changeset/24492>. The crash happens under DocLoader::removeCachedResource().

Attachments
Add attachment proposed patch, testcase, etc.

Geoffrey Garen

Comment 1 2007-07-21 17:42:53 PDT

Mitz, I see crashes like the following: 0 <<00000000>> 0xffff8264 __spin_lock + 4 (cpu_capabilities.h:179) 1 libSystem.B.dylib 0x90114010 stack_logging_log_stack + 608 2 libSystem.B.dylib 0x90003558 malloc + 688 3 com.apple.JavaScriptCore 0x004879ec WTF::fastMalloc(unsigned long) + 104 (FastMalloc.cpp:142) 4 com.apple.WebCore 0x011ff0e0 WebCore::newUCharVector(unsigned) + 40 (StringImpl.cpp:59) 5 com.apple.WebCore 0x011ff4c4 WebCore::StringImpl::init(unsigned short const*, unsigned) + 132 (StringImpl.cpp:125) Is that what you're talking about? If so, this is a known bug in Tiger malloc / leaks. We've seen it before on the leaks bot, and it's not related to r24492.

Geoffrey Garen

Comment 2 2007-07-21 17:45:18 PDT

Wait a sec. I was looking at the wrong part of the crash log. Here's the crash Mitz was talking about: 0 com.apple.WebCore 0x015eef44 WebCore::StringImpl::length() const + 20 (StringImpl.h:72) 1 com.apple.WebCore 0x015efb84 WTF::StrHash<WebCore::StringImpl*>::equal(WebCore::StringImpl const*, WebCore::StringImpl const*) + 100 (StringHash.h:42) 2 com.apple.WebCore 0x015f11b4 WTF::IdentityHashTranslator<WebCore::StringImpl*, std::pair<WebCore::StringImpl*, int>, WTF::StrHash<WebCore::StringImpl*> >::equal(WebCore::StringImpl* const&, WebCore::StringImpl* const&) + 56 (HashTable.h:257)

Geoffrey Garen

Comment 3 2007-07-21 17:46:14 PDT

<rdar://problem/5352570>

Geoffrey Garen

Comment 4 2007-07-22 19:42:12 PDT

7/22/07 12:31 PM Anders Carlsson: Darin checked in a fix for this, revision 24514 as a followup fix to rdar://problem/5298816. We should verify with TOT.

Note You need to log in before you can comment on or make changes to this bug.