Comment #43 on issue 23362 by joel.stan: glibc assert in
WebCore::CSSParser::~CSSParser() (double free) -- gcc 4.4-specific?
http://code.google.com/p/chromium/issues/detail?id=23362
I could add 10, 3, 2 or 1 to the size of the malloc and it fixed the crash.
Leading into the crash the execution path looks as follows. 0x7fffe8096930
is the
location of m_data. I don't understand why _int_free is pointing at
0x7fffe8096920.
fastFree(m_data);
WTF::fastFree (p=0x7fffe8096930)
at third_party/WebKit/JavaScriptCore/wtf/FastMalloc.cpp:294
free(p);
*__GI___libc_free (mem=0x7fffe8096930) at malloc.c:3675
_int_free (av=0x7fffe8000020, p=0x7fffe8096920) at malloc.c:4720
_int_free (av=<value optimized out>, p=<value optimized out>) at
malloc.c:4750
malloc_printerr (action=3,
str=0x7ffff2b03710 "double free or corruption (!prev)",
ptr=0x7fffe8096930)
at malloc.c:6205
--
You received this message because you are listed in the owner
or CC fields of this issue, or because you starred this issue.
You may adjust your issue notification preferences at:
http://code.google.com/hosting/settings
--~--~---------~--~----~------------~-------~--~----~
Automated mail from issue updates at http://crbug.com/
Subscription options: http://groups.google.com/group/chromium-bugs
-~----------~----~----~----~------~----~------~--~---
