Bug 16842

Summary:

Hang in DRT in leaks mode due to signal handler doing unsafe things

Product:

WebKit

Reporter:

Mark Rowe (bdash) <mrowe>

Component:

Tools / Tests

Assignee:

Nobody <webkit-unassigned>

Status:

NEW

Severity:

Normal

Priority:

Version:

528+ (Nightly build)

Hardware:

Mac

OS:

OS X 10.4

Attachments:

Description	Flags
Sample from buildbot showing this hang occurring	none

Mark Rowe (bdash)

Reported 2008-01-11 11:03:09 PST

static void crashHandler(int sig) { fprintf(stderr, "%s\n", strsignal(sig)); restoreColorSpace(0); exit(128 + sig); } If "crashHandler" is triggered from within malloc/realloc/free then any calls to those functions may deadlock on a malloc lock. "restoreColorSpace" can run arbitrary system code, and "exit" will lead to C++ destructors being called on global objects. Both of these could result in a malloc-related function being called.

Attachments
Sample from buildbot showing this hang occurring (6.17 KB, text/plain) 2008-01-11 11:03 PST, Mark Rowe (bdash)	no flags	Details
View All Add attachment proposed patch, testcase, etc.

Mark Rowe (bdash)

Comment 1 2008-01-11 11:03:55 PST

Created attachment 18395 [details] Sample from buildbot showing this hang occurring

Mark Rowe (bdash)

Comment 2 2008-01-11 11:05:15 PST

I think that to call restoreColorSpace safely in the event of a crash it would need to be moved to a parent process that executes the real DRT. "_exit" can probably be used in place of "exit" to avoid the problems with that call.

Note You need to log in before you can comment on or make changes to this bug.