RESOLVED FIXED 30085
REGRESSION (r49091): run-safari crashes in Safari.dll 
https://bugs.webkit.org/show_bug.cgi?id=30085
Summary REGRESSION (r49091): run-safari crashes in Safari.dll
Yong Li
Reported 2009-10-05 11:29:15 PDT
I got a win32 webkit build. run-safari crashes when launching the browser. VS2005 debugger shows it crashes in free.c, { retval = HeapFree(_crtheap, 0, pBlock); // Crash here if (retval == 0) { errno = _get_errno_from_oserr(GetLastError()); } } The stack trace is: 7fe99ea0() Safari.dll!677029c7() [Frames below may be incorrect and/or missing, no symbols loaded for Safari.dll] Safari.dll!676fc1b7() user32.dll!77450657() Safari.dll!676e428d() Safari.dll!676e1c68() user32.dll!7744f8d2() user32.dll!77441912() user32.dll!7744f73d() user32.dll!77450817() user32.dll!774439f7() ntdll.dll!77ac99ce() user32.dll!77443cf7() user32.dll!77443b94() user32.dll!7743eb62() user32.dll!7744382f() user32.dll!7743eb7f() user32.dll!7743ebab() CoreFoundation.dll!6b847ed2() CoreFoundation.dll!6b892ba0() CoreFoundation.dll!6b88d60c() CoreFoundation.dll!6b89087b() CoreFoundation.dll!6b88d30f() CoreFoundation.dll!6b88d60c() CoreFoundation.dll!6b88dc1a() ntdll.dll!77ab429e() ntdll.dll!77ab429e() ntdll.dll!77ab0e36() user32.dll!77443cc3() user32.dll!7743d57a() user32.dll!7743d63f() user32.dll!77443d9a() Safari.dll!67728fc2() Safari.dll!6775a6b5() Safari.dll!67703189() Safari.dll!6773dec6() Safari.dll!67701942() pthreadVC2.dll!73fc32fe() Safari.dll!676fc83f() CFNetwork.dll!69e761bc() Safari.dll!6774d706() Safari.dll!6774ddb8() Safari.exe!003f1412() ntdll.dll!77ad5b87() ntdll.dll!77ad8b2c() ntdll.dll!77ad8752() ntdll.dll!77ad8752() ntdll.dll!77ad861f() ntdll.dll!77ad8652() kernel32.dll!77c3c56f() > msvcr80.dll!free(void * pBlock=0x01787b38) Line 110 C msvcr80.dll!_wsetenvp() Line 139 C msvcr80.dll!__wgetmainargs(int * pargc=0x003f3018, unsigned short * * * pargv=0x003f3020, unsigned short * * * penvp=0x003f301c, int dowildcard=0x00000000, _startupinfo * startinfo=0xaed3d67a) Line 127 + 0x5 bytes C Safari.exe!003f146f() Safari.exe!003f15d4() kernel32.dll!77c34911() ntdll.dll!77aae4b6() ntdll.dll!77aae489()
Attachments
dump file saved by VS2005 (37.74 KB, application/octet-stream)
2009-10-06 09:26 PDT, Yong Li 		no flags
Details
Safari crash dump (35.65 KB, application/octet-stream)
2009-10-06 09:26 PDT, Alexander Pavlov (apavlov) 		no flags
Details
Move the new IWebViewPrivate::inspectorPrivate function after all functions that existed when Safari 4.0.3 was released (1.47 KB, patch)
2009-10-08 08:35 PDT, Adam Roben (:aroben) 		sullivan: review+
DetailsFormatted DiffDiff
Another similar crash (46.05 KB, application/octet-stream)
2009-10-08 08:38 PDT, anton muhin 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
Alexander Pavlov (apavlov)
Comment 1 2009-10-06 04:22:04 PDT
Same here, but the pBlock is 0x00000000 for me, and a slightly different stacktrace (running r49162): > msvcr80.dll!fastcopy_I(void * dst=0x03fa98c0, void * src=0x01080180, int len=90177568) + 0x46 bytes C msvcr80.dll!_VEC_memcpy(void * dst=0x03fa98c0, void * src=0x010801e0, int len=-858993460) + 0x52 bytes C WebKit.dll!WebCore::StringImpl::create(const wchar_t * characters=0x03fa98c0, unsigned int length=17301888) Line 1015 + 0x13 bytes C++ msvcr80.dll!_VEC_memcpy(void * dst=0x03fa98c0, void * src=0x010801e0, int len=-858993460) + 0x52 bytes C WebKit.dll!WebCore::StringImpl::create(const wchar_t * characters=0x03fa98c0, unsigned int length=17301984) Line 1015 + 0x13 bytes C++ WebKit.dll!WebCore::StringImpl::create(const wchar_t * characters=0x03fa98c0, unsigned int length=8650992) Line 1015 + 0x13 bytes C++ WebKit.dll!WebCore::String::String(const wchar_t * str=0x03fa98c0, unsigned int len=8650992) Line 53 + 0x11 bytes C++ WebKit.dll!WebView::executeCoreCommandByName(wchar_t * bName=0x03fa98c0, wchar_t * bValue=0x03f0a128) Line 3083 C++ Safari.exe!00423a89() [Frames below may be incorrect and/or missing, no symbols loaded for Safari.exe] Safari.exe!0055c61d() Safari.exe!00423327() Safari.exe!0041c9e9() Safari.exe!0040420d() Safari.exe!00533598() user32.dll!7e418734() user32.dll!7e418816() user32.dll!7e428ea0() user32.dll!7e42ce7c() ntdll.dll!7c90e473() user32.dll!7e42e389() user32.dll!7e42e34f() Safari.exe!007e0045() Safari.exe!00740069() ntdll.dll!7c910385() ntdll.dll!7c915239() ntdll.dll!7c91542b() ntdll.dll!7c9100b8() ntdll.dll!7c910041() ntdll.dll!7c91005d() ntdll.dll!7c9157c1() ntdll.dll!7c91534a() ntdll.dll!7c915742() ntdll.dll!7c9155ed() ntdll.dll!7c91005d() user32.dll!7e419951() ntdll.dll!7c910323() ntdll.dll!7c910323() user32.dll!7e4199e4() user32.dll!7e419a12() user32.dll!7e41a303() user32.dll!7e419a12() user32.dll!7e41a31a() user32.dll!7e41a33b() Safari.exe!00740069() ntdll.dll!7c9100b8() ntdll.dll!7c910041() ntdll.dll!7c91005d() ntdll.dll!7c910323() user32.dll!7e42e442() ntdll.dll!7c91005d() msvcr80.dll!free(void * pBlock=0x00000000) Line 110 C user32.dll!7e42d0d6() Safari.exe!00449542() Safari.exe!0047a732() Safari.exe!00423c59() Safari.exe!0045e3f5() Safari.exe!004222f1() pthreadVC2.dll!696032fe() Safari.exe!0041d06f() CFNetwork.dll!6a52611f() Safari.exe!0046dab6() Safari.exe!00424304() Safari.exe!0065ef57() kernel32.dll!7c817077() Safari.exe!00740061() Safari.exe!00740069() Safari.exe!006f0073() Safari.exe!0065004e() Safari.exe!0065004e() Safari.exe!006f0073() Safari.exe!0065004e() Safari.exe!0065004e() Safari.exe!0065004e() Safari.exe!0065004e() Safari.exe!006f0073() Safari.exe!0065004e() Safari.exe!0065004e() Safari.exe!0065004e() Safari.exe!0065004e() Safari.exe!006f0073() Safari.exe!0065004e() Safari.exe!0065004e()
Adam Roben (:aroben)
Comment 2 2009-10-06 09:01:19 PDT
Yong or apavlov, can either of you upload a .dmp file from your crash? http://webkit.org/quality/crashlogs.html has instructions, and you can also save a .dmp from within Visual Studio by choosing Debug > Save Dump As...
Yong Li
Comment 3 2009-10-06 09:26:19 PDT
Created attachment 40725 [details] dump file saved by VS2005 I'm using vista, which doesn't include Dr. Waston.
Alexander Pavlov (apavlov)
Comment 4 2009-10-06 09:26:55 PDT
Created attachment 40726 [details] Safari crash dump
Alexander Pavlov (apavlov)
Comment 5 2009-10-06 09:27:49 PDT
(In reply to comment #2) Visual Studio 2005 dump attached.
Adam Roben (:aroben)
Comment 6 2009-10-08 08:24:40 PDT
Here's a better backtrace: msvcr80.dll!_memcpy() + 0x1e0 bytes > WebKit.dll!WebCore::StringImpl::create(const wchar_t * characters=0x04f93940, unsigned int length=17564594) Line 971 + 0x13 bytes C++ WebKit.dll!WebCore::String::String(const wchar_t * str=0x04f93940, unsigned int len=17564594) Line 53 + 0x11 bytes C++ WebKit.dll!WebView::executeCoreCommandByName(wchar_t * bName=0x04f93940, wchar_t * bValue=0x047b7798) Line 3083 C++ Safari.dll!SafariView::attachToSafariWindow() + 0x59 bytes Safari.dll!TabbedBrowsingBarBase::newTabWithView() + 0x9d bytes Safari.dll!SafariWindow::createTabWithFrameName() + 0x47 bytes Safari.dll!SafariWindow::onCreate() + 0x8b7 bytes Safari.dll!SafariWindow::ProcessWindowMessage() + 0x3d bytes Safari.dll!ATL::CWindowImplBaseT<ATL::CWindow,ATL::CWinTraits<101646336,0> >::WindowProc() + 0x58 bytes user32.dll!_InternalCallWinProc@20() + 0x28 bytes user32.dll!_UserCallWinProcCheckWow@32() + 0x13692 bytes user32.dll!_DispatchClientMessage@20() + 0x4d bytes user32.dll!___fnINLPCREATESTRUCT@4() + 0x56 bytes ntdll.dll!_KiUserCallbackDispatcher@12() + 0x13 bytes user32.dll!_NtUserCreateWindowEx@60() + 0xc bytes user32.dll!__CreateWindowEx@52() + 0xb1 bytes user32.dll!_CreateWindowExW@48() + 0x33 bytes Safari.dll!WTL::CFrameWindowImplBase<ATL::CWindow,ATL::CWinTraits<101646336,0> >::Create() + 0x82 bytes Safari.dll!SafariWindow::create() + 0x75 bytes Safari.dll!SafariWindow::createInstance() + 0xa9 bytes Safari.dll!Safari::Application::showWelcomePageIfNeeded() + 0xc6 bytes pthreadVC2.dll!pthread_mutex_unlock(pthread_mutex_t_ * * mutex=0x00000001) Line 89 + 0x14 bytes C Safari.dll!run() + 0xef bytes Safari.dll!BonjourDB::startBrowsing() + 0x89 bytes Safari.dll!safariMain() + 0x596 bytes Safari.dll!_safariDLLMain@16() + 0x38 bytes Safari.exe!_wWinMain@16() + 0x152 bytes Safari.exe!@__security_check_cookie@4() + 0x1aa bytes kernel32.dll!_BaseProcessStart@4() + 0x23 bytes
Adam Roben (:aroben)
Comment 7 2009-10-08 08:25:56 PDT
My guess is that someone has messed up the vtable for IWebView or some other similar interface. It doesn't make sense for SafariView::attachToSafariWindow to be calling WebView:: executeCoreCommandByName.
Adam Roben (:aroben)
Comment 8 2009-10-08 08:27:26 PDT
attachToSafariWindow calls windowAncestryDidChange, which is the next IWebViewPrivate member after executeCoreCommandByName. So my guess is that someone added an IWebViewPrivate member above that point.
Adam Roben (:aroben)
Comment 9 2009-10-08 08:29:11 PDT
Looks like r49091 did this. http://trac.webkit.org/changeset/49091#file7
Adam Roben (:aroben)
Comment 10 2009-10-08 08:35:01 PDT
Created attachment 40873 [details] Move the new IWebViewPrivate::inspectorPrivate function after all functions that existed when Safari 4.0.3 was released
anton muhin
Comment 11 2009-10-08 08:38:30 PDT
Created attachment 40874 [details] Another similar crash WebKit after clean build. git pulled at commit 597a1d3006745f287ae2aba32edd7d3e353ed0d7 Author: barraclough@apple.com <barraclough@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc> Date: Thu Oct 8 09:18:21 2009 +0000 Fix for JIT'ed op_call instructions (evals, constructs, etc.) when !ENABLE(JIT_OPTIMIZE_CALL) && USE(JSVALUE32_64) Patch by Zoltan Herczeg <zherczeg@inf.u-szeged.hu> on 2009-10-08 Reviewed by Gavin Barraclough. https://bugs.webkit.org/show_bug.cgi?id=30201 * jit/JITCall.cpp: (JSC::JIT::compileOpCall):
Adam Roben (:aroben)
Comment 12 2009-10-08 08:40:10 PDT
Committed r49304: <http://trac.webkit.org/changeset/49304>
anton muhin
Comment 13 2009-10-08 10:35:07 PDT
(In reply to comment #12) > Committed r49304: <http://trac.webkit.org/changeset/49304> Thanks a lot, Adam. I am current at git-svn-id: http://svn.webkit.org/repository/webkit/trunk@49305 268f45cc-cd09-0410-ab3c-d52691b4dbfc and Safari starts fine.
Yong Li
Comment 14 2009-10-12 10:58:33 PDT
I was trying a new build based on latest code. but it says out-of-memory when linking webkit dll. I have 3GB physical memory installed on my pc.
Steve Falkenburg
Comment 15 2009-10-12 11:15:48 PDT
If you're building release, use an x64 variant of Windows. The linker is out of address space.
Note You need to log in before you can comment on or make changes to this bug.