=================================================================
|
==6826== ERROR: AddressSanitizer heap-buffer-overflow on address 0x7fffed2215c0 at pc 0x55555aaf5859 bp 0x7ffffffefdd0 sp 0x7ffffffefdc8
|
READ of size 8 at 0x7fffed2215c0 thread T0
|
#0 0x55555aaf5859 in WebCore::InlineFlowBox::addToLine(WebCore::InlineBox*) ???:0
|
#1 0x55555ab95d16 in WebCore::RenderBlock::createLineBoxes(WebCore::RenderObject*, WebCore::LineInfo const&, WebCore::InlineBox*) ???:0
|
#2 0x55555ab96697 in WebCore::RenderBlock::constructLine(WebCore::BidiRunList<WebCore::BidiRun>&, WebCore::LineInfo const&) ???:0
|
#3 0x55555ab9c05f in WebCore::RenderBlock::createLineBoxesFromBidiRuns(WebCore::BidiRunList<WebCore::BidiRun>&, WebCore::InlineIterator const&, WebCore::LineInfo&, WebCore::VerticalPositionCache&, WebCore::BidiRun*) ???:0
|
#4 0x55555aba255c in WebCore::RenderBlock::layoutRunsAndFloatsInRange(WebCore::LineLayoutState&, WebCore::BidiResolver<WebCore::InlineIterator, WebCore::BidiRun>&, WebCore::InlineIterator const&, WebCore::BidiStatus const&, unsigned int) ???:0
|
#5 0x55555ab9d6b5 in WebCore::RenderBlock::layoutRunsAndFloats(WebCore::LineLayoutState&, bool) ???:0
|
#6 0x55555abb70a1 in WebCore::RenderBlock::layoutInlineChildren(bool, int&, int&) ???:0
|
#7 0x55555ab33d25 in WebCore::RenderBlock::layoutBlock(bool, int, WebCore::RenderBlock::BlockLayoutPass) ???:0
|
#8 0x55555ab320c5 in WebCore::RenderBlock::layout() ???:0
|
#9 0x55555ab4d600 in WebCore::RenderBlock::layoutBlockChild(WebCore::RenderBox*, WebCore::RenderBlock::MarginInfo&, int&, int&) ???:0
|
#10 0x55555ab3ac2b in WebCore::RenderBlock::layoutBlockChildren(bool, int&) ???:0
|
#11 0x55555ab33d41 in WebCore::RenderBlock::layoutBlock(bool, int, WebCore::RenderBlock::BlockLayoutPass) ???:0
|
#12 0x55555ab320c5 in WebCore::RenderBlock::layout() ???:0
|
#13 0x55555ab4d600 in WebCore::RenderBlock::layoutBlockChild(WebCore::RenderBox*, WebCore::RenderBlock::MarginInfo&, int&, int&) ???:0
|
#14 0x55555ab3ac2b in WebCore::RenderBlock::layoutBlockChildren(bool, int&) ???:0
|
#15 0x55555ab33d41 in WebCore::RenderBlock::layoutBlock(bool, int, WebCore::RenderBlock::BlockLayoutPass) ???:0
|
#16 0x55555ab320c5 in WebCore::RenderBlock::layout() ???:0
|
#17 0x55555ab4d600 in WebCore::RenderBlock::layoutBlockChild(WebCore::RenderBox*, WebCore::RenderBlock::MarginInfo&, int&, int&) ???:0
|
#18 0x55555ab3ac2b in WebCore::RenderBlock::layoutBlockChildren(bool, int&) ???:0
|
#19 0x55555ab33d41 in WebCore::RenderBlock::layoutBlock(bool, int, WebCore::RenderBlock::BlockLayoutPass) ???:0
|
#20 0x55555ab320c5 in WebCore::RenderBlock::layout() ???:0
|
#21 0x55555ab4d600 in WebCore::RenderBlock::layoutBlockChild(WebCore::RenderBox*, WebCore::RenderBlock::MarginInfo&, int&, int&) ???:0
|
#22 0x55555ab3ac2b in WebCore::RenderBlock::layoutBlockChildren(bool, int&) ???:0
|
#23 0x55555ab33d41 in WebCore::RenderBlock::layoutBlock(bool, int, WebCore::RenderBlock::BlockLayoutPass) ???:0
|
#24 0x55555ab320c5 in WebCore::RenderBlock::layout() ???:0
|
#25 0x55555ab4d600 in WebCore::RenderBlock::layoutBlockChild(WebCore::RenderBox*, WebCore::RenderBlock::MarginInfo&, int&, int&) ???:0
|
#26 0x55555ab3ac2b in WebCore::RenderBlock::layoutBlockChildren(bool, int&) ???:0
|
#27 0x55555ab33d41 in WebCore::RenderBlock::layoutBlock(bool, int, WebCore::RenderBlock::BlockLayoutPass) ???:0
|
#28 0x55555ab320c5 in WebCore::RenderBlock::layout() ???:0
|
#29 0x55555ab4d600 in WebCore::RenderBlock::layoutBlockChild(WebCore::RenderBox*, WebCore::RenderBlock::MarginInfo&, int&, int&) ???:0
|
#30 0x55555ab3ac2b in WebCore::RenderBlock::layoutBlockChildren(bool, int&) ???:0
|
#31 0x55555ab33d41 in WebCore::RenderBlock::layoutBlock(bool, int, WebCore::RenderBlock::BlockLayoutPass) ???:0
|
#32 0x55555ab320c5 in WebCore::RenderBlock::layout() ???:0
|
#33 0x55555adea946 in WebCore::RenderView::layout() ???:0
|
#34 0x55555a631b7a in WebCore::FrameView::layout(bool) ???:0
|
#35 0x55555a64355e in WebCore::FrameView::updateLayoutAndStyleIfNeededRecursive() ???:0
|
#36 0x5555592d4097 in WebKit::WebViewImpl::layout() ???:0
|
#37 0x55555c750f29 in RenderWidget::DoDeferredUpdate() ???:0
|
#38 0x55555c747de1 in RenderWidget::OnUpdateRectAck() ???:0
|
#39 0x55555c746979 in RenderWidget::OnMessageReceived(IPC::Message const&) ???:0
|
#40 0x55555c6f4de1 in RenderViewImpl::OnMessageReceived(IPC::Message const&) ???:0
|
#41 0x5555591a9048 in MessageRouter::RouteMessage(IPC::Message const&) ???:0
|
#42 0x5555591a8eb0 in MessageRouter::OnMessageReceived(IPC::Message const&) ???:0
|
#43 0x5555590cf782 in ChildThread::OnMessageReceived(IPC::Message const&) ???:0
|
#44 0x5555592207f9 in IPC::ChannelProxy::Context::OnDispatchMessage(IPC::Message const&) ???:0
|
#45 0x555557a916d6 in MessageLoop::RunTask(base::PendingTask const&) ???:0
|
#46 0x555557a91f36 in MessageLoop::DeferOrRunPendingTask(base::PendingTask const&) ???:0
|
#47 0x555557a9321b in MessageLoop::DoWork() ???:0
|
#48 0x555557a9dcd7 in base::MessagePumpDefault::Run(base::MessagePump::Delegate*) ???:0
|
#49 0x555557a9029e in MessageLoop::RunInternal() ???:0
|
#50 0x555557a8e48f in MessageLoop::Run() ???:0
|
#51 0x55555c76ee62 in RendererMain(content::MainFunctionParams const&) ???:0
|
#52 0x5555579ee098 in (anonymous namespace)::RunNamedProcessTypeMain(std::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, content::MainFunctionParams const&, content::ContentMainDelegate*) content/app/content_main.cc:0
|
#53 0x5555579ed564 in content::ContentMain(int, char const**, content::ContentMainDelegate*) ???:0
|
#54 0x5555561f9397 in ChromeMain ??:0
|
#55 0x5555561f92eb in main ???:0
|
#56 0x7ffff208130d in ?? ??:0
|
0x7fffed2215c0 is located 8 bytes to the right of 56-byte region [0x7fffed221580,0x7fffed2215b8)
|
allocated by thread T0 here:
|
#0 0x55555d8f2c32 in malloc ??:0
|
#1 0x55555abe18a7 in WebCore::RenderBox::createInlineBox() ???:0
|
#2 0x55555ab96047 in WebCore::RenderBlock::createLineBoxes(WebCore::RenderObject*, WebCore::LineInfo const&, WebCore::InlineBox*) ???:0
|
#3 0x55555ab96697 in WebCore::RenderBlock::constructLine(WebCore::BidiRunList<WebCore::BidiRun>&, WebCore::LineInfo const&) ???:0
|
#4 0x55555ab9c05f in WebCore::RenderBlock::createLineBoxesFromBidiRuns(WebCore::BidiRunList<WebCore::BidiRun>&, WebCore::InlineIterator const&, WebCore::LineInfo&, WebCore::VerticalPositionCache&, WebCore::BidiRun*) ???:0
|
#5 0x55555aba255c in WebCore::RenderBlock::layoutRunsAndFloatsInRange(WebCore::LineLayoutState&, WebCore::BidiResolver<WebCore::InlineIterator, WebCore::BidiRun>&, WebCore::InlineIterator const&, WebCore::BidiStatus const&, unsigned int) ???:0
|
#6 0x55555ab9d6b5 in WebCore::RenderBlock::layoutRunsAndFloats(WebCore::LineLayoutState&, bool) ???:0
|
#7 0x55555abb70a1 in WebCore::RenderBlock::layoutInlineChildren(bool, int&, int&) ???:0
|
#8 0x55555ab33d25 in WebCore::RenderBlock::layoutBlock(bool, int, WebCore::RenderBlock::BlockLayoutPass) ???:0
|
#9 0x55555ab320c5 in WebCore::RenderBlock::layout() ???:0
|
#10 0x55555ab4d600 in WebCore::RenderBlock::layoutBlockChild(WebCore::RenderBox*, WebCore::RenderBlock::MarginInfo&, int&, int&) ???:0
|
#11 0x55555ab3ac2b in WebCore::RenderBlock::layoutBlockChildren(bool, int&) ???:0
|
#12 0x55555ab33d41 in WebCore::RenderBlock::layoutBlock(bool, int, WebCore::RenderBlock::BlockLayoutPass) ???:0
|
#13 0x55555ab320c5 in WebCore::RenderBlock::layout() ???:0
|
#14 0x55555ab4d600 in WebCore::RenderBlock::layoutBlockChild(WebCore::RenderBox*, WebCore::RenderBlock::MarginInfo&, int&, int&) ???:0
|
#15 0x55555ab3ac2b in WebCore::RenderBlock::layoutBlockChildren(bool, int&) ???:0
|
#16 0x55555ab33d41 in WebCore::RenderBlock::layoutBlock(bool, int, WebCore::RenderBlock::BlockLayoutPass) ???:0
|
#17 0x55555ab320c5 in WebCore::RenderBlock::layout() ???:0
|
#18 0x55555ab4d600 in WebCore::RenderBlock::layoutBlockChild(WebCore::RenderBox*, WebCore::RenderBlock::MarginInfo&, int&, int&) ???:0
|
#19 0x55555ab3ac2b in WebCore::RenderBlock::layoutBlockChildren(bool, int&) ???:0
|
#20 0x55555ab33d41 in WebCore::RenderBlock::layoutBlock(bool, int, WebCore::RenderBlock::BlockLayoutPass) ???:0
|
#21 0x55555ab320c5 in WebCore::RenderBlock::layout() ???:0
|
#22 0x55555ab4d600 in WebCore::RenderBlock::layoutBlockChild(WebCore::RenderBox*, WebCore::RenderBlock::MarginInfo&, int&, int&) ???:0
|
==6826== ABORTING
|
Stats: 3M malloced (4M for red zones) by 12889 calls
|
Stats: 0M realloced by 84 calls
|
Stats: 2M freed by 5736 calls
|
Stats: 0M really freed by 0 calls
|
Stats: 44M (11271 full pages) mmaped in 11 calls
|
mmaps by size class: 8:16383; 9:8191; 10:4095; 11:2047; 12:1024; 13:512; 14:256; 15:128; 16:64; 17:32; 18:16;
|
mallocs by size class: 8:11057; 9:748; 10:520; 11:316; 12:70; 13:55; 14:97; 15:8; 16:9; 17:7; 18:2;
|
frees by size class: 8:4536; 9:397; 10:423; 11:205; 12:36; 13:41; 14:84; 15:5; 16:2; 17:5; 18:2;
|
rfrees by size class:
|
Stats: malloc large: 9 small slow: 71
|
Shadow byte and word:
|
0x1ffffda442b8: fb
|
0x1ffffda442b8: fb fb fb fb fb fb fb fb
|
More shadow bytes:
|
0x1ffffda44298: 00 00 fb fb fb fb fb fb
|
0x1ffffda442a0: fa fa fa fa fa fa fa fa
|
0x1ffffda442a8: fa fa fa fa fa fa fa fa
|
0x1ffffda442b0: 00 00 00 00 00 00 00 fb
|
=>0x1ffffda442b8: fb fb fb fb fb fb fb fb
|
0x1ffffda442c0: fa fa fa fa fa fa fa fa
|
0x1ffffda442c8: fa fa fa fa fa fa fa fa
|
0x1ffffda442d0: fa fa fa fa fa fa fa fa
|
0x1ffffda442d8: fa fa fa fa fa fa fa fa
|