Bug 30085

Summary:

REGRESSION (r49091): run-safari crashes in Safari.dll

Product:

WebKit

Reporter:

Yong Li <yong.li.webkit>

Component:

WebKit Misc.

Assignee:

Adam Roben (:aroben) <aroben>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

antonm, apavlov, aroben, bweinstein, sfalken

Priority:

Version:

528+ (Nightly build)

Hardware:

OS:

Windows Vista

Attachments:

Description	Flags
dump file saved by VS2005	none
Safari crash dump	none
Move the new IWebViewPrivate::inspectorPrivate function after all functions that existed when Safari 4.0.3 was released	sullivan: review+
Another similar crash	none

Yong Li

Reported 2009-10-05 11:29:15 PDT

I got a win32 webkit build. run-safari crashes when launching the browser. VS2005 debugger shows it crashes in free.c, { retval = HeapFree(_crtheap, 0, pBlock); // Crash here if (retval == 0) { errno = _get_errno_from_oserr(GetLastError()); } } The stack trace is: 7fe99ea0() Safari.dll!677029c7() [Frames below may be incorrect and/or missing, no symbols loaded for Safari.dll] Safari.dll!676fc1b7() user32.dll!77450657() Safari.dll!676e428d() Safari.dll!676e1c68() user32.dll!7744f8d2() user32.dll!77441912() user32.dll!7744f73d() user32.dll!77450817() user32.dll!774439f7() ntdll.dll!77ac99ce() user32.dll!77443cf7() user32.dll!77443b94() user32.dll!7743eb62() user32.dll!7744382f() user32.dll!7743eb7f() user32.dll!7743ebab() CoreFoundation.dll!6b847ed2() CoreFoundation.dll!6b892ba0() CoreFoundation.dll!6b88d60c() CoreFoundation.dll!6b89087b() CoreFoundation.dll!6b88d30f() CoreFoundation.dll!6b88d60c() CoreFoundation.dll!6b88dc1a() ntdll.dll!77ab429e() ntdll.dll!77ab429e() ntdll.dll!77ab0e36() user32.dll!77443cc3() user32.dll!7743d57a() user32.dll!7743d63f() user32.dll!77443d9a() Safari.dll!67728fc2() Safari.dll!6775a6b5() Safari.dll!67703189() Safari.dll!6773dec6() Safari.dll!67701942() pthreadVC2.dll!73fc32fe() Safari.dll!676fc83f() CFNetwork.dll!69e761bc() Safari.dll!6774d706() Safari.dll!6774ddb8() Safari.exe!003f1412() ntdll.dll!77ad5b87() ntdll.dll!77ad8b2c() ntdll.dll!77ad8752() ntdll.dll!77ad8752() ntdll.dll!77ad861f() ntdll.dll!77ad8652() kernel32.dll!77c3c56f() > msvcr80.dll!free(void * pBlock=0x01787b38) Line 110 C msvcr80.dll!_wsetenvp() Line 139 C msvcr80.dll!__wgetmainargs(int * pargc=0x003f3018, unsigned short * * * pargv=0x003f3020, unsigned short * * * penvp=0x003f301c, int dowildcard=0x00000000, _startupinfo * startinfo=0xaed3d67a) Line 127 + 0x5 bytes C Safari.exe!003f146f() Safari.exe!003f15d4() kernel32.dll!77c34911() ntdll.dll!77aae4b6() ntdll.dll!77aae489()

Attachments
dump file saved by VS2005 (37.74 KB, application/octet-stream) 2009-10-06 09:26 PDT, Yong Li	no flags	Details
Safari crash dump (35.65 KB, application/octet-stream) 2009-10-06 09:26 PDT, Alexander Pavlov (apavlov)	no flags	Details
Move the new IWebViewPrivate::inspectorPrivate function after all functions that existed when Safari 4.0.3 was released (1.47 KB, patch) 2009-10-08 08:35 PDT, Adam Roben (:aroben)	sullivan: review+	Details Formatted Diff Diff
Another similar crash (46.05 KB, application/octet-stream) 2009-10-08 08:38 PDT, anton muhin	no flags	Details
View All Add attachment proposed patch, testcase, etc.

Alexander Pavlov (apavlov)

Comment 1 2009-10-06 04:22:04 PDT

Same here, but the pBlock is 0x00000000 for me, and a slightly different stacktrace (running r49162): > msvcr80.dll!fastcopy_I(void * dst=0x03fa98c0, void * src=0x01080180, int len=90177568) + 0x46 bytes C msvcr80.dll!_VEC_memcpy(void * dst=0x03fa98c0, void * src=0x010801e0, int len=-858993460) + 0x52 bytes C WebKit.dll!WebCore::StringImpl::create(const wchar_t * characters=0x03fa98c0, unsigned int length=17301888) Line 1015 + 0x13 bytes C++ msvcr80.dll!_VEC_memcpy(void * dst=0x03fa98c0, void * src=0x010801e0, int len=-858993460) + 0x52 bytes C WebKit.dll!WebCore::StringImpl::create(const wchar_t * characters=0x03fa98c0, unsigned int length=17301984) Line 1015 + 0x13 bytes C++ WebKit.dll!WebCore::StringImpl::create(const wchar_t * characters=0x03fa98c0, unsigned int length=8650992) Line 1015 + 0x13 bytes C++ WebKit.dll!WebCore::String::String(const wchar_t * str=0x03fa98c0, unsigned int len=8650992) Line 53 + 0x11 bytes C++ WebKit.dll!WebView::executeCoreCommandByName(wchar_t * bName=0x03fa98c0, wchar_t * bValue=0x03f0a128) Line 3083 C++ Safari.exe!00423a89() [Frames below may be incorrect and/or missing, no symbols loaded for Safari.exe] Safari.exe!0055c61d() Safari.exe!00423327() Safari.exe!0041c9e9() Safari.exe!0040420d() Safari.exe!00533598() user32.dll!7e418734() user32.dll!7e418816() user32.dll!7e428ea0() user32.dll!7e42ce7c() ntdll.dll!7c90e473() user32.dll!7e42e389() user32.dll!7e42e34f() Safari.exe!007e0045() Safari.exe!00740069() ntdll.dll!7c910385() ntdll.dll!7c915239() ntdll.dll!7c91542b() ntdll.dll!7c9100b8() ntdll.dll!7c910041() ntdll.dll!7c91005d() ntdll.dll!7c9157c1() ntdll.dll!7c91534a() ntdll.dll!7c915742() ntdll.dll!7c9155ed() ntdll.dll!7c91005d() user32.dll!7e419951() ntdll.dll!7c910323() ntdll.dll!7c910323() user32.dll!7e4199e4() user32.dll!7e419a12() user32.dll!7e41a303() user32.dll!7e419a12() user32.dll!7e41a31a() user32.dll!7e41a33b() Safari.exe!00740069() ntdll.dll!7c9100b8() ntdll.dll!7c910041() ntdll.dll!7c91005d() ntdll.dll!7c910323() user32.dll!7e42e442() ntdll.dll!7c91005d() msvcr80.dll!free(void * pBlock=0x00000000) Line 110 C user32.dll!7e42d0d6() Safari.exe!00449542() Safari.exe!0047a732() Safari.exe!00423c59() Safari.exe!0045e3f5() Safari.exe!004222f1() pthreadVC2.dll!696032fe() Safari.exe!0041d06f() CFNetwork.dll!6a52611f() Safari.exe!0046dab6() Safari.exe!00424304() Safari.exe!0065ef57() kernel32.dll!7c817077() Safari.exe!00740061() Safari.exe!00740069() Safari.exe!006f0073() Safari.exe!0065004e() Safari.exe!0065004e() Safari.exe!006f0073() Safari.exe!0065004e() Safari.exe!0065004e() Safari.exe!0065004e() Safari.exe!0065004e() Safari.exe!006f0073() Safari.exe!0065004e() Safari.exe!0065004e() Safari.exe!0065004e() Safari.exe!0065004e() Safari.exe!006f0073() Safari.exe!0065004e() Safari.exe!0065004e()

Adam Roben (:aroben)

Comment 2 2009-10-06 09:01:19 PDT

Yong or apavlov, can either of you upload a .dmp file from your crash? http://webkit.org/quality/crashlogs.html has instructions, and you can also save a .dmp from within Visual Studio by choosing Debug > Save Dump As...

Yong Li

Comment 3 2009-10-06 09:26:19 PDT

Created attachment 40725 [details] dump file saved by VS2005 I'm using vista, which doesn't include Dr. Waston.

Alexander Pavlov (apavlov)

Comment 4 2009-10-06 09:26:55 PDT

Created attachment 40726 [details] Safari crash dump

Alexander Pavlov (apavlov)

Comment 5 2009-10-06 09:27:49 PDT

(In reply to comment #2) Visual Studio 2005 dump attached.

Adam Roben (:aroben)

Comment 6 2009-10-08 08:24:40 PDT

Here's a better backtrace: msvcr80.dll!_memcpy() + 0x1e0 bytes > WebKit.dll!WebCore::StringImpl::create(const wchar_t * characters=0x04f93940, unsigned int length=17564594) Line 971 + 0x13 bytes C++ WebKit.dll!WebCore::String::String(const wchar_t * str=0x04f93940, unsigned int len=17564594) Line 53 + 0x11 bytes C++ WebKit.dll!WebView::executeCoreCommandByName(wchar_t * bName=0x04f93940, wchar_t * bValue=0x047b7798) Line 3083 C++ Safari.dll!SafariView::attachToSafariWindow() + 0x59 bytes Safari.dll!TabbedBrowsingBarBase::newTabWithView() + 0x9d bytes Safari.dll!SafariWindow::createTabWithFrameName() + 0x47 bytes Safari.dll!SafariWindow::onCreate() + 0x8b7 bytes Safari.dll!SafariWindow::ProcessWindowMessage() + 0x3d bytes Safari.dll!ATL::CWindowImplBaseT<ATL::CWindow,ATL::CWinTraits<101646336,0> >::WindowProc() + 0x58 bytes user32.dll!_InternalCallWinProc@20() + 0x28 bytes user32.dll!_UserCallWinProcCheckWow@32() + 0x13692 bytes user32.dll!_DispatchClientMessage@20() + 0x4d bytes user32.dll!___fnINLPCREATESTRUCT@4() + 0x56 bytes ntdll.dll!_KiUserCallbackDispatcher@12() + 0x13 bytes user32.dll!_NtUserCreateWindowEx@60() + 0xc bytes user32.dll!__CreateWindowEx@52() + 0xb1 bytes user32.dll!_CreateWindowExW@48() + 0x33 bytes Safari.dll!WTL::CFrameWindowImplBase<ATL::CWindow,ATL::CWinTraits<101646336,0> >::Create() + 0x82 bytes Safari.dll!SafariWindow::create() + 0x75 bytes Safari.dll!SafariWindow::createInstance() + 0xa9 bytes Safari.dll!Safari::Application::showWelcomePageIfNeeded() + 0xc6 bytes pthreadVC2.dll!pthread_mutex_unlock(pthread_mutex_t_ * * mutex=0x00000001) Line 89 + 0x14 bytes C Safari.dll!run() + 0xef bytes Safari.dll!BonjourDB::startBrowsing() + 0x89 bytes Safari.dll!safariMain() + 0x596 bytes Safari.dll!_safariDLLMain@16() + 0x38 bytes Safari.exe!_wWinMain@16() + 0x152 bytes Safari.exe!@__security_check_cookie@4() + 0x1aa bytes kernel32.dll!_BaseProcessStart@4() + 0x23 bytes

Adam Roben (:aroben)

Comment 7 2009-10-08 08:25:56 PDT

My guess is that someone has messed up the vtable for IWebView or some other similar interface. It doesn't make sense for SafariView::attachToSafariWindow to be calling WebView:: executeCoreCommandByName.

Adam Roben (:aroben)

Comment 8 2009-10-08 08:27:26 PDT

attachToSafariWindow calls windowAncestryDidChange, which is the next IWebViewPrivate member after executeCoreCommandByName. So my guess is that someone added an IWebViewPrivate member above that point.

Adam Roben (:aroben)

Comment 9 2009-10-08 08:29:11 PDT

Looks like r49091 did this. http://trac.webkit.org/changeset/49091#file7

Adam Roben (:aroben)

Comment 10 2009-10-08 08:35:01 PDT

Created attachment 40873 [details] Move the new IWebViewPrivate::inspectorPrivate function after all functions that existed when Safari 4.0.3 was released

anton muhin

Comment 11 2009-10-08 08:38:30 PDT

Created attachment 40874 [details] Another similar crash WebKit after clean build. git pulled at commit 597a1d3006745f287ae2aba32edd7d3e353ed0d7 Author: barraclough@apple.com <barraclough@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc> Date: Thu Oct 8 09:18:21 2009 +0000 Fix for JIT'ed op_call instructions (evals, constructs, etc.) when !ENABLE(JIT_OPTIMIZE_CALL) && USE(JSVALUE32_64) Patch by Zoltan Herczeg <zherczeg@inf.u-szeged.hu> on 2009-10-08 Reviewed by Gavin Barraclough. https://bugs.webkit.org/show_bug.cgi?id=30201 * jit/JITCall.cpp: (JSC::JIT::compileOpCall):

Adam Roben (:aroben)

Comment 12 2009-10-08 08:40:10 PDT

Committed r49304: <http://trac.webkit.org/changeset/49304>

anton muhin

Comment 13 2009-10-08 10:35:07 PDT

(In reply to comment #12) > Committed r49304: <http://trac.webkit.org/changeset/49304> Thanks a lot, Adam. I am current at git-svn-id: http://svn.webkit.org/repository/webkit/trunk@49305 268f45cc-cd09-0410-ab3c-d52691b4dbfc and Safari starts fine.

Yong Li

Comment 14 2009-10-12 10:58:33 PDT

I was trying a new build based on latest code. but it says out-of-memory when linking webkit dll. I have 3GB physical memory installed on my pc.

Steve Falkenburg

Comment 15 2009-10-12 11:15:48 PDT

If you're building release, use an x64 variant of Windows. The linker is out of address space.

Note You need to log in before you can comment on or make changes to this bug.