Bug 108815 - [Qt] JSC a oversize block related crash
Summary: [Qt] JSC a oversize block related crash
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: JavaScriptCore (show other bugs)
Version: 528+ (Nightly build)
Hardware: PC Linux
: P2 Normal
Assignee: Nobody
URL:
Keywords:
Depends on:
Blocks: QtWebkit23 103747
  Show dependency treegraph
 
Reported: 2013-02-04 04:23 PST by honda
Modified: 2013-02-05 03:24 PST (History)
3 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description honda 2013-02-04 04:23:51 PST
When accessing a gmail web site, sooner or later,  qtwebkit 2.3 related browsers (quppzila, arora, etc) crash.
Gdb said that this crash occurs in the following path:

SlotVisitor::copyLater()
m_shared.m_copiedSpace->pin(CopiedSpace::oversizeBlockFor(ptr))
CopiedBlock::pin() 
m_workList.clear() HERE!!.

Clearly memory corruptions happened in oversized blocks beofore clear() deallocation.
After some investigation, I found that the change set 138067 clearly explains its cause, and
the change sets 137961 and 138067 resolve the issue completely.

Taking the importance of these change sets into account, they are better to be included
in the current qtwebkit 2.3.
Comment 2 Allan Sandfeld Jensen 2013-02-05 03:24:13 PST
Thanks for the report. Great stuff. It has been pushed to Qt 5.0, and I will try to integrate it to QtWebKit 2.3 beta2.