Created attachment 111731 [details] Crash log. r97939 Reproducibility: always Steps: Go to http://www.google.com/ What happened: Infinite loop and WebKit crashes. WebProcess(25699,0x10caf5960) malloc: *** error for object 0x7ff58ea3e0d0: incorrect checksum for freed object - object was probably modified after being freed. *** set a breakpoint in malloc_error_break to debug Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 libobjc.A.dylib 0x000000010e8f4390 objc_msgSend_vtable14 + 16 1 com.apple.CoreFoundation 0x000000010e9ee110 CFRelease + 176 2 com.apple.CoreFoundation 0x000000010e9ee256 CFRelease + 502 3 com.apple.CoreGraphics 0x0000000117691abf color_finalize + 30 4 com.apple.CoreFoundation 0x000000010e9ee256 CFRelease + 502 5 com.apple.CoreGraphics 0x0000000117750ecf CGContextDrawTiledImage + 1216 6 com.apple.WebCore 0x000000011142f8bc WebCore::Image::drawPattern(WebCore::GraphicsContext*, WebCore::FloatRect const&, WebCore::AffineTransform const&, WebCore::FloatPoint const&, WebCore::ColorSpace, WebCore::CompositeOperator, WebCore::FloatRect const&) + 1916 (ImageCG.cpp:265) 7 com.apple.WebCore 0x0000000111429e58 WebCore::ImageBuffer::drawPattern(WebCore::GraphicsContext*, WebCore::FloatRect const&, WebCore::AffineTransform const&, WebCore::FloatPoint const&, WebCore::ColorSpace, WebCore::CompositeOperator, WebCore::FloatRect const&) + 456 (ImageBufferCG.cpp:245) 8 com.apple.WebCore 0x000000011128133c WebCore::GeneratedImage::drawPattern(WebCore::GraphicsContext*, WebCore::FloatRect const&, WebCore::AffineTransform const&, WebCore::FloatPoint const&, WebCore::ColorSpace, WebCore::CompositeOperator, WebCore::FloatRect const&) + 588 (GeneratedImage.cpp:67) 9 com.apple.WebCore 0x0000000111427f55 WebCore::Image::drawTiled(WebCore::GraphicsContext*, WebCore::FloatRect const&, WebCore::FloatPoint const&, WebCore::FloatSize const&, WebCore::ColorSpace, WebCore::CompositeOperator) + 1829 (Image.cpp:133) 10 com.apple.WebCore 0x00000001112a5c58 WebCore::GraphicsContext::drawTiledImage(WebCore::Image*, WebCore::ColorSpace, WebCore::IntRect const&, WebCore::IntPoint const&, WebCore::IntSize const&, WebCore::CompositeOperator, bool) + 472 (GraphicsContext.cpp:502) 11 com.apple.WebCore 0x0000000111c65ace WebCore::RenderBoxModelObject::paintFillLayerExtended(WebCore::PaintInfo const&, WebCore::Color const&, WebCore::FillLayer const*, WebCore::IntRect const&, WebCore::BackgroundBleedAvoidance, WebCore::InlineFlowBox*, WebCore::IntSize const&, WebCore::CompositeOperator, WebCore::RenderObject*) + 6478 (RenderBoxModelObject.cpp:781) 12 com.apple.WebCore 0x0000000111c4f751 WebCore::RenderBox::paintFillLayer(WebCore::PaintInfo const&, WebCore::Color const&, WebCore::FillLayer const*, WebCore::IntRect const&, WebCore::BackgroundBleedAvoidance, WebCore::CompositeOperator, WebCore::RenderObject*) + 225 (RenderBox.cpp:1091) 13 com.apple.WebCore 0x0000000111c4e810 WebCore::RenderBox::paintFillLayers(WebCore::PaintInfo const&, WebCore::Color const&, WebCore::FillLayer const*, WebCore::IntRect const&, WebCore::BackgroundBleedAvoidance, WebCore::CompositeOperator, WebCore::RenderObject*) + 208 (RenderBox.cpp:1085) 14 com.apple.WebCore 0x0000000111c4eef4 WebCore::RenderBox::paintBackground(WebCore::PaintInfo const&, WebCore::IntRect const&, WebCore::BackgroundBleedAvoidance) + 308 (RenderBox.cpp:961) 15 com.apple.WebCore 0x0000000111c4ebd6 WebCore::RenderBox::paintBoxDecorations(WebCore::PaintInfo&, WebCore::IntPoint const&) + 630 (RenderBox.cpp:938) 16 com.apple.WebCore 0x0000000111bf5ed9 WebCore::RenderBlock::paintObject(WebCore::PaintInfo&, WebCore::IntPoint const&) + 201 (RenderBlock.cpp:2572) 17 com.apple.WebCore 0x0000000111bf457d WebCore::RenderBlock::paint(WebCore::PaintInfo&, WebCore::IntPoint const&) + 333 (RenderBlock.cpp:2369) 18 com.apple.WebCore 0x0000000111ccac9a WebCore::RenderLayer::paintLayer(WebCore::RenderLayer*, WebCore::GraphicsContext*, WebCore::IntRect const&, unsigned int, WebCore::RenderObject*, WebCore::RenderRegion*, WTF::HashMap<WebCore::OverlapTestRequestClient*, WebCore::IntRect, WTF::PtrHash<WebCore::OverlapTestRequestClient*>, WTF::HashTraits<WebCore::OverlapTestRequestClient*>, WTF::HashTraits<WebCore::IntRect> >*, unsigned int) + 2650 (RenderLayer.cpp:2783) 19 com.apple.WebCore 0x0000000111ccc71f WebCore::RenderLayer::paintList(WTF::Vector<WebCore::RenderLayer*, 0ul>*, WebCore::RenderLayer*, WebCore::GraphicsContext*, WebCore::IntRect const&, unsigned int, WebCore::RenderObject*, WebCore::RenderRegion*, WTF::HashMap<WebCore::OverlapTestRequestClient*, WebCore::IntRect, WTF::PtrHash<WebCore::OverlapTestRequestClient*>, WTF::HashTraits<WebCore::OverlapTestRequestClient*>, WTF::HashTraits<WebCore::IntRect> >*, unsigned int) + 223 (RenderLayer.cpp:2865) 20 com.apple.WebCore 0x0000000111ccb19b WebCore::RenderLayer::paintLayer(WebCore::RenderLayer*, WebCore::GraphicsContext*, WebCore::IntRect const&, unsigned int, WebCore::RenderObject*, WebCore::RenderRegion*, WTF::HashMap<WebCore::OverlapTestRequestClient*, WebCore::IntRect, WTF::PtrHash<WebCore::OverlapTestRequestClient*>, WTF::HashTraits<WebCore::OverlapTestRequestClient*>, WTF::HashTraits<WebCore::IntRect> >*, unsigned int) + 3931 (RenderLayer.cpp:2829) 21 com.apple.WebCore 0x0000000111ccc71f WebCore::RenderLayer::paintList(WTF::Vector<WebCore::RenderLayer*, 0ul>*, WebCore::RenderLayer*, WebCore::GraphicsContext*, WebCore::IntRect const&, unsigned int, WebCore::RenderObject*, WebCore::RenderRegion*, WTF::HashMap<WebCore::OverlapTestRequestClient*, WebCore::IntRect, WTF::PtrHash<WebCore::OverlapTestRequestClient*>, WTF::HashTraits<WebCore::OverlapTestRequestClient*>, WTF::HashTraits<WebCore::IntRect> >*, unsigned int) + 223 (RenderLayer.cpp:2865) 22 com.apple.WebCore 0x0000000111ccb19b WebCore::RenderLayer::paintLayer(WebCore::RenderLayer*, WebCore::GraphicsContext*, WebCore::IntRect const&, unsigned int, WebCore::RenderObject*, WebCore::RenderRegion*, WTF::HashMap<WebCore::OverlapTestRequestClient*, WebCore::IntRect, WTF::PtrHash<WebCore::OverlapTestRequestClient*>, WTF::HashTraits<WebCore::OverlapTestRequestClient*>, WTF::HashTraits<WebCore::IntRect> >*, unsigned int) + 3931 (RenderLayer.cpp:2829) 23 com.apple.WebCore 0x0000000111cca155 WebCore::RenderLayer::paint(WebCore::GraphicsContext*, WebCore::IntRect const&, unsigned int, WebCore::RenderObject*, WebCore::RenderRegion*, unsigned int) + 181 (RenderLayer.cpp:2550) 24 com.apple.WebCore 0x000000011126d0d9 WebCore::FrameView::paintContents(WebCore::GraphicsContext*, WebCore::IntRect const&) + 1385 (FrameView.cpp:2761) 25 com.apple.WebCore 0x0000000111ea5dc7 WebCore::ScrollView::paint(WebCore::GraphicsContext*, WebCore::IntRect const&) + 1015 (ScrollView.cpp:1047) 26 com.apple.WebKit2 0x000000010f29e06e WebKit::WebPage::drawRect(WebCore::GraphicsContext&, WebCore::IntRect const&) + 302 (WebPage.cpp:771) 27 com.apple.WebKit2 0x000000010f4927e3 WebKit::DrawingAreaImpl::display(WebKit::UpdateInfo&) + 1971 (DrawingAreaImpl.cpp:671) 28 com.apple.WebKit2 0x000000010f4915ca WebKit::DrawingAreaImpl::display() + 426 (DrawingAreaImpl.cpp:572) 29 com.apple.WebKit2 0x000000010f490129 WebKit::DrawingAreaImpl::displayTimerFired() + 153 (DrawingAreaImpl.cpp:550) 30 com.apple.WebKit2 0x000000010f493bdb RunLoop::Timer<WebKit::DrawingAreaImpl>::fired() + 107 (RunLoop.h:127) 31 com.apple.WebKit2 0x000000010f24236d RunLoop::TimerBase::timerFired(__CFRunLoopTimer*, void*) + 109 (RunLoopMac.mm:115) 32 com.apple.CoreFoundation 0x000000010ea3df84 __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__ + 20 33 com.apple.CoreFoundation 0x000000010ea3dad6 __CFRunLoopDoTimer + 534 34 com.apple.CoreFoundation 0x000000010ea1e471 __CFRunLoopRun + 1617 35 com.apple.CoreFoundation 0x000000010ea1dae6 CFRunLoopRunSpecific + 230 36 com.apple.HIToolbox 0x000000011a6bd3d3 RunCurrentEventLoopInMode + 277 37 com.apple.HIToolbox 0x000000011a6c463d ReceiveNextEventCommon + 355 38 com.apple.HIToolbox 0x000000011a6c44ca BlockUntilNextEventMatchingListInMode + 62 39 com.apple.AppKit 0x00000001162cc3f1 _DPSNextEvent + 659 40 com.apple.AppKit 0x00000001162cbcf5 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 135 41 com.apple.AppKit 0x00000001162c862d -[NSApplication run] + 470 42 com.apple.WebKit2 0x000000010f24204c RunLoop::run() + 92 (RunLoopMac.mm:65) 43 com.apple.WebKit2 0x000000010f32be8f WebKit::WebProcessMain(WebKit::CommandLine const&) + 1103 (WebProcessMainMac.mm:118) 44 com.apple.WebKit2 0x000000010f29797f _ZL10WebKitMainRKN6WebKit11CommandLineE + 239 (WebKitMain.cpp:50) 45 com.apple.WebKit2 0x000000010f29786d WebKitMain + 173 (WebKitMain.cpp:74) 46 com.apple.WebProcess 0x000000010e00fd82 main + 290 47 com.apple.WebProcess 0x000000010e00fc54 start + 52 Expected result: WebKit does not crash.
Fixed with r97948
Closing.