NEW 164926
[GTK] Memory corruption causes web process crash in WebCore::createStyleContext 
https://bugs.webkit.org/show_bug.cgi?id=164926
Summary [GTK] Memory corruption causes web process crash in WebCore::createStyleContext
Michael Catanzaro
Reported 2016-11-18 09:10:50 PST
Memory corruption causes web process crash in WebCore::createStyleContext. Only one report of this ever, with 2.12.4. Unfortunately I have no valgrind memcheck for this. Truncated backtrace: Thread no. 1 (10 frames) #6 g_malloc at gmem.c:94 #7 g_data_set_internal at gdataset.c:464 #8 g_datalist_id_set_data_full at gdataset.c:670 #9 g_object_notify_queue_freeze at gobject.c:242 #10 g_object_init at gobject.c:975 #11 g_type_create_instance at gtype.c:1869 #12 g_object_new_internal at gobject.c:1781 #15 gtk_css_path_node_new at gtkcsspathnode.c:142 #16 gtk_style_context_init at gtkstylecontext.c:355 #17 g_type_create_instance at gtype.c:1875 Full backtrace downstream. Importantly: #3 0x00007f904cc96c13 in malloc_printerr (ar_ptr=0x3, ptr=<optimized out>, str=0x7f904cda3250 "malloc(): smallbin double linked list corrupted", action=3) at malloc.c:5004 buf = "000056427ea9ba30" cp = <optimized out> ar_ptr = 0x3 ptr = <optimized out> str = 0x7f904cda3250 "malloc(): smallbin double linked list corrupted" action = 3
Attachments
Add attachment proposed patch, testcase, etc.
Michael Catanzaro
Comment 1 2016-11-18 09:12:32 PST
Note: last time we had a crash like this, it was an Epiphany bug in an unrelated part of code, due to forgetting to remove a weak pointer. Epiphany is not a likely culprit here since this is web process.
Note You need to log in before you can comment on or make changes to this bug.