Hello. I have a C program that binds a JS function to WebKit (gtk+ r47882). Now when I run the program for some time it segfaults. I checked it under valgrind and get the following backtrace:
============================ ==6195== Invalid write of size 8 ==6195== at 0x815D694: JSC::JIT::unlinkCall(JSC::CallLinkInfo*) (in /usr/lib/libwebkit-1.0.so.2.9.0) ==6195== by 0x819A977: JSC::CodeBlock::unlinkCallers() (in /usr/lib/libwebkit-1.0.so.2.9.0) ==6195== by 0x820723B: JSC::JSFunction::~JSFunction() (in /usr/lib/libwebkit-1.0.so.2.9.0) ==6195== by 0x8285386: unsigned long JSC::Heap::sweep<(JSC::HeapType)0>() (in /usr/lib/libwebkit-1.0.so.2.9.0) ==6195== by 0x823A1B7: JSC::Heap::collect() (in /usr/lib/libwebkit-1.0.so.2.9.0) ==6195== by 0x85CF421: WebCore::ThreadTimers::fireTimers(double, WTF::Vector<WebCore::TimerBase*, 0ul> const&) (in /usr/lib/libwebkit-1.0.so.2.9.0) ==6195== by 0x85CF4CA: WebCore::ThreadTimers::sharedTimerFiredInternal() (in /usr/lib/libwebkit-1.0.so.2.9.0) ==6195== by 0x8863611: WebCore::timeout_cb(void*) (in /usr/lib/libwebkit-1.0.so.2.9.0) ==6195== by 0xB16C889: g_main_context_dispatch (gmain.c:1960) ==6195== by 0xB170217: g_main_context_iterate (gmain.c:2591) ==6195== by 0xB17070C: g_main_loop_run (gmain.c:2799) ==6195== by 0x9109BC6: gtk_main (gtkmain.c:1205) ==6195== Address 0x193b7b7b is not stack'd, malloc'd or (recently) free'd [Mon Nov 2 07:57:18 2009] ======================================================== It seems that the JS function was destroyed before the destructor for JSC::JSFunction was called. I should mention I re-bind the same function because sometimes the page changes and the binding is lost. But sometimes the page stays and I bind over the existing binding. Can this be the reason that leads to the segfault? Doesn't WebKit destroy the function if I bind it over? Greets, Luka
_______________________________________________ webkit-help mailing list [email protected] http://lists.webkit.org/mailman/listinfo.cgi/webkit-help
