CoreIPC::Connection::sendOutgoingMessage crashes after memory has been smashed when creating lots of RemoteLayerTree layers. This occurs because we use mach ports to share the IOSurface backing store, and sendOutgoingMessage always sends the ports in-line, even if they won't fit in the fixed-size 4KB buffer. We have a few options: 1. Simply mmap a buffer of the requisite size. 2. Do #1 but keep the stack-allocated buffer for performance if the message is under 4KB after out-of-lining the body, swapping to mmap if needed. 3. Figure out how to out-of-line the ports using mach_msg_ool_ports_descriptor_t and co. (I have this partially implemented, but there are some hitches). Attaching patch for #1 (the simplest option), will adjust as people recommend. <rdar://problem/15491080>
Created attachment 217400 [details] #1 patch
Created attachment 217401 [details] #2 patch
Giving up on #3 for now, it's way, way more complicated and I don't want to waste too much time if one of these will do.
#2 it is! http://trac.webkit.org/changeset/159582