Comment #44 on issue 23362 by craig.schlenter: glibc assert in
WebCore::CSSParser::~CSSParser() (double free) -- gcc 4.4-specific?
http://code.google.com/p/chromium/issues/detail?id=23362
Joel: A quick guess (without looking at the code) would be that the
difference in
where the free routines are pointing to might be related to some
extra 'padding' or
'tracking data' that malloc might end up adding to the blocks. Also given
that
valgrind was complaining about 2 bytes I think the fact that adding 1 byte
stops the
crash is "lucky" :) Did you just test the lapack URL or does it fix msnbc
etc. too
btw.?
dglazkov: should we file something in the webkit bts for this or are you
familiar
enough with cssparser.cpp to suggest a proper fix perhaps?
In semi-related news, spotrh has made some progress in tracking down where
the v8
initialisation is failing:
[v8.cc]
// Setup the object heap
ASSERT(!Heap::HasBeenSetup());
if (!Heap::Setup(create_heap_objects)) {
SetFatalError();
return false;
}
I'll put something in the v8 bugtracker for that later as that seems to be
unrelated
to the main cssparser issue here ...
--
You received this message because you are listed in the owner
or CC fields of this issue, or because you starred this issue.
You may adjust your issue notification preferences at:
http://code.google.com/hosting/settings
--~--~---------~--~----~------------~-------~--~----~
Automated mail from issue updates at http://crbug.com/
Subscription options: http://groups.google.com/group/chromium-bugs
-~----------~----~----~----~------~----~------~--~---
