Status: Untriaged Owner: [EMAIL PROTECTED] CC: [EMAIL PROTECTED] Labels: Type-Bug Pri-1 OS-All Area-Misc
New issue 5252 by [EMAIL PROTECTED]: Free memory read during LayoutTests\animations\transform-animation-event-destroy-element.html http://code.google.com/p/chromium/issues/detail?id=5252 This is currently crashing in the layout test list. Here's what Purify found: [E] FMR: Free memory read in WebCore::CompositeAnimation::resumeOverriddenImplicitAnimations(int) {1 occurrence} Reading 4 bytes from 0x06b25d98 (4 bytes at 0x06b25d98 illegal) Address 0x06b25d98 is at the beginning of a 4 byte block Address 0x06b25d98 points to a C++ new block in heap 0x069a0000 Thread ID: 0x8e4 Error location WebCore::CompositeAnimation::resumeOverriddenImplicitAnimations(int) [c:\b\slave\pl\build\src\third_party\webkit\webcore\page\animation\composit eanimation.cpp:620] WebCore::KeyframeAnimation::resumeOverriddenAnimations(void) [c:\b\slave\pl\build\src\third_party\webkit\webcore\page\animation\keyframe animation.cpp:229] WebCore::AnimationBase::updateStateMachine(AnimStateInput::AnimationBase::W ebCore,double) [c:\b\slave\pl\build\src\third_party\webkit\webcore\page\animation\animatio nbase.cpp:646] WebCore::AnimationBase::animationTimerCallbackFired(AtomicString::WebCore const&,double) [c:\b\slave\pl\build\src\third_party\webkit\webcore\page\animation\animatio nbase.cpp:719] WebCore::AnimationTimerCallback::timerFired(Timer<AnimationTimerBase::WebCo re>::WebCore *) [c:\b\slave\pl\build\src\third_party\webkit\webcore\page\animation\animatio nbase.cpp:68] WebCore::Timer<AnimationTimerBase::WebCore>::fired(void) [c:\b\slave\pl\build\src\third_party\webkit\webcore\platform\timer.h:99] WebCore::TimerBase::fireTimers(double,Vector<TimerBase::WebCore *,0>::WTF const&) [c:\b\slave\pl\build\src\third_party\webkit\webcore\platform\timer.cpp:347] WebCore::TimerBase::sharedTimerFired(void) [c:\b\slave\pl\build\src\third_party\webkit\webcore\platform\timer.cpp:368] WebCore::SharedTimerTask::Run(void) [c:\b\slave\pl\build\src\webkit\glue\chromium_bridge_impl.cc:442] MessageLoop::RunTask(Task *) [c:\b\slave\pl\build\src\base\message_loop.cc:308] MessageLoop::DeferOrRunPendingTask(PendingTask::MessageLoop const&) [c:\b\slave\pl\build\src\base\message_loop.cc:316] MessageLoop::DoDelayedWork(Time::base *) [c:\b\slave\pl\build\src\base\message_loop.cc:435] base::MessagePumpForUI::DoRunLoop(void) [c:\b\slave\pl\build\src\base\message_pump_win.cc:213] base::MessagePumpWin::RunWithDispatcher(Delegate::MessagePump::base *,Dispatcher::MessagePumpWin::base *) [c:\b\slave\pl\build\src\base\message_pump_win.cc:52] base::MessagePumpWin::Run(Delegate::MessagePump::base *) [c:\b\slave\pl\build\src\base\message_pump_win.h:78] MessageLoop::RunInternal(void) [c:\b\slave\pl\build\src\base\message_loop.cc:197] MessageLoop::RunHandler(void) [c:\b\slave\pl\build\src\base\message_loop.cc:180] MessageLoop::Run(void) [c:\b\slave\pl\build\src\base\message_loop.cc:154] TestShell::WaitTestFinished(void) [c:\b\slave\pl\build\src\webkit\tools\test_shell\test_shell_win.cc:478] TestShell::RunFileTest(char const*,TestParams::TestShell const&) [c:\b\slave\pl\build\src\webkit\tools\test_shell\test_shell_win.cc:258] main [c:\b\slave\pl\build\src\webkit\tools\test_shell\test_shell_main.cc:378] _tmainCRTStartup [f:\sp\vctools\crt_bld\self_x86\crt\src\crt0.c:327] Allocation location new(UINT) [c:\b\slave\pl\build\src\third_party\webkit\javascriptcore\wtf\fastmalloc.h :92] WebCore::AnimationControllerPrivate::accessCompositeAnimation(RenderObject: :WebCore *) [c:\b\slave\pl\build\src\third_party\webkit\webcore\page\animation\animatio ncontroller.cpp:91] WebCore::AnimationController::updateAnimations(RenderObject::WebCore *,RenderStyle::WebCore *) [c:\b\slave\pl\build\src\third_party\webkit\webcore\page\animation\animatio ncontroller.cpp:280] WebCore::RenderObject::setAnimatableStyle(PassRefPtr<RenderStyle::WebCore>: :WTF) [c:\b\slave\pl\build\src\third_party\webkit\webcore\rendering\renderobject. cpp:2189] WebCore::Node::createRendererIfNeeded(void) [c:\b\slave\pl\build\src\third_party\webkit\webcore\dom\node.cpp:1046] WebCore::Element::attach(void) [c:\b\slave\pl\build\src\third_party\webkit\webcore\dom\element.cpp:648] WebCore::HTMLParser::insertNode(Node::WebCore *,bool) [c:\b\slave\pl\build\src\third_party\webkit\webcore\html\htmlparser.cpp:349 ] WebCore::HTMLParser::parseToken(Token::WebCore *) [c:\b\slave\pl\build\src\third_party\webkit\webcore\html\htmlparser.cpp:258 ] WebCore::HTMLTokenizer::processToken(void) [c:\b\slave\pl\build\src\third_party\webkit\webcore\html\htmltokenizer.cpp: 1898] WebCore::HTMLTokenizer::parseTag(SegmentedString::WebCore&,State::HTMLToken izer::WebCore) [c:\b\slave\pl\build\src\third_party\webkit\webcore\html\htmltokenizer.cpp: 1480] WebCore::HTMLTokenizer::write(SegmentedString::WebCore const&,bool) [c:\b\slave\pl\build\src\third_party\webkit\webcore\html\htmltokenizer.cpp: 1726] WebCore::FrameLoader::write(char const*,int,bool) [c:\b\slave\pl\build\src\third_party\webkit\webcore\loader\frameloader.cpp: 1058] WebCore::FrameLoader::addData(char const*,int) [c:\b\slave\pl\build\src\third_party\webkit\webcore\loader\frameloader.cpp: 1904] WebFrameImpl::DidReceiveData(DocumentLoader::WebCore *,char const*,int) [c:\b\slave\pl\build\src\webkit\glue\webframe_impl.cc:1510] WebFrameLoaderClient::committedLoad(DocumentLoader::WebCore *,char const*,int) [c:\b\slave\pl\build\src\webkit\glue\webframeloaderclient_impl.cc:1055] WebCore::FrameLoader::committedLoad(DocumentLoader::WebCore *,char const*,int) [c:\b\slave\pl\build\src\third_party\webkit\webcore\loader\frameloader.cpp: 3534] WebCore::DocumentLoader::commitLoad(char const*,int) [c:\b\slave\pl\build\src\third_party\webkit\webcore\loader\documentloader.c pp:355] WebCore::DocumentLoader::receivedData(char const*,int) [c:\b\slave\pl\build\src\third_party\webkit\webcore\loader\documentloader.c pp:367] WebCore::FrameLoader::receivedData(char const*,int) [c:\b\slave\pl\build\src\third_party\webkit\webcore\loader\frameloader.cpp: 2371] WebCore::MainResourceLoader::addData(char const*,int,bool) [c:\b\slave\pl\build\src\third_party\webkit\webcore\loader\mainresourceload er.cpp:147] WebCore::ResourceLoader::didReceiveData(char const*,int,long long,bool) [c:\b\slave\pl\build\src\third_party\webkit\webcore\loader\resourceloader.c pp:251] WebCore::MainResourceLoader::didReceiveData(char const*,int,long long,bool) [c:\b\slave\pl\build\src\third_party\webkit\webcore\loader\mainresourceload er.cpp:316] WebCore::ResourceLoader::didReceiveData(ResourceHandle::WebCore *,char const*,int,int) [c:\b\slave\pl\build\src\third_party\webkit\webcore\loader\resourceloader.c pp:393] WebCore::ResourceHandleInternal::OnReceivedData(char const*,int) [c:\b\slave\pl\build\src\webkit\glue\resource_handle_impl.cc:596] ?A0xc8f35eb9::RequestProxy::NotifyReceivedData(int) [c:\b\slave\pl\build\src\webkit\tools\test_shell\simple_resource_loader_bri dge.cc:170] [EMAIL PROTECTED]@? A0xc8f35eb9@@[EMAIL PROTECTED]@ZH@@[EMAIL PROTECTED]@@[EMAIL PROTECTED]@ZABU? [EMAIL PROTECTED]@@@Z [c:\b\slave\pl\build\src\base\tuple.h:393] [EMAIL PROTECTED]@[EMAIL PROTECTED]@@[EMAIL PROTECTED]@ZU? [EMAIL PROTECTED]@@@@UAEXXZ [c:\b\slave\pl\build\src\base\task.h:312] MessageLoop::RunTask(Task *) [c:\b\slave\pl\build\src\base\message_loop.cc:308] MessageLoop::DeferOrRunPendingTask(PendingTask::MessageLoop const&) [c:\b\slave\pl\build\src\base\message_loop.cc:316] MessageLoop::DoWork(void) [c:\b\slave\pl\build\src\base\message_loop.cc:408] Free location delete(void *) [c:\b\slave\pl\build\src\third_party\webkit\javascriptcore\wtf\fastmalloc.h :93] WebCore::CompositeAnimation::`scalar deleting destructor'(UINT) [c:\b\slave\pl\build\src\webkit\Release\test_shell.exe] WebCore::AnimationControllerPrivate::clear(RenderObject::WebCore *) [c:\b\slave\pl\build\src\third_party\webkit\webcore\page\animation\animatio ncontroller.cpp:105] WebCore::AnimationController::cancelAnimations(RenderObject::WebCore *) [c:\b\slave\pl\build\src\third_party\webkit\webcore\page\animation\animatio ncontroller.cpp:256] WebCore::RenderObject::destroy(void) [c:\b\slave\pl\build\src\third_party\webkit\webcore\rendering\renderobject. cpp:2612] WebCore::RenderBox::destroy(void) [c:\b\slave\pl\build\src\third_party\webkit\webcore\rendering\renderbox.cpp :97] WebCore::RenderContainer::destroy(void) [c:\b\slave\pl\build\src\third_party\webkit\webcore\rendering\rendercontain er.cpp:56] WebCore::RenderFlow::destroy(void) [c:\b\slave\pl\build\src\third_party\webkit\webcore\rendering\renderflow.cp p:244] WebCore::Node::detach(void) [c:\b\slave\pl\build\src\third_party\webkit\webcore\dom\node.cpp:894] WebCore::ContainerNode::detach(void) [c:\b\slave\pl\build\src\third_party\webkit\webcore\dom\containernode.cpp:5 95] WebCore::Element::detach(void) [c:\b\slave\pl\build\src\third_party\webkit\webcore\dom\element.cpp:665] WebCore::ContainerNode::removeChild(Node::WebCore *,int&) [c:\b\slave\pl\build\src\third_party\webkit\webcore\dom\containernode.cpp:3 55] WebCore::NodeInternal::removeChildCallback [c:\b\slave\pl\build\src\webkit\release\obj\v8bindings\derivedsources\v8nod e.cpp:251] v8::internal::Builtin_HandleApiCall [c:\b\slave\pl\build\src\v8\src\builtins.cc:380] v8::internal::Invoke [c:\b\slave\pl\build\src\v8\src\execution.cc:87] v8::internal::Execution::Call(Handle<JSFunction::internal::v8>::internal::v 8,Handle<Object::internal::v8>::internal::v8,int,Object::internal::v8 * * *,bool *) [c:\b\slave\pl\build\src\v8\src\execution.cc:117] v8::Function::Call(Handle<Object::v8>::v8,int,Handle<Value::v8>::v8 * const) [c:\b\slave\pl\build\src\v8\src\api.cc:1959] WebCore::V8Proxy::CallFunction(Handle<Function::v8>::v8,Handle<Object::v8>: :v8,int,Handle<Value::v8>::v8 * const) [c:\b\slave\pl\build\src\webkit\port\bindings\v8\v8_proxy.cpp:1351] WebCore::V8EventListener::CallListenerFunction(Handle<Value::v8>::v8,Event: :WebCore *,bool) [c:\b\slave\pl\build\src\webkit\port\bindings\v8\v8_events.cpp:202] WebCore::V8AbstractEventListener::handleEvent(Event::WebCore *,bool) [c:\b\slave\pl\build\src\webkit\port\bindings\v8\v8_events.cpp:107] WebCore::EventTargetNode::handleLocalEvents(Event::WebCore *,bool) [c:\b\slave\pl\build\src\third_party\webkit\webcore\dom\eventtargetnode.cpp :203] WebCore::EventTargetNode::dispatchGenericEvent(PassRefPtr<Event::WebCore>:: WTF,int&) [c:\b\slave\pl\build\src\third_party\webkit\webcore\dom\eventtargetnode.cpp :324] WebCore::EventTargetNode::dispatchEvent(PassRefPtr<Event::WebCore>::WTF,int &) [c:\b\slave\pl\build\src\third_party\webkit\webcore\dom\eventtargetnode.cpp :257] WebCore::EventTargetNode::dispatchWebKitAnimationEvent(AtomicString::WebCor e const&,String::WebCore const&,double) [c:\b\slave\pl\build\src\third_party\webkit\webcore\dom\eventtargetnode.cpp :630] WebCore::KeyframeAnimation::sendAnimationEvent(AtomicString::WebCore const&,double) [c:\b\slave\pl\build\src\third_party\webkit\webcore\page\animation\keyframe animation.cpp:204] WebCore::KeyframeAnimation::onAnimationEnd(double) [c:\b\slave\pl\build\src\third_party\webkit\webcore\page\animation\keyframe animation.cpp:175] WebCore::AnimationBase::updateStateMachine(AnimStateInput::AnimationBase::W ebCore,double) [c:\b\slave\pl\build\src\third_party\webkit\webcore\page\animation\animatio nbase.cpp:644] WebCore::AnimationBase::animationTimerCallbackFired(AtomicString::WebCore const&,double) [c:\b\slave\pl\build\src\third_party\webkit\webcore\page\animation\animatio nbase.cpp:719] WebCore::AnimationTimerCallback::timerFired(Timer<AnimationTimerBase::WebCo re>::WebCore *) [c:\b\slave\pl\build\src\third_party\webkit\webcore\page\animation\animatio nbase.cpp:68] WebCore::Timer<AnimationTimerBase::WebCore>::fired(void) [c:\b\slave\pl\build\src\third_party\webkit\webcore\platform\timer.h:99] [E] IPR: Invalid pointer read in WTF::HashTable<int,pair<int,RefPtr<ImplicitAnimation::WebCore>::WTF>::std,P airFirstExtractor<pair<int,RefPtr<ImplicitAnimation::WebCore>::WTF>::std>:: WTF,IntHash<UINT>::WTF,PairHashTraits<HashTraits<int>::WTF,HashTraits<RefPt r<ImplicitAnimation::WebCore>::WTF>::WTF>::WTF,HashTraits<int>::WTF>::end(v oid) {1 occurrence} Reading 4 bytes from 0xaeaeaeb2 (4 bytes at 0xaeaeaeb2 illegal) Address 0xaeaeaeb2 points into invalid memory Thread ID: 0x8e4 Error location WTF::HashTable<int,pair<int,RefPtr<ImplicitAnimation::WebCore>::WTF>::std,P airFirstExtractor<pair<int,RefPtr<ImplicitAnimation::WebCore>::WTF>::std>:: WTF,IntHash<UINT>::WTF,PairHashTraits<HashTraits<int>::WTF,HashTraits<RefPt r<ImplicitAnimation::WebCore>::WTF>::WTF>::WTF,HashTraits<int>::WTF>::end(v oid) [c:\b\slave\pl\build\src\third_party\webkit\javascriptcore\wtf\hashtable.h: 307] WTF::HashMap<int,RefPtr<ImplicitAnimation::WebCore>::WTF,IntHash<UINT>::WTF ,HashTraits<int>::WTF,HashTraits<RefPtr<ImplicitAnimation::WebCore>::WTF>:: WTF>::end(void) [c:\b\slave\pl\build\src\third_party\webkit\javascriptcore\wtf\hashmap.h:14 3] WebCore::CompositeAnimationPrivate::resumeOverriddenImplicitAnimations(int) [c:\b\slave\pl\build\src\third_party\webkit\webcore\page\animation\composit eanimation.cpp:452] WebCore::CompositeAnimation::resumeOverriddenImplicitAnimations(int) [c:\b\slave\pl\build\src\third_party\webkit\webcore\page\animation\composit eanimation.cpp:620] WebCore::KeyframeAnimation::resumeOverriddenAnimations(void) [c:\b\slave\pl\build\src\third_party\webkit\webcore\page\animation\keyframe animation.cpp:229] WebCore::AnimationBase::updateStateMachine(AnimStateInput::AnimationBase::W ebCore,double) [c:\b\slave\pl\build\src\third_party\webkit\webcore\page\animation\animatio nbase.cpp:646] WebCore::AnimationBase::animationTimerCallbackFired(AtomicString::WebCore const&,double) [c:\b\slave\pl\build\src\third_party\webkit\webcore\page\animation\animatio nbase.cpp:719] WebCore::AnimationTimerCallback::timerFired(Timer<AnimationTimerBase::WebCo re>::WebCore *) [c:\b\slave\pl\build\src\third_party\webkit\webcore\page\animation\animatio nbase.cpp:68] WebCore::Timer<AnimationTimerBase::WebCore>::fired(void) [c:\b\slave\pl\build\src\third_party\webkit\webcore\platform\timer.h:99] WebCore::TimerBase::fireTimers(double,Vector<TimerBase::WebCore *,0>::WTF const&) [c:\b\slave\pl\build\src\third_party\webkit\webcore\platform\timer.cpp:347] WebCore::TimerBase::sharedTimerFired(void) [c:\b\slave\pl\build\src\third_party\webkit\webcore\platform\timer.cpp:368] WebCore::SharedTimerTask::Run(void) [c:\b\slave\pl\build\src\webkit\glue\chromium_bridge_impl.cc:442] MessageLoop::RunTask(Task *) [c:\b\slave\pl\build\src\base\message_loop.cc:308] MessageLoop::DeferOrRunPendingTask(PendingTask::MessageLoop const&) [c:\b\slave\pl\build\src\base\message_loop.cc:316] MessageLoop::DoDelayedWork(Time::base *) [c:\b\slave\pl\build\src\base\message_loop.cc:435] base::MessagePumpForUI::DoRunLoop(void) [c:\b\slave\pl\build\src\base\message_pump_win.cc:213] base::MessagePumpWin::RunWithDispatcher(Delegate::MessagePump::base *,Dispatcher::MessagePumpWin::base *) [c:\b\slave\pl\build\src\base\message_pump_win.cc:52] base::MessagePumpWin::Run(Delegate::MessagePump::base *) [c:\b\slave\pl\build\src\base\message_pump_win.h:78] MessageLoop::RunInternal(void) [c:\b\slave\pl\build\src\base\message_loop.cc:197] MessageLoop::RunHandler(void) [c:\b\slave\pl\build\src\base\message_loop.cc:180] MessageLoop::Run(void) [c:\b\slave\pl\build\src\base\message_loop.cc:154] TestShell::WaitTestFinished(void) [c:\b\slave\pl\build\src\webkit\tools\test_shell\test_shell_win.cc:478] TestShell::RunFileTest(char const*,TestParams::TestShell const&) [c:\b\slave\pl\build\src\webkit\tools\test_shell\test_shell_win.cc:258] main [c:\b\slave\pl\build\src\webkit\tools\test_shell\test_shell_main.cc:378] _tmainCRTStartup [f:\sp\vctools\crt_bld\self_x86\crt\src\crt0.c:327] -- You received this message because you are listed in the owner or CC fields of this issue, or because you starred this issue. You may adjust your issue notification preferences at: http://code.google.com/hosting/settings --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Chromium-bugs" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/chromium-bugs?hl=en -~----------~----~----~----~------~----~------~--~---
