RESOLVED DUPLICATE of bug 200024 202045
bmalloc::IsoAllocator<bmalloc:: IsoConfig<>>:allocateSlow(bool) Crash on iOS 12.4 and newer OS 
https://bugs.webkit.org/show_bug.cgi?id=202045
Summary bmalloc::IsoAllocator<bmalloc:: IsoConfig<>>:allocateSlow(bool) Crash on iOS ...
Jin
Reported 2019-09-20 05:56:38 PDT
1. create a UIWebView 2. access a big document webpage ,such as https://www.5554443.com It will crash soon. It seems it can not allocate memory, but at iOS 12.0 it works great. Could you tell me what's the reason? Did WebCore's memory allocate has been modified ? Many devloper talk about this: https://forums.developer.apple.com/thread/121480 Callstack: 0 WebCore 0x19d5ec330 bmalloc::IsoAllocator<bmalloc::IsoConfig<96u> >::allocateSlow(bool) + 252 1 WebCore 0x19d5ea594 WebCore::Attr::create(WebCore::Element&, WebCore::QualifiedName const&) + 256 2 WebCore 0x19d657c94 WebCore::Element::ensureAttr(WebCore::QualifiedName const&) + 140 3 WebCore 0x19d681740 WebCore::NamedNodeMap::item(unsigned int) const + 152 4 WebCore 0x19cef9a28 WebCore::JSNamedNodeMap::getOwnPropertySlotByIndex(JSC::JSObject*, JSC::ExecState*, unsigned int, JSC::PropertySlot&) + 140 5 JavaScriptCore 0x19ba71ad0 llint_slow_path_get_by_val + 5312 6 JavaScriptCore 0x19b48e5cc llint_entry + 34380 7 JavaScriptCore 0x19b49a304 llint_entry + 82820 8 JavaScriptCore 0x19b49a304 llint_entry + 82820 9 JavaScriptCore 0x19b49a304 llint_entry + 82820 10 JavaScriptCore 0x19b49a3a4 llint_entry + 82980 11 JavaScriptCore 0x19b485cec vmEntryToJavaScript + 268 12 JavaScriptCore 0x19b9b74d0 JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 424 13 JavaScriptCore 0x19bb9968c JSC::profiledCall(JSC::ExecState*, JSC::ProfilingReason, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, ***::NakedPtr<JSC::Exception>&) + 200 14 WebCore 0x19d3d7acc WebCore::JSExecState::profiledCall(JSC::ExecState*, JSC::ProfilingReason, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, ***::NakedPtr<JSC::Exception>&) + 140 15 WebCore 0x19d406a50 WebCore::ScheduledAction::executeFunctionInContext(JSC::JSGlobalObject*, JSC::JSValue, WebCore::ScriptExecutionContext&) + 424 16 WebCore 0x19d4066d4 WebCore::ScheduledAction::execute(WebCore::Document&) + 144 17 WebCore 0x19da67b20 WebCore::DOMTimer::fired() + 816 18 WebCore 0x19db565bc WebCore::ThreadTimers::sharedTimerFiredInternal() + 216 19 WebCore 0x19db76608 WebCore::timerFired(__CFRunLoopTimer*, void*) + 28 20 CoreFoundation 0x194074d60 __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__ + 28 21 CoreFoundation 0x194074a90 __CFRunLoopDoTimer + 864 22 CoreFoundation 0x1940742c4 __CFRunLoopDoTimers + 248 23 CoreFoundation 0x19406f214 __CFRunLoopRun + 1844 24 CoreFoundation 0x19406e7c0 CFRunLoopRunSpecific + 436 25 WebCore 0x19cd61fc4 RunWebThread(void*) + 600 26 libsystem_pthread.dylib 0x193d012c0 _pthread_body + 128 27 libsystem_pthread.dylib 0x193d01220 _pthread_start + 44 28 libsystem_pthread.dylib 0x193d04cdc thread_start + 4
Attachments
Add attachment proposed patch, testcase, etc.
Alexey Proskuryakov
Comment 1 2019-09-20 09:57:15 PDT
I cannot reproduce this on a newer iOS. Can you reproduce with iOS 13.1 beta?
Yusuke Suzuki
Comment 2 2019-09-20 10:08:48 PDT
I think this issue is fixed in iOS13.1, can you test it? I also opened it on Safari on newer iOS and cannot reproduce the crash.
Radar WebKit Bug Importer
Comment 3 2019-09-20 10:11:30 PDT
<rdar://problem/55563460>
Jin
Comment 4 2019-09-21 01:59:05 PDT
(In reply to Yusuke Suzuki from comment #2) > I think this issue is fixed in iOS13.1, can you test it? > I also opened it on Safari on newer iOS and cannot reproduce the crash. Cloud you give me the commit or the diff ?
Yusuke Suzuki
Comment 5 2019-09-21 02:09:08 PDT
I confirmed it is fixed in public beta. Closing. *** This bug has been marked as a duplicate of bug 200024 ***
Yusuke Suzuki
Comment 6 2019-09-21 02:09:32 PDT
(In reply to Jin from comment #4) > (In reply to Yusuke Suzuki from comment #2) > > I think this issue is fixed in iOS13.1, can you test it? > > I also opened it on Safari on newer iOS and cannot reproduce the crash. > > Cloud you give me the commit or the diff ? See this issue. https://bugs.webkit.org/show_bug.cgi?id=200024
Note You need to log in before you can comment on or make changes to this bug.