| Summary: | Infinite loop while closing tab (infinite loop in HashTable::inlineLookup) | ||||||
|---|---|---|---|---|---|---|---|
| Product: | WebKit | Reporter: | Benjamin Berg <benjamin> | ||||
| Component: | WebKitGTK | Assignee: | Nobody <webkit-unassigned> | ||||
| Status: | NEW --- | ||||||
| Severity: | Normal | CC: | bugs-noreply, mcatanzaro | ||||
| Priority: | P2 | ||||||
| Version: | Other | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Attachments: |
|
||||||
Created attachment 396588 [details] bt + stepping showing where it returns to the top of the while (1) loop I triggered this lockup by trying to close a youtube tab that was playing a video. The lookup infinite loops, it seems this is because in my case: i == 64 k == 0x7bc24d15 sizeMask = 0x48 and "i = (i + k) & sizeMask" cannot change i … Really, looks like a memory corruption. I have a full coredump locally (3.1 GiB), in case one may be able to fish out more information. Full backtrace and some stepping around attached. This is with webkit2gtk3-2.28.0-7.fc31.x86_64