[chromium-bugs] Issue 23151 in chromium: Invalid reads and writes near WebCore::V8AbstractEventListener::handleEvent

[codesite-noreply]

Status: Available
Owner: thes...@chromium.org
CC: p...@chromium.org,  dglaz...@chromium.org
Labels: Type-Bug Pri-1 OS-Linux Area-WebKit Size-Medium valgrind

New issue 23151 by thes...@chromium.org: Invalid reads and writes near  
WebCore::V8AbstractEventListener::handleEvent
http://code.google.com/p/chromium/issues/detail?id=23151

Not sure when this started happening. Related to issue 22702 perhaps? I
spotted it here:

http://build.chromium.org/buildbot/waterfall/builders/Webkit%20Linux%20(valgrind%20layout)/builds/2217/steps/valgrind%20test:%20layout/logs/stdio

18:08:57 memcheck_analyze.py [ERROR] InvalidWrite
Command:
/b/slave/webkit-rel-linux-valgrind-layout/build/src/sconsbuild/Release/test_shell
--layout-tests
--pixel-tests=/b/slave/webkit-rel-linux-valgrind-layout/build/src/webkit/Release/layout-test-results/png_result0.png
--time-out-ms=200000
http://127.0.0.1:8000/xmlhttprequest/access-control-basic-allow-preflight-cache-timeout.html
Invalid write of size 4
   v8::internal::List<v8::internal::Context*,
v8::internal::FreeStoreAllocationPolicy>::Add(v8::internal::Context*
const&) (v8/src/list-inl.h:40)
   v8::internal::HandleScopeImplementer::SaveContext(v8::internal::Context*)
(v8/src/api.h:388)
   v8::Context::Enter() (v8/src/api.cc:430)
   v8::Context::Scope::Scope(v8::Handle<v8::Context>) (v8/include/v8.h:2566)
   WebCore::V8AbstractEventListener::handleEvent(WebCore::Event*)
(third_party/WebKit/WebCore/bindings/v8/V8AbstractEventListener.cpp:152)
   WebCore::EventTarget::fireEventListeners(WebCore::Event*)
(third_party/WebKit/WebCore/dom/EventTarget.cpp:272)
   WebCore::EventTarget::dispatchEvent(WTF::PassRefPtr<WebCore::Event>)
(third_party/WebKit/WebCore/dom/EventTarget.cpp:243)
   WebCore::XMLHttpRequest::callReadyStateChangeListener()
(third_party/WebKit/WebCore/xml/XMLHttpRequest.cpp:251)
   WebCore::XMLHttpRequest::didReceiveData(char const*, int)
(third_party/WebKit/WebCore/xml/XMLHttpRequest.cpp:902)

WebCore::DocumentThreadableLoader::didReceiveData(WebCore::SubresourceLoader*,
char const*, int)
(third_party/WebKit/WebCore/loader/DocumentThreadableLoader.cpp:223)
   WebCore::SubresourceLoader::didReceiveData(char const*, int, long long,
bool) (third_party/WebKit/WebCore/loader/SubresourceLoader.cpp:170)
   WebCore::ResourceLoader::didReceiveData(WebCore::ResourceHandle*, char
const*, int, int) (third_party/WebKit/WebCore/loader/ResourceLoader.cpp:398)
   WebCore::ResourceHandleInternal::didReceiveData(WebKit::WebURLLoader*,
char const*, int, long long) (webkit/api/src/ResourceHandle.cpp:144)
   webkit_glue::WebURLLoaderImpl::Context::OnReceivedData(char const*, int)
(webkit/glue/weburlloader_impl.cc:476)
   (anonymous namespace)::RequestProxy::NotifyReceivedData(int)
(webkit/tools/test_shell/simple_resource_loader_bridge.cc:183)
   void DispatchToMethod<(anonymous namespace)::RequestProxy, void
((anonymous namespace)::RequestProxy::*)(int), int>((anonymous
namespace)::RequestProxy*, void ((anonymous
namespace)::RequestProxy::*)(int), Tuple1<int> const&) (base/tuple.h:422)
   RunnableMethod<(anonymous namespace)::RequestProxy, void ((anonymous
namespace)::RequestProxy::*)(int), Tuple1<int> >::Run() (base/task.h:256)
   MessageLoop::RunTask(Task*) (base/message_loop.cc:314)
   MessageLoop::DeferOrRunPendingTask(MessageLoop::PendingTask const&)
(base/message_loop.cc:322)
   MessageLoop::DoWork() (base/message_loop.cc:429)
   base::MessagePumpForUI::RunWithDispatcher(base::MessagePump::Delegate*,
base::MessagePumpForUI::Dispatcher*) (base/message_pump_glib.cc:196)
   base::MessagePumpForUI::Run(base::MessagePump::Delegate*)
(base/message_pump_glib.h:56)
   MessageLoop::RunInternal() (base/message_loop.cc:199)
   MessageLoop::RunHandler() (base/message_loop.cc:181)
   MessageLoop::Run() (base/message_loop.cc:155)
   TestShell::WaitTestFinished()  
(webkit/tools/test_shell/test_shell_gtk.cc:445)
   TestShell::RunFileTest(TestShell::TestParams const&)
(webkit/tools/test_shell/test_shell_gtk.cc:559)
   main (webkit/tools/test_shell/test_shell_main.cc:325)
Address 0x503e9b0 is 0 bytes inside a block of size 16 free'd
   free
(ome/chrome-bot/valgrind-10880/coregrind/m_replacemalloc/vg_replace_malloc.c:325)
   v8::internal::HandleScopeImplementer::~HandleScopeImplementer()
(v8/src/allocation.h:135)
   exit (/lib/tls/i686/cmov/libc-2.7.so)
   AlarmHandler(int) (webkit/tools/test_shell/test_shell_gtk.cc:430)
   0x4BA3127 (/lib/tls/i686/cmov/libc-2.7.so)
   event_base_loop (third_party/libevent/event.c:513)
   base::MessagePumpLibevent::Run(base::MessagePump::Delegate*)
(base/message_pump_libevent.cc:257)
   MessageLoop::RunInternal() (base/message_loop.cc:199)
   MessageLoop::RunHandler() (base/message_loop.cc:181)
   MessageLoop::Run() (base/message_loop.cc:155)
   base::Thread::Run(MessageLoop*) (base/thread.cc:132)
   base::Thread::ThreadMain() (base/thread.cc:153)
   ThreadFunc(void*) (base/platform_thread_posix.cc:26)
   start_thread (/lib/tls/i686/cmov/libpthread-2.7.so)

--
You received this message because you are listed in the owner
or CC fields of this issue, or because you starred this issue.
You may adjust your issue notification preferences at:
http://code.google.com/hosting/settings

--~--~---------~--~----~------------~-------~--~----~
Automated mail from issue updates at http://crbug.com/
Subscription options: http://groups.google.com/group/chromium-bugs
-~----------~----~----~----~------~----~------~--~---