RESOLVED INVALID 145275
Crash in WebCore::CachedResourceClientWalker 
https://bugs.webkit.org/show_bug.cgi?id=145275
Summary Crash in WebCore::CachedResourceClientWalker
Antti Koivisto
Reported 2015-05-21 11:12:37 PDT
14/05/15 12:15 Drew Yao: Opening the attached html file in a debug build of WebKit trunk(r184335) with libgmalloc causes a crash. Process 66512 stopped * thread #1: tid = 0xd418f9, 0x00000001056a3566 WebCore`WebCore::CachedResourceClientWalker<WebCore::CachedImageClient>::next(this=0x00007fff5fbfd510) + 166 at CachedResourceClientWalker.h:54, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x1646d7ff0) frame #0: 0x00000001056a3566 WebCore`WebCore::CachedResourceClientWalker<WebCore::CachedImageClient>::next(this=0x00007fff5fbfd510) + 166 at CachedResourceClientWalker.h:54 51 while (m_index < size) { 52 CachedResourceClient* next = m_clientVector[m_index++]; 53 if (m_clientSet.contains(next)) { -> 54 ASSERT_WITH_SECURITY_IMPLICATION(T::expectedType() == CachedResourceClient::expectedType() || next->resourceClientType() == T::expectedType()); 55 return static_cast<T*>(next); 56 } 57 } (lldb) bt * thread #1: tid = 0xd418f9, 0x00000001056a3566 WebCore`WebCore::CachedResourceClientWalker<WebCore::CachedImageClient>::next(this=0x00007fff5fbfd510) + 166 at CachedResourceClientWalker.h:54, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x1646d7ff0) * frame #0: 0x00000001056a3566 WebCore`WebCore::CachedResourceClientWalker<WebCore::CachedImageClient>::next(this=0x00007fff5fbfd510) + 166 at CachedResourceClientWalker.h:54 frame #1: 0x00000001056a1822 WebCore`WebCore::CachedImage::notifyObservers(this=0x0000000164586b80, changeRect=0x0000000000000000) + 66 at CachedImage.cpp:314 frame #2: 0x00000001056a2053 WebCore`WebCore::CachedImage::finishLoading(this=0x0000000164586b80, data=0x000000016c3fffc0) + 547 at CachedImage.cpp:436 frame #3: 0x00000001072d5005 WebCore`WebCore::SubresourceLoader::didFinishLoading(this=0x00000001645a2b00, finishTime=0) + 517 at SubresourceLoader.cpp:371 frame #4: 0x0000000106fcb455 WebCore`WebCore::ResourceLoader::didFinishLoading(this=0x00000001645a2b00, (null)=0x0000000164623fe0, finishTime=0) + 53 at ResourceLoader.cpp:562 frame #5: 0x000000010758c03a WebCore`-[WebCoreResourceHandleAsDelegate connectionDidFinishLoading:](self=0x0000000164633ff0, _cmd=0x00007fff9612ca40, connection=0x0000000164639ff0) + 186 at WebCoreResourceHandleAsDelegate.mm:260 frame #6: 0x00007fff95b7a24d CFNetwork`__65-[NSURLConnectionInternal _withConnectionAndDelegate:onlyActive:]_block_invoke + 69 frame #7: 0x00007fff95b7a0b1 CFNetwork`-[NSURLConnectionInternal _withConnectionAndDelegate:onlyActive:] + 232 frame #8: 0x00007fff95b79fb7 CFNetwork`-[NSURLConnectionInternal _withActiveConnectionAndDelegate:] + 48 frame #9: 0x00007fff95b7af74 CFNetwork`___ZN27URLConnectionClient_Classic26_delegate_didFinishLoadingEU13block_pointerFvvE_block_invoke + 104 frame #10: 0x00007fff95c2e703 CFNetwork`___ZN27URLConnectionClient_Classic18_withDelegateAsyncEPKcU13block_pointerFvP16_CFURLConnectionPK33CFURLConnectionClientCurrent_VMaxE_block_invoke_2 + 94 frame #11: 0x00007fff95acfcec CFNetwork`RunloopBlockContext::_invoke_block(void const*, void*) + 72 frame #12: 0x00007fff87568664 CoreFoundation`CFArrayApplyFunction + 68 frame #13: 0x00007fff95acfbad CFNetwork`RunloopBlockContext::perform() + 133 frame #14: 0x00007fff95acf998 CFNetwork`MultiplexerSource::perform() + 282 frame #15: 0x00007fff95acf7ba CFNetwork`MultiplexerSource::_perform(void*) + 72 frame #16: 0x00007fff8759ca01 CoreFoundation`__CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17 frame #17: 0x00007fff8758eb8d CoreFoundation`__CFRunLoopDoSources0 + 269 frame #18: 0x00007fff8758e1bf CoreFoundation`__CFRunLoopRun + 927 frame #19: 0x00007fff8758dbd8 CoreFoundation`CFRunLoopRunSpecific + 296 frame #20: 0x00007fff919dda59 Foundation`-[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 278 frame #21: 0x0000000100002988 parseWebKit`main(argc=3, argv=0x00007fff5fbff5d8) + 4104 at parseWebKit.m:241 frame #22: 0x00007fff890385c9 libdyld.dylib`start + 1 frame #23: 0x00007fff890385c9 libdyld.dylib`start + 1
Attachments
Add attachment proposed patch, testcase, etc.
Note You need to log in before you can comment on or make changes to this bug.