There have been some crashes that look like this:
1 0x000000000000003f 0 + 63
2 com.apple.WebCore 0x7fff86c26b47 WebCore::MemoryCache::pruneDeadResourcesToSize(unsigned int) + 0x1f7
3 com.apple.WebCore 0x7fff86ba8507 WebCore::MemoryCache::prune() + 0x67
4 com.apple.WebCore 0x7fff8733cbe6 WebCore::BitmapImage::draw(WebCore::GraphicsContext*, WebCore::FloatRect const&, WebCore::FloatRect const&, WebCore::ColorSpace, WebCore::CompositeOperator, WebCore::RespectImageOrientationEnum) + 0xf6
5 com.apple.WebCore 0x7fff86ccc364 WebCore::BitmapImage::draw(WebCore::GraphicsContext*, WebCore::FloatRect const&, WebCore::FloatRect const&, WebCore::ColorSpace, WebCore::CompositeOperator) + 0x14
6 com.apple.WebCore 0x7fff86d50297 WebCore::Image::drawTiled(WebCore::GraphicsContext*, WebCore::FloatRect const&, WebCore::FloatPoint const&, WebCore::FloatSize const&, WebCore::ColorSpace, WebCore::CompositeOperator) + 0x277
7 com.apple.WebCore 0x7fff86d50011
A possible cause is that call to destroyDecodedData() causes other resources besides the current one to be evicted from cache.
Created attachment 172325 [details]
Comment on attachment 172325 [details]
View in context: https://bugs.webkit.org/attachment.cgi?id=172325&action=review
Looks safe and mostly reasonable. r=me
> + // Protect prev so it can't get deleted during destroyDecodedData().
prev -> 'previous'
This appears to have changed the eviction behavior on some of our performance tests, e.g. the spike here:
Is that expected?
The crashing/memory corruption case turns into a case where we interrupt the eviction in the middle, so this can affect eviction behavior. This is not ideal but it was the safest and simplest fix I could think of.
This looks like it introduced a significant perf regression in Chromium that points to additional calls to WebCore::CachedResource::registerHandle and WebCore::CachedResource::unregisterHandle
It may have similar perf implications to other parts of WebKit as well.
Can anyone please tell me if this fix is integrated in the UIWebView that we use in iPad3? I am seeing a similar crash in iPad3 & wanted to know if this patch is already used there? I tried to find in apple bug report (https://bugreport.apple.com) but could not find much details..
We do not comment about products based on WebKit.