ASAN:SIGILL
|
=================================================================
|
HINT: if your stack trace looks short or garbled, use ASAN_OPTIONS=fast_unwind=0
|
==13917== ERROR: AddressSanitizer heap-use-after-free on address 0x7fffe389f090 at pc 0x7ffff37498aa bp 0x7fffffff3430 sp 0x7fffffff3400
|
READ of size 4 at 0x7fffe389f090 thread T0
|
#0 0x7ffff37498aa in WebCore::RenderInline::baselinePosition(WebCore::FontBaseline, bool, WebCore::LineDirectionMode, WebCore::LinePositionMode) const ???:0
|
#1 0x7ffff38d65f6 in WebCore::RootInlineBox::ascentAndDescentForBox(WebCore::InlineBox*, WTF::HashMap<WebCore::InlineTextBox const*, std::pair<WTF::Vector<WebCore::SimpleFontData const*, 0ul>, WebCore::GlyphOverflow>, WTF::PtrHash<WebCore::InlineTextBox const*>, WTF::HashTraits<WebCore::InlineTextBox const*>, WTF::HashTraits<std::pair<WTF::Vector<WebCore::SimpleFontData const*, 0ul>, WebCore::GlyphOverflow> > >&, int&, int&, bool&, bool&) const ???:0
|
#2 0x7ffff35ba5d9 in WebCore::InlineFlowBox::computeLogicalBoxHeights(WebCore::RootInlineBox*, int&, int&, int&, int&, bool&, bool&, bool, WTF::HashMap<WebCore::InlineTextBox const*, std::pair<WTF::Vector<WebCore::SimpleFontData const*, 0ul>, WebCore::GlyphOverflow>, WTF::PtrHash<WebCore::InlineTextBox const*>, WTF::HashTraits<WebCore::InlineTextBox const*>, WTF::HashTraits<std::pair<WTF::Vector<WebCore::SimpleFontData const*, 0ul>, WebCore::GlyphOverflow> > >&, WebCore::FontBaseline, WebCore::VerticalPositionCache&) ???:0
|
#3 0x7ffff38d1914 in WebCore::RootInlineBox::alignBoxesInBlockDirection(int, WTF::HashMap<WebCore::InlineTextBox const*, std::pair<WTF::Vector<WebCore::SimpleFontData const*, 0ul>, WebCore::GlyphOverflow>, WTF::PtrHash<WebCore::InlineTextBox const*>, WTF::HashTraits<WebCore::InlineTextBox const*>, WTF::HashTraits<std::pair<WTF::Vector<WebCore::SimpleFontData const*, 0ul>, WebCore::GlyphOverflow> > >&, WebCore::VerticalPositionCache&) ???:0
|
#4 0x7ffff3662042 in WebCore::RenderBlock::computeBlockDirectionPositionsForLine(WebCore::RootInlineBox*, WebCore::BidiRun*, WTF::HashMap<WebCore::InlineTextBox const*, std::pair<WTF::Vector<WebCore::SimpleFontData const*, 0ul>, WebCore::GlyphOverflow>, WTF::PtrHash<WebCore::InlineTextBox const*>, WTF::HashTraits<WebCore::InlineTextBox const*>, WTF::HashTraits<std::pair<WTF::Vector<WebCore::SimpleFontData const*, 0ul>, WebCore::GlyphOverflow> > >&, WebCore::VerticalPositionCache&) ???:0
|
#5 0x7ffff3662c5f in WebCore::RenderBlock::createLineBoxesFromBidiRuns(WebCore::BidiRunList<WebCore::BidiRun>&, WebCore::InlineIterator const&, WebCore::LineInfo&, WebCore::VerticalPositionCache&, WebCore::BidiRun*) ???:0
|
#6 0x7ffff366bbb7 in WebCore::RenderBlock::layoutRunsAndFloatsInRange(WebCore::LineLayoutState&, WebCore::BidiResolver<WebCore::InlineIterator, WebCore::BidiRun>&, WebCore::InlineIterator const&, WebCore::BidiStatus const&, unsigned int) ???:0
|
#7 0x7ffff36642e3 in WebCore::RenderBlock::layoutRunsAndFloats(WebCore::LineLayoutState&, bool) ???:0
|
#8 0x7ffff367ee76 in WebCore::RenderBlock::layoutInlineChildren(bool, int&, int&) ???:0
|
#9 0x7ffff35f642c in WebCore::RenderBlock::layoutBlock(bool, int, WebCore::RenderBlock::BlockLayoutPass) ???:0
|
#10 0x7ffff35f50f9 in WebCore::RenderBlock::layout() ???:0
|
#11 0x7ffff3610964 in WebCore::RenderBlock::layoutBlockChild(WebCore::RenderBox*, WebCore::RenderBlock::MarginInfo&, int&, int&) ???:0
|
#12 0x7ffff35fdb6a in WebCore::RenderBlock::layoutBlockChildren(bool, int&) ???:0
|
#13 0x7ffff35f644d in WebCore::RenderBlock::layoutBlock(bool, int, WebCore::RenderBlock::BlockLayoutPass) ???:0
|
#14 0x7ffff35f50f9 in WebCore::RenderBlock::layout() ???:0
|
#15 0x7ffff3610964 in WebCore::RenderBlock::layoutBlockChild(WebCore::RenderBox*, WebCore::RenderBlock::MarginInfo&, int&, int&) ???:0
|
#16 0x7ffff35fdb6a in WebCore::RenderBlock::layoutBlockChildren(bool, int&) ???:0
|
#17 0x7ffff35f644d in WebCore::RenderBlock::layoutBlock(bool, int, WebCore::RenderBlock::BlockLayoutPass) ???:0
|
#18 0x7ffff35f50f9 in WebCore::RenderBlock::layout() ???:0
|
#19 0x7ffff3610964 in WebCore::RenderBlock::layoutBlockChild(WebCore::RenderBox*, WebCore::RenderBlock::MarginInfo&, int&, int&) ???:0
|
#20 0x7ffff35fdb6a in WebCore::RenderBlock::layoutBlockChildren(bool, int&) ???:0
|
#21 0x7ffff35f644d in WebCore::RenderBlock::layoutBlock(bool, int, WebCore::RenderBlock::BlockLayoutPass) ???:0
|
#22 0x7ffff35f50f9 in WebCore::RenderBlock::layout() ???:0
|
#23 0x7ffff3610964 in WebCore::RenderBlock::layoutBlockChild(WebCore::RenderBox*, WebCore::RenderBlock::MarginInfo&, int&, int&) ???:0
|
#24 0x7ffff35fdb6a in WebCore::RenderBlock::layoutBlockChildren(bool, int&) ???:0
|
#25 0x7ffff35f644d in WebCore::RenderBlock::layoutBlock(bool, int, WebCore::RenderBlock::BlockLayoutPass) ???:0
|
#26 0x7ffff35f50f9 in WebCore::RenderBlock::layout() ???:0
|
#27 0x7ffff38b55cb in WebCore::RenderView::layout() ???:0
|
#28 0x7ffff312fe3b in WebCore::FrameView::layout(bool) ???:0
|
#29 0x7ffff31416d3 in WebCore::FrameView::updateLayoutAndStyleIfNeededRecursive() ???:0
|
#30 0x7ffff1fa2963 in WebKit::WebViewImpl::layout() ???:0
|
#31 0x7ffff5263cf9 in RenderWidget::DoDeferredUpdate() ???:0
|
#32 0x7ffff525a0d1 in RenderWidget::OnUpdateRectAck() ???:0
|
#33 0x7ffff5258dca in RenderWidget::OnMessageReceived(IPC::Message const&) ???:0
|
#34 0x7ffff5208f64 in RenderView::OnMessageReceived(IPC::Message const&) ???:0
|
#35 0x7ffff1e6e360 in MessageRouter::RouteMessage(IPC::Message const&) ???:0
|
#36 0x7ffff1e6e1c9 in MessageRouter::OnMessageReceived(IPC::Message const&) ???:0
|
#37 0x7ffff1d90e1e in ChildThread::OnMessageReceived(IPC::Message const&) ???:0
|
#38 0x7ffff1eeb231 in IPC::ChannelProxy::Context::OnDispatchMessage(IPC::Message const&) ???:0
|
#39 0x7ffff07a67a9 in base::subtle::TaskClosureAdapter::Run() ???:0
|
#40 0x7ffff0733bdb in MessageLoop::RunTask(MessageLoop::PendingTask const&) ???:0
|
#41 0x7ffff07341d2 in MessageLoop::DeferOrRunPendingTask(MessageLoop::PendingTask const&) ???:0
|
#42 0x7ffff07353c9 in MessageLoop::DoWork() ???:0
|
#43 0x7ffff073ea3a in base::MessagePumpDefault::Run(base::MessagePump::Delegate*) ???:0
|
#44 0x7ffff0732aba in MessageLoop::RunInternal() ???:0
|
#45 0x7ffff0730c29 in MessageLoop::Run() ???:0
|
#46 0x7ffff527a063 in RendererMain(MainFunctionParams const&) ???:0
|
#47 0x7ffff053ecf9 in (anonymous namespace)::RunNamedProcessTypeMain(std::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, MainFunctionParams const&, content::ContentMainDelegate*) content/app/content_main.cc:0
|
#48 0x7ffff053e0bd in content::ContentMain(int, char const**, content::ContentMainDelegate*) ???:0
|
#49 0x7fffeee5a12b in ChromeMain ??:0
|
#50 0x7fffeee592db in main ???:0
|
#51 0x7fffe8b57eff in __libc_start_main /build/buildd/eglibc-2.13/csu/libc-start.c:258
|
#52 0x7fffeee591f9 in _start ??:0
|
0x7fffe389f090 is located 16 bytes inside of 1208-byte region [0x7fffe389f080,0x7fffe389f538)
|
freed by thread T0 here:
|
#0 0x7ffff5e1708a in free _asan_rtl_
|
#1 0x7ffff356176d in WebCore::CSSFontFaceSource::pruneTable() ???:0
|
#2 0x7ffff35619b1 in WebCore::CSSFontFaceSource::fontLoaded(WebCore::CachedFont*) ???:0
|
#3 0x7ffff34a5d6d in WebCore::CachedFont::checkNotify() ???:0
|
#4 0x7ffff307e314 in WebCore::CachedResourceRequest::didFinishLoading(WebCore::SubresourceLoader*, double) ???:0
|
#5 0x7ffff3045972 in WebCore::SubresourceLoader::didFinishLoading(double) ???:0
|
#6 0x7ffff470fab5 in webkit_glue::WebURLLoaderImpl::Context::OnCompletedRequest(net::URLRequestStatus const&, std::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, base::Time const&) ???:0
|
#7 0x7ffff1e9e16c in bool ResourceMsg_RequestComplete::Dispatch<ResourceDispatcher, ResourceDispatcher, void (ResourceDispatcher::*)(int, net::URLRequestStatus const&, std::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, base::Time const&)>(IPC::Message const*, ResourceDispatcher*, ResourceDispatcher*, void (ResourceDispatcher::*)(int, net::URLRequestStatus const&, std::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, base::Time const&)) ???:0
|
#8 0x7ffff1e9bd33 in ResourceDispatcher::DispatchMessage(IPC::Message const&) ???:0
|
#9 0x7ffff1e99b77 in ResourceDispatcher::OnMessageReceived(IPC::Message const&) ???:0
|
#10 0x7ffff1d90b10 in ChildThread::OnMessageReceived(IPC::Message const&) ???:0
|
#11 0x7ffff1eeb231 in IPC::ChannelProxy::Context::OnDispatchMessage(IPC::Message const&) ???:0
|
#12 0x7ffff07a67a9 in base::subtle::TaskClosureAdapter::Run() ???:0
|
#13 0x7ffff0733bdb in MessageLoop::RunTask(MessageLoop::PendingTask const&) ???:0
|
#14 0x7ffff07341d2 in MessageLoop::DeferOrRunPendingTask(MessageLoop::PendingTask const&) ???:0
|
#15 0x7ffff07353c9 in MessageLoop::DoWork() ???:0
|
#16 0x7ffff073ea3a in base::MessagePumpDefault::Run(base::MessagePump::Delegate*) ???:0
|
#17 0x7ffff0732aba in MessageLoop::RunInternal() ???:0
|
#18 0x7ffff0730c29 in MessageLoop::Run() ???:0
|
#19 0x7ffff527a063 in RendererMain(MainFunctionParams const&) ???:0
|
#20 0x7ffff053ecf9 in (anonymous namespace)::RunNamedProcessTypeMain(std::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, MainFunctionParams const&, content::ContentMainDelegate*) content/app/content_main.cc:0
|
#21 0x7ffff053e0bd in content::ContentMain(int, char const**, content::ContentMainDelegate*) ???:0
|
#22 0x7fffeee5a12b in ChromeMain ??:0
|
#23 0x7fffeee592db in main ???:0
|
#24 0x7fffe8b57eff in __libc_start_main /build/buildd/eglibc-2.13/csu/libc-start.c:258
|
previously allocated by thread T0 here:
|
#0 0x7ffff5e16f7a in malloc _asan_rtl_
|
#1 0x7ffff208bb0b in WTF::fastMalloc(unsigned long) ???:0
|
#2 0x7ffff35627f8 in WebCore::CSSFontFaceSource::getFontData(WebCore::FontDescription const&, bool, bool, WebCore::CSSFontSelector*) ???:0
|
#3 0x7ffff355f6ac in WebCore::CSSFontFace::getFontData(WebCore::FontDescription const&, bool, bool) ???:0
|
#4 0x7ffff32f272c in WebCore::CSSSegmentedFontFace::getFontData(WebCore::FontDescription const&) ???:0
|
#5 0x7ffff32c4b13 in WebCore::CSSFontSelector::getFontData(WebCore::FontDescription const&, WTF::AtomicString const&) ???:0
|
#6 0x7ffff284851e in WebCore::FontCache::getFontData(WebCore::Font const&, int&, WebCore::FontSelector*) ???:0
|
#7 0x7ffff2851e56 in WebCore::FontFallbackList::fontDataAt(WebCore::Font const*, unsigned int) const ???:0
|
#8 0x7ffff37dbd84 in WebCore::RenderListMarker::computePreferredLogicalWidths() ???:0
|
#9 0x7ffff37cd088 in WebCore::RenderListItem::updateMarkerLocation() ???:0
|
#10 0x7ffff37cd9b1 in WebCore::RenderListItem::layout() ???:0
|
#11 0x7ffff3610964 in WebCore::RenderBlock::layoutBlockChild(WebCore::RenderBox*, WebCore::RenderBlock::MarginInfo&, int&, int&) ???:0
|
#12 0x7ffff35fdb6a in WebCore::RenderBlock::layoutBlockChildren(bool, int&) ???:0
|
#13 0x7ffff35f644d in WebCore::RenderBlock::layoutBlock(bool, int, WebCore::RenderBlock::BlockLayoutPass) ???:0
|
#14 0x7ffff35f50f9 in WebCore::RenderBlock::layout() ???:0
|
#15 0x7ffff3610964 in WebCore::RenderBlock::layoutBlockChild(WebCore::RenderBox*, WebCore::RenderBlock::MarginInfo&, int&, int&) ???:0
|
#16 0x7ffff35fdb6a in WebCore::RenderBlock::layoutBlockChildren(bool, int&) ???:0
|
#17 0x7ffff35f644d in WebCore::RenderBlock::layoutBlock(bool, int, WebCore::RenderBlock::BlockLayoutPass) ???:0
|
#18 0x7ffff35f50f9 in WebCore::RenderBlock::layout() ???:0
|
#19 0x7ffff3610964 in WebCore::RenderBlock::layoutBlockChild(WebCore::RenderBox*, WebCore::RenderBlock::MarginInfo&, int&, int&) ???:0
|
#20 0x7ffff35fdb6a in WebCore::RenderBlock::layoutBlockChildren(bool, int&) ???:0
|
#21 0x7ffff35f644d in WebCore::RenderBlock::layoutBlock(bool, int, WebCore::RenderBlock::BlockLayoutPass) ???:0
|
#22 0x7ffff35f50f9 in WebCore::RenderBlock::layout() ???:0
|
==13917== ABORTING
|
Shadow byte and word:
|
0x1ffffc713e12: fd
|
0x1ffffc713e10: fd fd fd fd fd fd fd fd
|
More shadow bytes:
|
0x1ffffc713df0: fa fa fa fa fa fa fa fa
|
0x1ffffc713df8: fa fa fa fa fa fa fa fa
|
0x1ffffc713e00: fa fa fa fa fa fa fa fa
|
0x1ffffc713e08: fa fa fa fa fa fa fa fa
|
=>0x1ffffc713e10: fd fd fd fd fd fd fd fd
|
0x1ffffc713e18: fd fd fd fd fd fd fd fd
|
0x1ffffc713e20: fd fd fd fd fd fd fd fd
|
0x1ffffc713e28: fd fd fd fd fd fd fd fd
|
0x1ffffc713e30: fd fd fd fd fd fd fd fd
|