=================================================================
|
==1321== ERROR: AddressSanitizer heap-use-after-free on address 0x7fffe7a9f8c0 at pc 0x55555ad46367 bp 0x7fffffff2c00 sp 0x7fffffff2bf8
|
READ of size 8 at 0x7fffe7a9f8c0 thread T0
|
#0 0x55555ad46367 in WebCore::RenderText::removeTextBox(WebCore::InlineTextBox*) ???:0
|
#1 0x55555aab10d9 in WebCore::InlineTextBox::deleteLine(WebCore::RenderArena*) ???:0
|
#2 0x55555aa99c6d in WebCore::InlineFlowBox::deleteLine(WebCore::RenderArena*) ???:0
|
#3 0x55555ab4ae73 in WebCore::RenderBlock::linkToEndLineIfNeeded(WebCore::LineLayoutState&) ???:0
|
#4 0x55555ab41990 in WebCore::RenderBlock::layoutRunsAndFloats(WebCore::LineLayoutState&, bool) ???:0
|
#5 0x55555ab5b28a in WebCore::RenderBlock::layoutInlineChildren(bool, int&, int&) ???:0
|
#6 0x55555aad7cf0 in WebCore::RenderBlock::layoutBlock(bool, int, WebCore::RenderBlock::BlockLayoutPass) ???:0
|
#7 0x55555ad14fcf in WebCore::RenderTableCell::layout() ???:0
|
#8 0x55555ad2bba5 in WebCore::RenderTableRow::layout() ???:0
|
#9 0x55555ad31b9d in WebCore::RenderTableSection::layout() ???:0
|
#10 0x55555ad07680 in WebCore::RenderTable::layout() ???:0
|
#11 0x55555aaf15c0 in WebCore::RenderBlock::layoutBlockChild(WebCore::RenderBox*, WebCore::RenderBlock::MarginInfo&, int&, int&) ???:0
|
#12 0x55555aadeb3b in WebCore::RenderBlock::layoutBlockChildren(bool, int&) ???:0
|
#13 0x55555aad7d0b in WebCore::RenderBlock::layoutBlock(bool, int, WebCore::RenderBlock::BlockLayoutPass) ???:0
|
#14 0x55555aad60b5 in WebCore::RenderBlock::layout() ???:0
|
#15 0x55555aaf15c0 in WebCore::RenderBlock::layoutBlockChild(WebCore::RenderBox*, WebCore::RenderBlock::MarginInfo&, int&, int&) ???:0
|
#16 0x55555aadeb3b in WebCore::RenderBlock::layoutBlockChildren(bool, int&) ???:0
|
#17 0x55555aad7d0b in WebCore::RenderBlock::layoutBlock(bool, int, WebCore::RenderBlock::BlockLayoutPass) ???:0
|
#18 0x55555aad60b5 in WebCore::RenderBlock::layout() ???:0
|
#19 0x55555aaf15c0 in WebCore::RenderBlock::layoutBlockChild(WebCore::RenderBox*, WebCore::RenderBlock::MarginInfo&, int&, int&) ???:0
|
#20 0x55555aadeb3b in WebCore::RenderBlock::layoutBlockChildren(bool, int&) ???:0
|
#21 0x55555aad7d0b in WebCore::RenderBlock::layoutBlock(bool, int, WebCore::RenderBlock::BlockLayoutPass) ???:0
|
#22 0x55555aad60b5 in WebCore::RenderBlock::layout() ???:0
|
#23 0x55555ad8bd76 in WebCore::RenderView::layout() ???:0
|
#24 0x55555a5e0f1a in WebCore::FrameView::layout(bool) ???:0
|
#25 0x55555982c7a6 in WebCore::Document::updateLayoutIgnorePendingStylesheets() ???:0
|
#26 0x55555a2be25c in WebCore::VisiblePosition::canonicalPosition(WebCore::Position const&) ???:0
|
#27 0x55555a2bd97e in WebCore::VisiblePosition::init(WebCore::Position const&, WebCore::EAffinity) ???:0
|
#28 0x55555a87abc1 in WebCore::CompositeEditCommand::moveParagraphWithClones(WebCore::VisiblePosition const&, WebCore::VisiblePosition const&, WebCore::Element*, WebCore::Node*) ???:0
|
#29 0x55555a1f36fb in WebCore::FormatBlockCommand::formatRange(WebCore::Position const&, WebCore::Position const&, WebCore::Position const&, WTF::RefPtr<WebCore::Element>&) ???:0
|
#30 0x55555a815b17 in WebCore::ApplyBlockElementCommand::formatSelection(WebCore::VisiblePosition const&, WebCore::VisiblePosition const&) ???:0
|
#31 0x55555a1f0f1a in WebCore::FormatBlockCommand::formatSelection(WebCore::VisiblePosition const&, WebCore::VisiblePosition const&) ???:0
|
#32 0x55555a813680 in WebCore::ApplyBlockElementCommand::doApply() ???:0
|
#33 0x55555a85a05a in WebCore::CompositeEditCommand::apply() ???:0
|
#34 0x55555a1e7c89 in WebCore::executeFormatBlock(WebCore::Frame*, WebCore::Event*, WebCore::EditorCommandSource, WTF::String const&) third_party/WebKit/Source/WebCore/editing/EditorCommand.cpp:0
|
#35 0x55555a1e5181 in WebCore::Editor::Command::execute(WTF::String const&, WebCore::Event*) const ???:0
|
#36 0x555559845806 in WebCore::Document::execCommand(WTF::String const&, bool, WTF::String const&) ???:0
|
#37 0x55555b27defb in WebCore::DocumentInternal::execCommandCallback(v8::Arguments const&) out/Release/obj/gen/webkit/bindings/V8DerivedSources16.cpp:0
|
#38 0x555558771e06 in v8::internal::Builtin_HandleApiCall(v8::internal::(anonymous namespace)::BuiltinArguments<(v8::internal::BuiltinExtraArguments)1>, v8::internal::Isolate*) v8/src/builtins.cc:0
|
#39 0x33c2fee0610e
|
#40 0x33c2fee32059
|
#41 0x33c2fee0986e
|
#42 0x33c2fee21aa1
|
#43 0x33c2fee09397
|
#44 0x5555587be3e8 in v8::internal::Invoke(bool, v8::internal::Handle<v8::internal::JSFunction>, v8::internal::Handle<v8::internal::Object>, int, v8::internal::Handle<v8::internal::Object>*, bool*) v8/src/execution.cc:0
|
#45 0x555558726162 in v8::Function::Call(v8::Handle<v8::Object>, int, v8::Handle<v8::Value>*) ???:0
|
#46 0x555559f701db in WebCore::V8Proxy::instrumentedCallFunction(WebCore::Frame*, v8::Handle<v8::Function>, v8::Handle<v8::Object>, int, v8::Handle<v8::Value>*) ???:0
|
#47 0x555559f6fbe7 in WebCore::V8Proxy::callFunction(v8::Handle<v8::Function>, v8::Handle<v8::Object>, int, v8::Handle<v8::Value>*) ???:0
|
#48 0x555559f5c6fe in WebCore::V8EventListener::callListenerFunction(WebCore::ScriptExecutionContext*, v8::Handle<v8::Value>, WebCore::Event*) ???:0
|
#49 0x55555a7489c4 in WebCore::V8AbstractEventListener::invokeEventHandler(WebCore::ScriptExecutionContext*, WebCore::Event*, v8::Handle<v8::Value>) ???:0
|
#50 0x55555a7486a9 in WebCore::V8AbstractEventListener::handleEvent(WebCore::ScriptExecutionContext*, WebCore::Event*) ???:0
|
#51 0x5555598a1bc1 in WebCore::EventTarget::fireEventListeners(WebCore::Event*, WebCore::EventTargetData*, WTF::Vector<WebCore::RegisteredEventListener, 1ul>&) ???:0
|
#52 0x5555598a1710 in WebCore::EventTarget::fireEventListeners(WebCore::Event*) ???:0
|
#53 0x55555a571a2e in WebCore::DOMWindow::dispatchEvent(WTF::PassRefPtr<WebCore::Event>, WTF::PassRefPtr<WebCore::EventTarget>) ???:0
|
#54 0x55555a583b02 in WebCore::DOMWindow::dispatchLoadEvent() ???:0
|
#55 0x55555982b723 in WebCore::Document::implicitClose() ???:0
|
#56 0x55555a496a66 in WebCore::FrameLoader::checkCompleted() ???:0
|
#57 0x55555a4932b8 in WebCore::FrameLoader::finishedParsing() ???:0
|
#58 0x555559849e8a in WebCore::Document::finishedParsing() ???:0
|
#59 0x555559b41913 in WebCore::HTMLDocumentParser::prepareToStopParsing() ???:0
|
#60 0x55555a478874 in WebCore::DocumentWriter::endIfNotLoadingMainResource() ???:0
|
#61 0x55555a4af599 in WebCore::FrameLoader::finishedLoading() ???:0
|
#62 0x55555a4d5ec1 in WebCore::MainResourceLoader::didFinishLoading(double) ???:0
|
#63 0x55555bb7f912 in webkit_glue::WebURLLoaderImpl::Context::OnCompletedRequest(net::URLRequestStatus const&, std::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, base::TimeTicks const&) ???:0
|
0x7fffe7a9f8c0 is located 64 bytes inside of 96-byte region [0x7fffe7a9f880,0x7fffe7a9f8e0)
|
freed by thread T0 here:
|
#0 0x55555d855732 in free ??:0
|
#1 0x55555ab1e367 in WebCore::RenderBlock::updateFirstLetter() ???:0
|
#2 0x55555aad607a in WebCore::RenderBlock::layout() ???:0
|
#3 0x55555aae86f9 in WebCore::RenderBlock::insertFloatingObject(WebCore::RenderBox*) ???:0
|
#4 0x55555ab5fba0 in WebCore::RenderBlock::LineBreaker::skipLeadingWhitespace(WebCore::BidiResolver<WebCore::InlineIterator, WebCore::BidiRun>&, WebCore::LineInfo&, WebCore::RenderBlock::FloatingObject*, WebCore::LineWidth&) ???:0
|
#5 0x55555ab4cc6d in WebCore::RenderBlock::LineBreaker::nextLineBreak(WebCore::BidiResolver<WebCore::InlineIterator, WebCore::BidiRun>&, WebCore::LineInfo&, std::pair<WebCore::RenderText*, WebCore::LazyLineBreakIterator>&, WebCore::RenderBlock::FloatingObject*, unsigned int) ???:0
|
#6 0x55555ab48f46 in WebCore::RenderBlock::layoutRunsAndFloatsInRange(WebCore::LineLayoutState&, WebCore::BidiResolver<WebCore::InlineIterator, WebCore::BidiRun>&, WebCore::InlineIterator const&, WebCore::BidiStatus const&, unsigned int) ???:0
|
#7 0x55555ab41985 in WebCore::RenderBlock::layoutRunsAndFloats(WebCore::LineLayoutState&, bool) ???:0
|
#8 0x55555ab5b28a in WebCore::RenderBlock::layoutInlineChildren(bool, int&, int&) ???:0
|
#9 0x55555aad7cf0 in WebCore::RenderBlock::layoutBlock(bool, int, WebCore::RenderBlock::BlockLayoutPass) ???:0
|
#10 0x55555ad14fcf in WebCore::RenderTableCell::layout() ???:0
|
#11 0x55555ad2bba5 in WebCore::RenderTableRow::layout() ???:0
|
#12 0x55555ad31b9d in WebCore::RenderTableSection::layout() ???:0
|
#13 0x55555ad07680 in WebCore::RenderTable::layout() ???:0
|
#14 0x55555aaf15c0 in WebCore::RenderBlock::layoutBlockChild(WebCore::RenderBox*, WebCore::RenderBlock::MarginInfo&, int&, int&) ???:0
|
#15 0x55555aadeb3b in WebCore::RenderBlock::layoutBlockChildren(bool, int&) ???:0
|
#16 0x55555aad7d0b in WebCore::RenderBlock::layoutBlock(bool, int, WebCore::RenderBlock::BlockLayoutPass) ???:0
|
#17 0x55555aad60b5 in WebCore::RenderBlock::layout() ???:0
|
#18 0x55555aaf15c0 in WebCore::RenderBlock::layoutBlockChild(WebCore::RenderBox*, WebCore::RenderBlock::MarginInfo&, int&, int&) ???:0
|
#19 0x55555aadeb3b in WebCore::RenderBlock::layoutBlockChildren(bool, int&) ???:0
|
#20 0x55555aad7d0b in WebCore::RenderBlock::layoutBlock(bool, int, WebCore::RenderBlock::BlockLayoutPass) ???:0
|
#21 0x55555aad60b5 in WebCore::RenderBlock::layout() ???:0
|
#22 0x55555aaf15c0 in WebCore::RenderBlock::layoutBlockChild(WebCore::RenderBox*, WebCore::RenderBlock::MarginInfo&, int&, int&) ???:0
|
#23 0x55555aadeb3b in WebCore::RenderBlock::layoutBlockChildren(bool, int&) ???:0
|
#24 0x55555aad7d0b in WebCore::RenderBlock::layoutBlock(bool, int, WebCore::RenderBlock::BlockLayoutPass) ???:0
|
#25 0x55555aad60b5 in WebCore::RenderBlock::layout() ???:0
|
#26 0x55555ad8bd76 in WebCore::RenderView::layout() ???:0
|
#27 0x55555a5e0f1a in WebCore::FrameView::layout(bool) ???:0
|
#28 0x55555982c7a6 in WebCore::Document::updateLayoutIgnorePendingStylesheets() ???:0
|
#29 0x55555a2be25c in WebCore::VisiblePosition::canonicalPosition(WebCore::Position const&) ???:0
|
previously allocated by thread T0 here:
|
#0 0x55555d8557f2 in malloc ??:0
|
#1 0x5555599410f9 in WebCore::Text::createRenderer(WebCore::RenderArena*, WebCore::RenderStyle*) ???:0
|
#2 0x5555598e7733 in WebCore::NodeRendererFactory::createRenderer() ???:0
|
#3 0x5555598e8093 in WebCore::NodeRendererFactory::createRendererIfNeeded() ???:0
|
#4 0x5555598c4c96 in WebCore::Node::createRendererIfNeeded() ???:0
|
#5 0x55555994138e in WebCore::Text::attach() ???:0
|
#6 0x5555598041d9 in WebCore::ContainerNode::appendChild(WTF::PassRefPtr<WebCore::Node>, int&, bool) ???:0
|
#7 0x55555aa685ce in WebCore::AppendNodeCommand::doApply() ???:0
|
#8 0x55555a85a9e1 in WebCore::CompositeEditCommand::applyCommandToComposite(WTF::PassRefPtr<WebCore::EditCommand>) ???:0
|
#9 0x55555a85d0a1 in WebCore::CompositeEditCommand::appendNode(WTF::PassRefPtr<WebCore::Node>, WTF::PassRefPtr<WebCore::ContainerNode>) ???:0
|
#10 0x55555a839f80 in WebCore::ApplyStyleCommand::surroundNodeRangeWithElement(WTF::PassRefPtr<WebCore::Node>, WTF::PassRefPtr<WebCore::Node>, WTF::PassRefPtr<WebCore::Element>) ???:0
|
#11 0x55555a84b73e in WebCore::ApplyStyleCommand::addInlineStyleIfNeeded(WebCore::EditingStyle*, WTF::PassRefPtr<WebCore::Node>, WTF::PassRefPtr<WebCore::Node>, WebCore::ApplyStyleCommand::EAddStyledElement) ???:0
|
#12 0x55555a844c86 in WebCore::ApplyStyleCommand::applyInlineStyleToNodeRange(WebCore::EditingStyle*, WebCore::Node*, WebCore::Node*) ???:0
|
#13 0x55555a843a9b in WebCore::ApplyStyleCommand::fixRangeAndApplyInlineStyle(WebCore::EditingStyle*, WebCore::Position const&, WebCore::Position const&) ???:0
|
#14 0x55555a8329cd in WebCore::ApplyStyleCommand::applyInlineStyle(WebCore::EditingStyle*) ???:0
|
#15 0x55555a8225ac in WebCore::ApplyStyleCommand::doApply() ???:0
|
#16 0x55555a85a05a in WebCore::CompositeEditCommand::apply() ???:0
|
#17 0x55555a1bd322 in WebCore::Editor::applyStyle(WebCore::CSSStyleDeclaration*, WebCore::EditAction) ???:0
|
#18 0x55555a1ee9e3 in WebCore::executeToggleStyleInList(WebCore::Frame*, WebCore::EditorCommandSource, WebCore::EditAction, int, WebCore::CSSValue*) third_party/WebKit/Source/WebCore/editing/EditorCommand.cpp:0
|
#19 0x55555a1ec0f8 in WebCore::executeStrikethrough(WebCore::Frame*, WebCore::Event*, WebCore::EditorCommandSource, WTF::String const&) third_party/WebKit/Source/WebCore/editing/EditorCommand.cpp:0
|
#20 0x55555a1e5181 in WebCore::Editor::Command::execute(WTF::String const&, WebCore::Event*) const ???:0
|
#21 0x555559845806 in WebCore::Document::execCommand(WTF::String const&, bool, WTF::String const&) ???:0
|
#22 0x55555b27defb in WebCore::DocumentInternal::execCommandCallback(v8::Arguments const&) out/Release/obj/gen/webkit/bindings/V8DerivedSources16.cpp:0
|
==1321== ABORTING
|
Stats: 8M malloced (11M for red zones) by 35181 calls
|
Stats: 2M realloced by 1774 calls
|
Stats: 7M freed by 25919 calls
|
Stats: 0M really freed by 0 calls
|
Stats: 52M (13320 full pages) mmaped in 13 calls
|
mmaps by size class: 8:32766; 9:8191; 10:4095; 11:2047; 12:1024; 13:512; 14:256; 15:128; 16:64; 17:32; 18:16; 19:8;
|
mallocs by size class: 8:29081; 9:3592; 10:1341; 11:570; 12:317; 13:72; 14:154; 15:27; 16:11; 17:12; 18:2; 19:2;
|
frees by size class: 8:20632; 9:3143; 10:1219; 11:430; 12:267; 13:53; 14:140; 15:20; 16:4; 17:7; 18:2; 19:2;
|
rfrees by size class:
|
Stats: malloc large: 16 small slow: 151
|
Shadow byte and word:
|
0x1ffffcf53f18: fd
|
0x1ffffcf53f18: fd fd fd fd fd fd fd fd
|
More shadow bytes:
|
0x1ffffcf53ef8: fd fd fd fd fd fd fd fd
|
0x1ffffcf53f00: fa fa fa fa fa fa fa fa
|
0x1ffffcf53f08: fa fa fa fa fa fa fa fa
|
0x1ffffcf53f10: fd fd fd fd fd fd fd fd
|
=>0x1ffffcf53f18: fd fd fd fd fd fd fd fd
|
0x1ffffcf53f20: fa fa fa fa fa fa fa fa
|
0x1ffffcf53f28: fa fa fa fa fa fa fa fa
|
0x1ffffcf53f30: fd fd fd fd fd fd fd fd
|
0x1ffffcf53f38: fd fd fd fd fd fd fd fd
|