[12442:12442:0903/082856:65331638404:ERROR:browser_main_loop.cc(161)] Running without the SUID sandbox! See https://code.google.com/p/chromium/wiki/LinuxSUIDSandboxDevelopment for more information on developing with the sandbox on.
|
#READY
|
=================================================================
|
==12442==ERROR: AddressSanitizer: heap-use-after-free on address 0x604000191e34 at pc 0x00001468e811 bp 0x7fcd3452ffb0 sp 0x7fcd3452ffa8
|
READ of size 1 at 0x604000191e34 thread T20 (Chrome_InProcRe)
|
#0 0x1468e810 in blink::FloatingObject::type() const /home/bjonesbe/blink/src/out/Debug/../../third_party/WebKit/Source/core/rendering/FloatingObjects.h:58
|
#1 0x1486ff35 in blink::ComputeFloatOffsetAdapter<(blink::FloatingObject::Type)1>::collectIfNeeded(blink::PODInterval<int, blink::FloatingObject*> const&) /home/bjonesbe/blink/src/out/Debug/../../third_party/WebKit/Source/core/rendering/FloatingObjects.cpp:470
|
#2 0x1486f8dc in void blink::PODIntervalTree<int, blink::FloatingObject*>::searchForOverlapsFrom<blink::ComputeFloatOffsetForLineLayoutAdapter<(blink::FloatingObject::Type)1> >(blink::PODRedBlackTree<blink::PODInterval<int, blink::FloatingObject*> >::Node*, blink::ComputeFloatOffsetForLineLayoutAdapter<(blink::FloatingObject::Type)1>&) const /home/bjonesbe/blink/src/out/Debug/../../third_party/WebKit/Source/platform/PODIntervalTree.h:175
|
#3 0x1486fa19 in void blink::PODIntervalTree<int, blink::FloatingObject*>::searchForOverlapsFrom<blink::ComputeFloatOffsetForLineLayoutAdapter<(blink::FloatingObject::Type)1> >(blink::PODRedBlackTree<blink::PODInterval<int, blink::FloatingObject*> >::Node*, blink::ComputeFloatOffsetForLineLayoutAdapter<(blink::FloatingObject::Type)1>&) const /home/bjonesbe/blink/src/out/Debug/../../third_party/WebKit/Source/platform/PODIntervalTree.h:181
|
#4 0x1486a3b0 in void blink::PODIntervalTree<int, blink::FloatingObject*>::allOverlapsWithAdapter<blink::ComputeFloatOffsetForLineLayoutAdapter<(blink::FloatingObject::Type)1> >(blink::ComputeFloatOffsetForLineLayoutAdapter<(blink::FloatingObject::Type)1>&) const /home/bjonesbe/blink/src/out/Debug/../../third_party/WebKit/Source/platform/PODIntervalTree.h:125
|
#5 0x14860e75 in blink::FloatingObjects::logicalLeftOffset(blink::LayoutUnit, blink::LayoutUnit, blink::LayoutUnit) /home/bjonesbe/blink/src/out/Debug/../../third_party/WebKit/Source/core/rendering/FloatingObjects.cpp:399
|
#6 0x13aa00eb in blink::RenderBlockFlow::logicalLeftFloatOffsetForLine(blink::LayoutUnit, blink::LayoutUnit, blink::LayoutUnit) const /home/bjonesbe/blink/src/out/Debug/../../third_party/WebKit/Source/core/rendering/RenderBlockFlow.cpp:2725
|
#7 0x13ade5bd in blink::RenderBlockFlow::logicalLeftOffsetForLine(blink::LayoutUnit, blink::LayoutUnit, bool, blink::LayoutUnit) const /home/bjonesbe/blink/src/out/Debug/../../third_party/WebKit/Source/core/rendering/RenderBlockFlow.h:206
|
#8 0x13ac7604 in blink::RenderBlockFlow::logicalLeftOffsetForLine(blink::LayoutUnit, bool, blink::LayoutUnit) const /home/bjonesbe/blink/src/out/Debug/../../third_party/WebKit/Source/core/rendering/RenderBlockFlow.h:77
|
#9 0x13aa41a1 in blink::RenderBlockFlow::logicalLeftSelectionOffset(blink::RenderBlock*, blink::LayoutUnit) /home/bjonesbe/blink/src/out/Debug/../../third_party/WebKit/Source/core/rendering/RenderBlockFlow.cpp:2813
|
#10 0x138e649e in blink::RenderBlock::selectionGapRectsForPaintInvalidation(blink::RenderLayerModelObject const*) /home/bjonesbe/blink/src/out/Debug/../../third_party/WebKit/Source/core/rendering/RenderBlock.cpp:2260
|
#11 0x144f9932 in blink::RenderBlockSelectionInfo::RenderBlockSelectionInfo(blink::RenderBlock*) /home/bjonesbe/blink/src/out/Debug/../../third_party/WebKit/Source/core/rendering/RenderSelectionInfo.h:100
|
#12 0x144ec3dd in blink::RenderView::setSelection(blink::RenderObject*, int, blink::RenderObject*, int, blink::RenderView::SelectionPaintInvalidationMode) /home/bjonesbe/blink/src/out/Debug/../../third_party/WebKit/Source/core/rendering/RenderView.cpp:734
|
#13 0x11a501ee in blink::FrameSelection::updateAppearance(blink::FrameSelection::ResetCaretBlinkOption) /home/bjonesbe/blink/src/out/Debug/../../third_party/WebKit/Source/core/editing/FrameSelection.cpp:1603
|
#14 0x11e53989 in blink::FrameView::performPostLayoutTasks() /home/bjonesbe/blink/src/out/Debug/../../third_party/WebKit/Source/core/frame/FrameView.cpp:1924
|
#15 0x11e556eb in blink::FrameView::scheduleOrPerformPostLayoutTasks() /home/bjonesbe/blink/src/out/Debug/../../third_party/WebKit/Source/core/frame/FrameView.cpp:751
|
#16 0x11e58e92 in blink::FrameView::layout(bool) /home/bjonesbe/blink/src/out/Debug/../../third_party/WebKit/Source/core/frame/FrameView.cpp:924
|
#17 0xe79c397 in blink::Document::implicitClose() /home/bjonesbe/blink/src/out/Debug/../../third_party/WebKit/Source/core/dom/Document.cpp:2593
|
#18 0x126f3222 in blink::FrameLoader::checkCompleted() /home/bjonesbe/blink/src/out/Debug/../../third_party/WebKit/Source/core/loader/FrameLoader.cpp:498
|
#19 0x126ed713 in blink::FrameLoader::finishedParsing() /home/bjonesbe/blink/src/out/Debug/../../third_party/WebKit/Source/core/loader/FrameLoader.cpp:428
|
#20 0xe7d051e in blink::Document::finishedParsing() /home/bjonesbe/blink/src/out/Debug/../../third_party/WebKit/Source/core/dom/Document.cpp:4678
|
#21 0x10bd1553 in blink::HTMLConstructionSite::finishedParsing() /home/bjonesbe/blink/src/out/Debug/../../third_party/WebKit/Source/core/html/parser/HTMLConstructionSite.cpp:545
|
#22 0x10877154 in blink::HTMLTreeBuilder::finished() /home/bjonesbe/blink/src/out/Debug/../../third_party/WebKit/Source/core/html/parser/HTMLTreeBuilder.cpp:2807
|
#23 0x106f29f0 in blink::HTMLDocumentParser::end() /home/bjonesbe/blink/src/out/Debug/../../third_party/WebKit/Source/core/html/parser/HTMLDocumentParser.cpp:830
|
#24 0x106e4c87 in blink::HTMLDocumentParser::attemptToRunDeferredScriptsAndEnd() /home/bjonesbe/blink/src/out/Debug/../../third_party/WebKit/Source/core/html/parser/HTMLDocumentParser.cpp:841
|
#25 0x106e42ca in blink::HTMLDocumentParser::prepareToStopParsing() /home/bjonesbe/blink/src/out/Debug/../../third_party/WebKit/Source/core/html/parser/HTMLDocumentParser.cpp:242
|
#26 0x106ecead in blink::HTMLDocumentParser::processParsedChunkFromBackgroundParser(WTF::PassOwnPtr<blink::HTMLDocumentParser::ParsedChunk>) /home/bjonesbe/blink/src/out/Debug/../../third_party/WebKit/Source/core/html/parser/HTMLDocumentParser.cpp:493
|
#27 0x106e81c8 in blink::HTMLDocumentParser::pumpPendingSpeculations() /home/bjonesbe/blink/src/out/Debug/../../third_party/WebKit/Source/core/html/parser/HTMLDocumentParser.cpp:532
|
#28 0x106e9d91 in blink::HTMLDocumentParser::didReceiveParsedChunkFromBackgroundParser(WTF::PassOwnPtr<blink::HTMLDocumentParser::ParsedChunk>) /home/bjonesbe/blink/src/out/Debug/../../third_party/WebKit/Source/core/html/parser/HTMLDocumentParser.cpp:365
|
#29 0x10ba9e74 in WTF::FunctionWrapper<void (blink::HTMLDocumentParser::*)(WTF::PassOwnPtr<blink::HTMLDocumentParser::ParsedChunk>)>::operator()(WTF::WeakPtr<blink::HTMLDocumentParser> const&, WTF::PassOwnPtr<blink::HTMLDocumentParser::ParsedChunk>) /home/bjonesbe/blink/src/out/Debug/../../third_party/WebKit/Source/wtf/Functional.h:229 (discriminator 4)
|
#30 0x10ba9a9d in WTF::BoundFunctionImpl<WTF::FunctionWrapper<void (blink::HTMLDocumentParser::*)(WTF::PassOwnPtr<blink::HTMLDocumentParser::ParsedChunk>)>, void (WTF::WeakPtr<blink::HTMLDocumentParser>, WTF::PassOwnPtr<blink::HTMLDocumentParser::ParsedChunk>)>::operator()() /home/bjonesbe/blink/src/out/Debug/../../third_party/WebKit/Source/wtf/Functional.h:920
|
#31 0xbcfe92b in WTF::Function<void ()>::operator()() const /home/bjonesbe/blink/src/out/Debug/../../third_party/WebKit/Source/wtf/Functional.h:1077
|
#32 0xc9d1d17 in WTF::callFunctionObject(void*) /home/bjonesbe/blink/src/out/Debug/../../third_party/WebKit/Source/wtf/MainThread.cpp:62
|
#33 0xe122b43 in WTF::FunctionWrapper<void (*)(void*)>::operator()(void*) /home/bjonesbe/blink/src/out/Debug/../../third_party/WebKit/Source/wtf/Functional.h:78
|
#34 0xe12290f in WTF::BoundFunctionImpl<WTF::FunctionWrapper<void (*)(void*)>, void (void*)>::operator()() /home/bjonesbe/blink/src/out/Debug/../../third_party/WebKit/Source/wtf/Functional.h:900
|
#35 0xbcfe92b in WTF::Function<void ()>::operator()() const /home/bjonesbe/blink/src/out/Debug/../../third_party/WebKit/Source/wtf/Functional.h:1077
|
#36 0xc9a2ed8 in blink::Scheduler::TracedTask::run() /home/bjonesbe/blink/src/out/Debug/../../third_party/WebKit/Source/platform/scheduler/Scheduler.cpp:264
|
#37 0xc9ac330 in blink::Scheduler::MainThreadPendingTaskRunner::run() /home/bjonesbe/blink/src/out/Debug/../../third_party/WebKit/Source/platform/scheduler/Scheduler.cpp:90
|
#38 0x223ec8ba in base::internal::RunnableAdapter<void (blink::WebThread::Task::*)()>::Run(blink::WebThread::Task*) /home/bjonesbe/blink/src/out/Debug/../../base/bind_internal.h:134 (discriminator 4)
|
#39 0x223ec439 in base::internal::InvokeHelper<false, void, base::internal::RunnableAdapter<void (blink::WebThread::Task::*)()>, void (blink::WebThread::Task*)>::MakeItSo(base::internal::RunnableAdapter<void (blink::WebThread::Task::*)()>, blink::WebThread::Task*) /home/bjonesbe/blink/src/out/Debug/../../base/bind_internal.h:871
|
#40 0x223ec047 in base::internal::Invoker<1, base::internal::BindState<base::internal::RunnableAdapter<void (blink::WebThread::Task::*)()>, void (blink::WebThread::Task*), void (base::internal::OwnedWrapper<blink::WebThread::Task>)>, void (blink::WebThread::Task*)>::Run(base::internal::BindStateBase*) /home/bjonesbe/blink/src/out/Debug/../../base/bind_internal.h:1166
|
#41 0x5b7f48 in base::Callback<void ()>::Run() const /home/bjonesbe/blink/src/out/Debug/../../base/callback.h:401
|
#42 0x2beef4a in base::debug::TaskAnnotator::RunTask(char const*, char const*, base::PendingTask const&) /home/bjonesbe/blink/src/out/Debug/../../base/debug/task_annotator.cc:62
|
#43 0x23c1170 in base::MessageLoop::RunTask(base::PendingTask const&) /home/bjonesbe/blink/src/out/Debug/../../base/message_loop/message_loop.cc:446
|
#44 0x23c1a9a in base::MessageLoop::DeferOrRunPendingTask(base::PendingTask const&) /home/bjonesbe/blink/src/out/Debug/../../base/message_loop/message_loop.cc:456
|
#45 0x23c4d15 in base::MessageLoop::DoWork() /home/bjonesbe/blink/src/out/Debug/../../base/message_loop/message_loop.cc:565
|
#46 0x244b4db in base::MessagePumpDefault::Run(base::MessagePump::Delegate*) /home/bjonesbe/blink/src/out/Debug/../../base/message_loop/message_pump_default.cc:32
|
#47 0x23bee67 in base::MessageLoop::RunHandler() /home/bjonesbe/blink/src/out/Debug/../../base/message_loop/message_loop.cc:415
|
#48 0x25c5d9b in base::RunLoop::Run() /home/bjonesbe/blink/src/out/Debug/../../base/run_loop.cc:49
|
#49 0x23bc3fa in base::MessageLoop::Run() /home/bjonesbe/blink/src/out/Debug/../../base/message_loop/message_loop.cc:308
|
#50 0x278a04a2 in base::Thread::Run(base::MessageLoop*) /home/bjonesbe/blink/src/out/Debug/../../base/threading/thread.cc:174
|
#51 0x278a2151 in base::Thread::ThreadMain() /home/bjonesbe/blink/src/out/Debug/../../base/threading/thread.cc:228
|
#52 0x28e5b75 in base::(anonymous namespace)::ThreadFunc(void*) /home/bjonesbe/blink/src/out/Debug/../../base/threading/platform_thread_posix.cc:80
|
#53 0x7fcd5078c181 in start_thread /build/buildd/eglibc-2.19/nptl/pthread_create.c:312 (discriminator 2)
|
#54 0x7fcd4eaecfbc in clone /build/buildd/eglibc-2.19/misc/../sysdeps/unix/sysv/linux/x86_64/clone.S:111
|
|
0x604000191e34 is located 36 bytes inside of 40-byte region [0x604000191e10,0x604000191e38)
|
freed by thread T20 (Chrome_InProcRe) here:
|
#0 0x4d0fab in __interceptor_free ??:?
|
#1 0xc9b2d8e in WTF::partitionFreeGeneric(WTF::PartitionRootGeneric*, void*) /home/bjonesbe/blink/src/out/Debug/../../third_party/WebKit/Source/wtf/PartitionAlloc.h:560
|
#2 0xc9d0ff4 in WTF::fastFree(void*) /home/bjonesbe/blink/src/out/Debug/../../third_party/WebKit/Source/wtf/FastMalloc.cpp:79
|
#3 0x13acb139 in blink::FloatingObject::operator delete(void*) /home/bjonesbe/blink/src/out/Debug/../../third_party/WebKit/Source/core/rendering/FloatingObjects.h:42
|
#4 0x13acafb3 in WTF::OwnedPtrDeleter<blink::FloatingObject>::deletePtr(blink::FloatingObject*) /home/bjonesbe/blink/src/out/Debug/../../third_party/WebKit/Source/wtf/OwnPtrCommon.h:52 (discriminator 3)
|
#5 0x13ac3464 in WTF::OwnPtr<blink::FloatingObject>::~OwnPtr() /home/bjonesbe/blink/src/out/Debug/../../third_party/WebKit/Source/wtf/OwnPtr.h:67
|
#6 0x1485e189 in blink::FloatingObjects::remove(blink::FloatingObject*) /home/bjonesbe/blink/src/out/Debug/../../third_party/WebKit/Source/core/rendering/FloatingObjects.cpp:355
|
#7 0x13a874d3 in blink::RenderBlockFlow::removeFloatingObject(blink::RenderBox*) /home/bjonesbe/blink/src/out/Debug/../../third_party/WebKit/Source/core/rendering/RenderBlockFlow.cpp:2351
|
#8 0x13a50c30 in blink::RenderBlockFlow::markAllDescendantsWithFloatsForLayout(blink::RenderBox*, bool) /home/bjonesbe/blink/src/out/Debug/../../third_party/WebKit/Source/core/rendering/RenderBlockFlow.cpp:1798
|
#9 0x13b73e83 in blink::RenderBox::removeFloatingOrPositionedChildFromBlockLists() /home/bjonesbe/blink/src/out/Debug/../../third_party/WebKit/Source/core/rendering/RenderBox.cpp:133
|
#10 0x13c20ffb in blink::RenderBox::markShapeOutsideDependentsForLayout() /home/bjonesbe/blink/src/out/Debug/../../third_party/WebKit/Source/core/rendering/RenderBox.h:623
|
#11 0x13ba69b3 in blink::RenderBox::imageChanged(void*, blink::IntRect const*) /home/bjonesbe/blink/src/out/Debug/../../third_party/WebKit/Source/core/rendering/RenderBox.cpp:1478
|
#12 0x141ec8ff in blink::RenderObject::imageChanged(blink::ImageResource*, blink::IntRect const*) /home/bjonesbe/blink/src/out/Debug/../../third_party/WebKit/Source/core/rendering/RenderObject.cpp:3216
|
#13 0x11c7c90e in blink::ImageResource::notifyObservers(blink::IntRect const*) /home/bjonesbe/blink/src/out/Debug/../../third_party/WebKit/Source/core/fetch/ImageResource.cpp:293
|
#14 0x11c80123 in blink::ImageResource::changedInRect(blink::Image const*, blink::IntRect const&) /home/bjonesbe/blink/src/out/Debug/../../third_party/WebKit/Source/core/fetch/ImageResource.cpp:456
|
#15 0x11c803ba in non-virtual thunk to blink::ImageResource::changedInRect(blink::Image const*, blink::IntRect const&) /home/bjonesbe/blink/src/out/Debug/../../third_party/WebKit/Source/core/fetch/ImageResource.cpp:457
|
#16 0x1500a3de in blink::SVGImageChromeClient::invalidateContentsAndRootView(blink::IntRect const&) /home/bjonesbe/blink/src/out/Debug/../../third_party/WebKit/Source/core/svg/graphics/SVGImageChromeClient.cpp:62
|
#17 0x127c35d7 in blink::Chrome::invalidateContentsAndRootView(blink::IntRect const&) /home/bjonesbe/blink/src/out/Debug/../../third_party/WebKit/Source/core/page/Chrome.cpp:69
|
#18 0xc922007 in blink::ScrollView::contentRectangleForPaintInvalidation(blink::IntRect const&) /home/bjonesbe/blink/src/out/Debug/../../third_party/WebKit/Source/platform/scroll/ScrollView.cpp:778
|
#19 0x11e6b510 in blink::FrameView::contentRectangleForPaintInvalidation(blink::IntRect const&) /home/bjonesbe/blink/src/out/Debug/../../third_party/WebKit/Source/core/frame/FrameView.cpp:1606
|
#20 0x144e4196 in blink::RenderView::invalidatePaintForRectangle(blink::LayoutRect const&) const /home/bjonesbe/blink/src/out/Debug/../../third_party/WebKit/Source/core/rendering/RenderView.cpp:458
|
#21 0x141c200d in blink::RenderObject::invalidatePaintUsingContainer(blink::RenderLayerModelObject const*, blink::LayoutRect const&, blink::InvalidationReason) const /home/bjonesbe/blink/src/out/Debug/../../third_party/WebKit/Source/core/rendering/RenderObject.cpp:1512
|
#22 0x144e30bd in blink::RenderView::invalidateTreeIfNeeded(blink::PaintInvalidationState const&) /home/bjonesbe/blink/src/out/Debug/../../third_party/WebKit/Source/core/rendering/RenderView.cpp:441
|
#23 0x11e5c19c in blink::FrameView::invalidateTreeIfNeeded() /home/bjonesbe/blink/src/out/Debug/../../third_party/WebKit/Source/core/frame/FrameView.cpp:962
|
#24 0x11e7ed34 in blink::FrameView::invalidateTreeIfNeededRecursive() /home/bjonesbe/blink/src/out/Debug/../../third_party/WebKit/Source/core/frame/FrameView.cpp:2621
|
#25 0x11e7e220 in blink::FrameView::updateLayoutAndStyleForPainting() /home/bjonesbe/blink/src/out/Debug/../../third_party/WebKit/Source/core/frame/FrameView.cpp:2560
|
#26 0x14fe9230 in blink::SVGImage::draw(blink::GraphicsContext*, blink::FloatRect const&, blink::FloatRect const&, blink::CompositeOperator, blink::WebBlendMode) /home/bjonesbe/blink/src/out/Debug/../../third_party/WebKit/Source/core/svg/graphics/SVGImage.cpp:290
|
#27 0xbe4c5ff in blink::Image::draw(blink::GraphicsContext*, blink::FloatRect const&, blink::FloatRect const&, blink::CompositeOperator, blink::WebBlendMode, blink::RespectImageOrientationEnum) /home/bjonesbe/blink/src/out/Debug/../../third_party/WebKit/Source/platform/graphics/Image.cpp:121
|
#28 0xbdc1192 in blink::GraphicsContext::drawImage(blink::Image*, blink::FloatRect const&, blink::FloatRect const&, blink::CompositeOperator, blink::WebBlendMode, blink::RespectImageOrientationEnum) /home/bjonesbe/blink/src/out/Debug/../../third_party/WebKit/Source/platform/graphics/GraphicsContext.cpp:1073
|
#29 0xbdc032a in blink::GraphicsContext::drawImage(blink::Image*, blink::FloatRect const&, blink::FloatRect const&, blink::CompositeOperator, blink::RespectImageOrientationEnum) /home/bjonesbe/blink/src/out/Debug/../../third_party/WebKit/Source/platform/graphics/GraphicsContext.cpp:1059
|
|
previously allocated by thread T20 (Chrome_InProcRe) here:
|
#0 0x4d122b in __interceptor_malloc ??:?
|
#1 0xc9b2aac in WTF::partitionAllocGenericFlags(WTF::PartitionRootGeneric*, int, unsigned long) /home/bjonesbe/blink/src/out/Debug/../../third_party/WebKit/Source/wtf/PartitionAlloc.h:538
|
#2 0xc9cfe90 in WTF::partitionAllocGeneric(WTF::PartitionRootGeneric*, unsigned long) /home/bjonesbe/blink/src/out/Debug/../../third_party/WebKit/Source/wtf/PartitionAlloc.h:554
|
#3 0xc9d0b4a in WTF::fastMalloc(unsigned long) /home/bjonesbe/blink/src/out/Debug/../../third_party/WebKit/Source/wtf/FastMalloc.cpp:74
|
#4 0x14863289 in blink::FloatingObject::operator new(unsigned long) /home/bjonesbe/blink/src/out/Debug/../../third_party/WebKit/Source/core/rendering/FloatingObjects.h:42
|
#5 0x14856097 in blink::FloatingObject::create(blink::RenderBox*) /home/bjonesbe/blink/src/out/Debug/../../third_party/WebKit/Source/core/rendering/FloatingObjects.cpp:80
|
#6 0x13a71c12 in blink::RenderBlockFlow::insertFloatingObject(blink::RenderBox*) /home/bjonesbe/blink/src/out/Debug/../../third_party/WebKit/Source/core/rendering/RenderBlockFlow.cpp:2299
|
#7 0x13a70472 in blink::RenderBlockFlow::layoutBlockChildren(bool, blink::SubtreeLayoutScope&, blink::LayoutUnit, blink::LayoutUnit) /home/bjonesbe/blink/src/out/Debug/../../third_party/WebKit/Source/core/rendering/RenderBlockFlow.cpp:1040
|
#8 0x13aaaba9 in blink::RenderBlockFlow::layoutBlockFlow(bool, blink::LayoutUnit&, blink::SubtreeLayoutScope&) /home/bjonesbe/blink/src/out/Debug/../../third_party/WebKit/Source/core/rendering/RenderBlockFlow.cpp:436
|
#9 0x13a46865 in blink::RenderBlockFlow::layoutBlock(bool) /home/bjonesbe/blink/src/out/Debug/../../third_party/WebKit/Source/core/rendering/RenderBlockFlow.cpp:360
|
#10 0x138c26a3 in blink::RenderBlock::layout() /home/bjonesbe/blink/src/out/Debug/../../third_party/WebKit/Source/core/rendering/RenderBlock.cpp:1365
|
#11 0x1395e1e4 in blink::RenderObject::layoutIfNeeded() /home/bjonesbe/blink/src/out/Debug/../../third_party/WebKit/Source/core/rendering/RenderObject.h:723 (discriminator 1)
|
#12 0x13a71f6a in blink::RenderBlockFlow::insertFloatingObject(blink::RenderBox*) /home/bjonesbe/blink/src/out/Debug/../../third_party/WebKit/Source/core/rendering/RenderBlockFlow.cpp:2309
|
#13 0x13a70472 in blink::RenderBlockFlow::layoutBlockChildren(bool, blink::SubtreeLayoutScope&, blink::LayoutUnit, blink::LayoutUnit) /home/bjonesbe/blink/src/out/Debug/../../third_party/WebKit/Source/core/rendering/RenderBlockFlow.cpp:1040
|
#14 0x13aaaba9 in blink::RenderBlockFlow::layoutBlockFlow(bool, blink::LayoutUnit&, blink::SubtreeLayoutScope&) /home/bjonesbe/blink/src/out/Debug/../../third_party/WebKit/Source/core/rendering/RenderBlockFlow.cpp:436
|
#15 0x13a46865 in blink::RenderBlockFlow::layoutBlock(bool) /home/bjonesbe/blink/src/out/Debug/../../third_party/WebKit/Source/core/rendering/RenderBlockFlow.cpp:360
|
#16 0x138c26a3 in blink::RenderBlock::layout() /home/bjonesbe/blink/src/out/Debug/../../third_party/WebKit/Source/core/rendering/RenderBlock.cpp:1365
|
#17 0x1395e1e4 in blink::RenderObject::layoutIfNeeded() /home/bjonesbe/blink/src/out/Debug/../../third_party/WebKit/Source/core/rendering/RenderObject.h:723 (discriminator 1)
|
#18 0x13a71f6a in blink::RenderBlockFlow::insertFloatingObject(blink::RenderBox*) /home/bjonesbe/blink/src/out/Debug/../../third_party/WebKit/Source/core/rendering/RenderBlockFlow.cpp:2309
|
#19 0x13a70472 in blink::RenderBlockFlow::layoutBlockChildren(bool, blink::SubtreeLayoutScope&, blink::LayoutUnit, blink::LayoutUnit) /home/bjonesbe/blink/src/out/Debug/../../third_party/WebKit/Source/core/rendering/RenderBlockFlow.cpp:1040
|
#20 0x13aaaba9 in blink::RenderBlockFlow::layoutBlockFlow(bool, blink::LayoutUnit&, blink::SubtreeLayoutScope&) /home/bjonesbe/blink/src/out/Debug/../../third_party/WebKit/Source/core/rendering/RenderBlockFlow.cpp:436
|
#21 0x13a46865 in blink::RenderBlockFlow::layoutBlock(bool) /home/bjonesbe/blink/src/out/Debug/../../third_party/WebKit/Source/core/rendering/RenderBlockFlow.cpp:360
|
#22 0x138c26a3 in blink::RenderBlock::layout() /home/bjonesbe/blink/src/out/Debug/../../third_party/WebKit/Source/core/rendering/RenderBlock.cpp:1365
|
#23 0x144daded in blink::RenderView::layoutContent() /home/bjonesbe/blink/src/out/Debug/../../third_party/WebKit/Source/core/rendering/RenderView.cpp:179
|
#24 0x144dd254 in blink::RenderView::layout() /home/bjonesbe/blink/src/out/Debug/../../third_party/WebKit/Source/core/rendering/RenderView.cpp:264
|
#25 0x11e54738 in blink::FrameView::performLayout(blink::RenderObject*, bool) /home/bjonesbe/blink/src/out/Debug/../../third_party/WebKit/Source/core/frame/FrameView.cpp:735
|
#26 0x11e585e8 in blink::FrameView::layout(bool) /home/bjonesbe/blink/src/out/Debug/../../third_party/WebKit/Source/core/frame/FrameView.cpp:891
|
#27 0xe79c397 in blink::Document::implicitClose() /home/bjonesbe/blink/src/out/Debug/../../third_party/WebKit/Source/core/dom/Document.cpp:2593
|
#28 0x126f3222 in blink::FrameLoader::checkCompleted() /home/bjonesbe/blink/src/out/Debug/../../third_party/WebKit/Source/core/loader/FrameLoader.cpp:498
|
#29 0x126ed713 in blink::FrameLoader::finishedParsing() /home/bjonesbe/blink/src/out/Debug/../../third_party/WebKit/Source/core/loader/FrameLoader.cpp:428
|
|
Thread T20 (Chrome_InProcRe) created by T0 (content_shell) here:
|
#0 0x4b8e5f in __interceptor_pthread_create ??:?
|
#1 0x28e3b21 in base::(anonymous namespace)::CreateThread(unsigned long, bool, base::PlatformThread::Delegate*, base::PlatformThreadHandle*, base::ThreadPriority) /home/bjonesbe/blink/src/out/Debug/../../base/threading/platform_thread_posix.cc:120
|
#2 0x28e30f8 in base::PlatformThread::Create(unsigned long, base::PlatformThread::Delegate*, base::PlatformThreadHandle*) /home/bjonesbe/blink/src/out/Debug/../../base/threading/platform_thread_posix.cc:206
|
#3 0x2789eef0 in base::Thread::StartWithOptions(base::Thread::Options const&) /home/bjonesbe/blink/src/out/Debug/../../base/threading/thread.cc:108
|
#4 0x1c7cd5e5 in content::RenderProcessHostImpl::Init() /home/bjonesbe/blink/src/out/Debug/../../content/browser/renderer_host/render_process_host_impl.cc:630
|
#5 0x1c932d07 in content::RenderViewHostImpl::CreateRenderView(std::__1::basic_string<unsigned short, base::string16_char_traits, std::__1::allocator<unsigned short> > const&, int, int, int, bool) /home/bjonesbe/blink/src/out/Debug/../../content/browser/renderer_host/render_view_host_impl.cc:265
|
#6 0x1d54453f in content::WebContentsImpl::CreateRenderViewForRenderManager(content::RenderViewHost*, int, int, bool) /home/bjonesbe/blink/src/out/Debug/../../content/browser/web_contents/web_contents_impl.cc:4055
|
#7 0x1d544e44 in non-virtual thunk to content::WebContentsImpl::CreateRenderViewForRenderManager(content::RenderViewHost*, int, int, bool) /home/bjonesbe/blink/src/out/Debug/../../content/browser/web_contents/web_contents_impl.cc:4074
|
#8 0x1e96e248 in content::RenderFrameHostManager::InitRenderView(content::RenderViewHost*, int, int, bool) /home/bjonesbe/blink/src/out/Debug/../../content/browser/frame_host/render_frame_host_manager.cc:1190
|
#9 0x1e96907a in content::RenderFrameHostManager::Navigate(content::NavigationEntryImpl const&) /home/bjonesbe/blink/src/out/Debug/../../content/browser/frame_host/render_frame_host_manager.cc:216
|
#10 0x1e89e63e in content::NavigatorImpl::NavigateToEntry(content::RenderFrameHostImpl*, content::NavigationEntryImpl const&, content::NavigationController::ReloadType) /home/bjonesbe/blink/src/out/Debug/../../content/browser/frame_host/navigator_impl.cc:367
|
#11 0x1e8a0d6b in content::NavigatorImpl::NavigateToPendingEntry(content::RenderFrameHostImpl*, content::NavigationController::ReloadType) /home/bjonesbe/blink/src/out/Debug/../../content/browser/frame_host/navigator_impl.cc:426
|
#12 0x1d4f04af in content::WebContentsImpl::NavigateToPendingEntry(content::NavigationController::ReloadType) /home/bjonesbe/blink/src/out/Debug/../../content/browser/web_contents/web_contents_impl.cc:1855
|
#13 0x1d4f078e in non-virtual thunk to content::WebContentsImpl::NavigateToPendingEntry(content::NavigationController::ReloadType) /home/bjonesbe/blink/src/out/Debug/../../content/browser/web_contents/web_contents_impl.cc:1857
|
#14 0x1e7cebef in content::NavigationControllerImpl::NavigateToPendingEntry(content::NavigationController::ReloadType) /home/bjonesbe/blink/src/out/Debug/../../content/browser/frame_host/navigation_controller_impl.cc:1639
|
#15 0x1e7d0d1a in content::NavigationControllerImpl::LoadEntry(content::NavigationEntryImpl*) /home/bjonesbe/blink/src/out/Debug/../../content/browser/frame_host/navigation_controller_impl.cc:415
|
#16 0x1e7df2d9 in content::NavigationControllerImpl::LoadURLWithParams(content::NavigationController::LoadURLParams const&) /home/bjonesbe/blink/src/out/Debug/../../content/browser/frame_host/navigation_controller_impl.cc:752
|
#17 0x527a6f in content::Shell::LoadURLForFrame(GURL const&, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&) /home/bjonesbe/blink/src/out/Debug/../../content/shell/browser/shell.cc:177
|
#18 0x52754e in content::Shell::LoadURL(GURL const&) /home/bjonesbe/blink/src/out/Debug/../../content/shell/browser/shell.cc:169
|
#19 0x6287ee in content::WebKitTestController::PrepareForLayoutTest(GURL const&, base::FilePath const&, bool, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&) /home/bjonesbe/blink/src/out/Debug/../../content/shell/browser/webkit_test_controller.cc:267
|
#20 0x511fb0 in (anonymous namespace)::RunOneTest(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, bool*, scoped_ptr<content::BrowserMainRunner, base::DefaultDeleter<content::BrowserMainRunner> > const&) /home/bjonesbe/blink/src/out/Debug/../../content/shell/browser/shell_browser_main.cc:122
|
#21 0x50f6da in ShellBrowserMain(content::MainFunctionParams const&, scoped_ptr<content::BrowserMainRunner, base::DefaultDeleter<content::BrowserMainRunner> > const&) /home/bjonesbe/blink/src/out/Debug/../../content/shell/browser/shell_browser_main.cc:207
|
#22 0x4f9eb1 in content::ShellMainDelegate::RunProcess(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, content::MainFunctionParams const&) /home/bjonesbe/blink/src/out/Debug/../../content/shell/app/shell_main_delegate.cc:247
|
#23 0xf7f518 in content::RunNamedProcessTypeMain(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, content::MainFunctionParams const&, content::ContentMainDelegate*) /home/bjonesbe/blink/src/out/Debug/../../content/app/content_main_runner.cc:407
|
#24 0xf8fbf4 in content::ContentMainRunnerImpl::Run() /home/bjonesbe/blink/src/out/Debug/../../content/app/content_main_runner.cc:769
|
#25 0xf7ad47 in content::ContentMain(content::ContentMainParams const&) /home/bjonesbe/blink/src/out/Debug/../../content/app/content_main.cc:19
|
#26 0x4eec98 in main /home/bjonesbe/blink/src/out/Debug/../../content/shell/app/shell_main.cc:49
|
#27 0x7fcd4ea13ec4 in __libc_start_main /build/buildd/eglibc-2.19/csu/libc-start.c:287
|
|
SUMMARY: AddressSanitizer: heap-use-after-free ??:0 ??
|
Shadow bytes around the buggy address:
|
0x0c088002a370: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
0x0c088002a380: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
0x0c088002a390: fa fa 00 00 00 00 00 fa fa fa 00 00 00 00 00 fa
|
0x0c088002a3a0: fa fa 00 00 00 00 00 fa fa fa 00 00 00 00 00 fa
|
0x0c088002a3b0: fa fa 00 00 00 00 00 00 fa fa 00 00 00 00 00 00
|
=>0x0c088002a3c0: fa fa fd fd fd fd[fd]fa fa fa 00 00 00 00 00 04
|
0x0c088002a3d0: fa fa 00 00 00 00 07 fa fa fa 00 00 00 00 00 00
|
0x0c088002a3e0: fa fa fd fd fd fd fd fa fa fa fd fd fd fd fd fa
|
0x0c088002a3f0: fa fa fd fd fd fd fd fa fa fa fd fd fd fd fd fa
|
0x0c088002a400: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
0x0c088002a410: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
Shadow byte legend (one shadow byte represents 8 application bytes):
|
Addressable: 00
|
Partially addressable: 01 02 03 04 05 06 07
|
Heap left redzone: fa
|
Heap right redzone: fb
|
Freed heap region: fd
|
Stack left redzone: f1
|
Stack mid redzone: f2
|
Stack right redzone: f3
|
Stack partial redzone: f4
|
Stack after return: f5
|
Stack use after scope: f8
|
Global redzone: f9
|
Global init order: f6
|
Poisoned by user: f7
|
Container overflow: fc
|
ASan internal: fe
|
==12442==ABORTING
|
[12447:12447:0100/000000:65335137473:ERROR:zygote_linux.cc(587)] write: Broken pipe
|