crash log for renderer (pid 355): STDOUT: STDERR: ================================================================= STDERR: ==4==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60200038515e at pc 0x0000004af34c bp 0x7fff15aba0f0 sp 0x7fff15ab98b0 STDERR: READ of size 3 at 0x60200038515e thread T0 (content_shell) STDERR: #0 0x4af34b in __interceptor_strlen ??:0:0 STDERR: #1 0x1d1aaef in WTF::AtomicString::add(unsigned char const*) third_party/WebKit/Source/wtf/text/AtomicString.cpp:130:19 STDERR: #2 0x9365181 in AtomicString third_party/WebKit/Source/wtf/text/AtomicString.h:38:45 STDERR: #3 0x9365181 in blink::Font::glyphDataForCharacter(int&, bool, bool, blink::FontDataVariant) const third_party/WebKit/Source/platform/fonts/Font.cpp:409:0 STDERR: #4 0x93be04f in glyphDataForCharacter third_party/WebKit/Source/platform/fonts/shaping/SimpleShaper.cpp:67:12 STDERR: #5 0x93be04f in unsigned int blink::SimpleShaper::advanceInternal(blink::UTF16TextIterator&, blink::GlyphBuffer*) third_party/WebKit/Source/platform/fonts/shaping/SimpleShaper.cpp:141:0 STDERR: #6 0x93bc1da in blink::SimpleShaper::advance(unsigned int, blink::GlyphBuffer*) third_party/WebKit/Source/platform/fonts/shaping/SimpleShaper.cpp:214:12 STDERR: #7 0x9362c24 in blink::Font::floatWidthForSimpleText(blink::TextRun const&, WTF::HashSet, WTF::HashTraits, WTF::DefaultAllocator>*, blink::IntRectOutsets*) const third_party/WebKit/Source/platform/fonts/Font.cpp:793:5 STDERR: #8 0x9361bd1 in blink::Font::width(blink::TextRun const&, WTF::HashSet, WTF::HashTraits, WTF::DefaultAllocator>*, blink::GlyphOverflow*) const third_party/WebKit/Source/platform/fonts/Font.cpp:241:18 STDERR: #9 0x5751496 in textWidth third_party/WebKit/Source/core/layout/line/BreakingContextInlineHeaders.h:522:12 STDERR: #10 0x5751496 in blink::BreakingContext::handleText(WTF::Vector&, bool&) third_party/WebKit/Source/core/layout/line/BreakingContextInlineHeaders.h:645:0 STDERR: #11 0x5749c0a in blink::LineBreaker::nextLineBreak(blink::BidiResolver&, blink::LineInfo&, blink::LayoutTextInfo&, blink::FloatingObject*, WTF::Vector&) third_party/WebKit/Source/core/layout/line/LineBreaker.cpp:88:17 STDERR: #12 0x5448f03 in blink::LayoutBlockFlow::layoutRunsAndFloatsInRange(blink::LineLayoutState&, blink::BidiResolver&, blink::InlineIterator const&, blink::BidiStatus const&) third_party/WebKit/Source/core/layout/LayoutBlockFlowLine.cpp:825:21 STDERR: #13 0x5444f2f in blink::LayoutBlockFlow::layoutRunsAndFloats(blink::LineLayoutState&) third_party/WebKit/Source/core/layout/LayoutBlockFlowLine.cpp:775:5 STDERR: #14 0x5456137 in blink::LayoutBlockFlow::layoutInlineChildren(bool, blink::LayoutUnit&, blink::LayoutUnit&, blink::LayoutUnit) third_party/WebKit/Source/core/layout/LayoutBlockFlowLine.cpp:1573:9 STDERR: #15 0x540bd8a in blink::LayoutBlockFlow::layoutBlockFlow(bool, blink::LayoutUnit&, blink::SubtreeLayoutScope&) third_party/WebKit/Source/core/layout/LayoutBlockFlow.cpp:434:9 STDERR: #16 0x540aab0 in blink::LayoutBlockFlow::layoutBlock(bool) third_party/WebKit/Source/core/layout/LayoutBlockFlow.cpp:359:16 STDERR: #17 0x53c3877 in blink::LayoutBlock::layout() third_party/WebKit/Source/core/layout/LayoutBlock.cpp:1377:5 STDERR: #18 0x540ed53 in blink::LayoutBlockFlow::layoutBlockChild(blink::LayoutBox&, blink::MarginInfo&, blink::LayoutUnit&) third_party/WebKit/Source/core/layout/LayoutBlockFlow.cpp:597:9 STDERR: #19 0x541e6fd in blink::LayoutBlockFlow::layoutBlockChildren(bool, blink::SubtreeLayoutScope&, blink::LayoutUnit, blink::LayoutUnit) third_party/WebKit/Source/core/layout/LayoutBlockFlow.cpp:1076:9 STDERR: #20 0x540bdb4 in blink::LayoutBlockFlow::layoutBlockFlow(bool, blink::LayoutUnit&, blink::SubtreeLayoutScope&) third_party/WebKit/Source/core/layout/LayoutBlockFlow.cpp:436:9 STDERR: #21 0x540aab0 in blink::LayoutBlockFlow::layoutBlock(bool) third_party/WebKit/Source/core/layout/LayoutBlockFlow.cpp:359:16 STDERR: #22 0x53c3877 in blink::LayoutBlock::layout() third_party/WebKit/Source/core/layout/LayoutBlock.cpp:1377:5 STDERR: #23 0x540ed53 in blink::LayoutBlockFlow::layoutBlockChild(blink::LayoutBox&, blink::MarginInfo&, blink::LayoutUnit&) third_party/WebKit/Source/core/layout/LayoutBlockFlow.cpp:597:9 STDERR: #24 0x541e6fd in blink::LayoutBlockFlow::layoutBlockChildren(bool, blink::SubtreeLayoutScope&, blink::LayoutUnit, blink::LayoutUnit) third_party/WebKit/Source/core/layout/LayoutBlockFlow.cpp:1076:9 STDERR: #25 0x540bdb4 in blink::LayoutBlockFlow::layoutBlockFlow(bool, blink::LayoutUnit&, blink::SubtreeLayoutScope&) third_party/WebKit/Source/core/layout/LayoutBlockFlow.cpp:436:9 STDERR: #26 0x540aab0 in blink::LayoutBlockFlow::layoutBlock(bool) third_party/WebKit/Source/core/layout/LayoutBlockFlow.cpp:359:16 STDERR: #27 0x53c3877 in blink::LayoutBlock::layout() third_party/WebKit/Source/core/layout/LayoutBlock.cpp:1377:5 STDERR: #28 0x540ed53 in blink::LayoutBlockFlow::layoutBlockChild(blink::LayoutBox&, blink::MarginInfo&, blink::LayoutUnit&) third_party/WebKit/Source/core/layout/LayoutBlockFlow.cpp:597:9 STDERR: #29 0x541e6fd in blink::LayoutBlockFlow::layoutBlockChildren(bool, blink::SubtreeLayoutScope&, blink::LayoutUnit, blink::LayoutUnit) third_party/WebKit/Source/core/layout/LayoutBlockFlow.cpp:1076:9 STDERR: #30 0x540bdb4 in blink::LayoutBlockFlow::layoutBlockFlow(bool, blink::LayoutUnit&, blink::SubtreeLayoutScope&) third_party/WebKit/Source/core/layout/LayoutBlockFlow.cpp:436:9 STDERR: #31 0x540aab0 in blink::LayoutBlockFlow::layoutBlock(bool) third_party/WebKit/Source/core/layout/LayoutBlockFlow.cpp:359:16 STDERR: #32 0x53c3877 in blink::LayoutBlock::layout() third_party/WebKit/Source/core/layout/LayoutBlock.cpp:1377:5 STDERR: #33 0x56a7420 in layoutContent third_party/WebKit/Source/core/layout/LayoutView.cpp:172:5 STDERR: #34 0x56a7420 in blink::LayoutView::layout() third_party/WebKit/Source/core/layout/LayoutView.cpp:264:0 STDERR: #35 0x4a577bf in layoutFromRootObject third_party/WebKit/Source/core/frame/FrameView.cpp:821:5 STDERR: #36 0x4a577bf in blink::FrameView::performLayout(bool) third_party/WebKit/Source/core/frame/FrameView.cpp:884:0 STDERR: #37 0x4a5a95d in blink::FrameView::layout() third_party/WebKit/Source/core/frame/FrameView.cpp:1046:9 STDERR: #38 0x3be44d9 in blink::Document::implicitClose() third_party/WebKit/Source/core/dom/Document.cpp:2522:13 STDERR: #39 0x4d4ddae in blink::FrameLoader::checkCompleted() third_party/WebKit/Source/core/loader/FrameLoader.cpp:498:9 STDERR: #40 0x4d4d8d3 in blink::FrameLoader::finishedParsing() third_party/WebKit/Source/core/loader/FrameLoader.cpp:416:5 STDERR: #41 0x3c09342 in blink::Document::finishedParsing() third_party/WebKit/Source/core/dom/Document.cpp:4529:9 STDERR: #42 0x42b3fb9 in end third_party/WebKit/Source/core/html/parser/HTMLDocumentParser.cpp:853:5 STDERR: #43 0x42b3fb9 in attemptToRunDeferredScriptsAndEnd third_party/WebKit/Source/core/html/parser/HTMLDocumentParser.cpp:866:0 STDERR: #44 0x42b3fb9 in blink::HTMLDocumentParser::prepareToStopParsing() third_party/WebKit/Source/core/html/parser/HTMLDocumentParser.cpp:272:0 STDERR: #45 0x42ba342 in blink::HTMLDocumentParser::processParsedChunkFromBackgroundParser(WTF::PassOwnPtr) third_party/WebKit/Source/core/html/parser/HTMLDocumentParser.cpp:510:13 STDERR: #46 0x42b5e6a in blink::HTMLDocumentParser::pumpPendingSpeculations() third_party/WebKit/Source/core/html/parser/HTMLDocumentParser.cpp:563:36 STDERR: #47 0x42b5621 in blink::HTMLDocumentParser::resumeParsingAfterYield() third_party/WebKit/Source/core/html/parser/HTMLDocumentParser.cpp:307:5 STDERR: #48 0x7657dd8 in Run base/bind_internal.h:157:12 STDERR: #49 0x7657dd8 in MakeItSo base/bind_internal.h:293:0 STDERR: #50 0x7657dd8 in base::internal::Invoker, base::internal::BindState >)>, void (scoped_ptr >), base::internal::TypeList > > > >, base::internal::TypeList > > > >, base::internal::InvokeHelper >)>, base::internal::TypeList > > >, void ()>::Run(base::internal::BindStateBase*) base/bind_internal.h:343:0 STDERR: #51 0x7738d7 in Run base/callback.h:396:12 STDERR: #52 0x7738d7 in base::debug::TaskAnnotator::RunTask(char const*, char const*, base::PendingTask const&) base/debug/task_annotator.cc:62:0 STDERR: #53 0x76510cb in scheduler::TaskQueueManager::ProcessTaskFromWorkQueue(unsigned long, bool, base::PendingTask*) components/scheduler/child/task_queue_manager.cc:674:5 STDERR: #54 0x764f472 in scheduler::TaskQueueManager::DoWork(bool) components/scheduler/child/task_queue_manager.cc:627:9 STDERR: #55 0x7738d7 in Run base/callback.h:396:12 STDERR: #56 0x7738d7 in base::debug::TaskAnnotator::RunTask(char const*, char const*, base::PendingTask const&) base/debug/task_annotator.cc:62:0 STDERR: #57 0x6b5a87 in base::MessageLoop::RunTask(base::PendingTask const&) base/message_loop/message_loop.cc:458:3 STDERR: #58 0x6b6c44 in DeferOrRunPendingTask base/message_loop/message_loop.cc:468:5 STDERR: #59 0x6b6c44 in base::MessageLoop::DoWork() base/message_loop/message_loop.cc:580:0 STDERR: #60 0x6bbf10 in base::MessagePumpDefault::Run(base::MessagePump::Delegate*) base/message_loop/message_pump_default.cc:34:21 STDERR: #61 0x6d6c28 in base::RunLoop::Run() base/run_loop.cc:55:3 STDERR: #62 0x6b448e in base::MessageLoop::Run() base/message_loop/message_loop.cc:286:3 STDERR: #63 0x774df4a in content::RendererMain(content::MainFunctionParams const&) content/renderer/renderer_main.cc:220:7 STDERR: #64 0x65c3b6 in content::RunZygote(content::MainFunctionParams const&, content::ContentMainDelegate*) content/app/content_main_runner.cc:310:14 STDERR: #65 0x65e2dd in content::ContentMainRunnerImpl::Run() content/app/content_main_runner.cc:788:12 STDERR: #66 0x65b93a in content::ContentMain(content::ContentMainParams const&) content/app/content_main.cc:19:15 STDERR: #67 0x4e4515 in main content/shell/app/shell_main.cc:49:10 STDERR: #68 0x7f94a33f876c in __libc_start_main /build/buildd/eglibc-2.15/csu/libc-start.c:226:0 STDERR: STDERR: 0x60200038515e is located 0 bytes to the right of 14-byte region [0x602000385150,0x60200038515e) STDERR: allocated by thread T0 (content_shell) here: STDERR: #0 0x4c1dab in __interceptor_malloc ??:0:0 STDERR: #1 0x1d248a7 in partitionAllocGenericFlags third_party/WebKit/Source/wtf/PartitionAlloc.h:606:20 STDERR: #2 0x1d248a7 in partitionAllocGeneric third_party/WebKit/Source/wtf/PartitionAlloc.h:622:0 STDERR: #3 0x1d248a7 in WTF::StringImpl::createStatic(char const*, unsigned int, unsigned int) third_party/WebKit/Source/wtf/text/StringImpl.cpp:383:0 STDERR: #4 0x64b6a67 in blink::HTMLNames::init() /mnt/data/b/build/slave/WebKit_Linux_ASAN/build/src/out/Release/gen/blink/core/HTMLNames.cpp:953:34 STDERR: #5 0x44d5ae3 in blink::CoreInitializer::init() third_party/WebKit/Source/core/Init.cpp:80:5 STDERR: #6 0x304187e in blink::ModulesInitializer::init() third_party/WebKit/Source/modules/InitModules.cpp:34:5 STDERR: #7 0x2ebf14c in blink::initializeWithoutV8(blink::Platform*) third_party/WebKit/Source/web/WebKit.cpp:191:5 STDERR: #8 0x2ebea25 in blink::initialize(blink::Platform*) third_party/WebKit/Source/web/WebKit.cpp:114:5 STDERR: #9 0x76cbecb in content::RenderThreadImpl::EnsureWebKitInitialized() content/renderer/render_thread_impl.cc:1030:3 STDERR: #10 0x76d4d4d in OnCreateNewView content/renderer/render_thread_impl.cc:1592:3 STDERR: #11 0x76d4d4d in DispatchToMethodImpl base/tuple.h:254:0 STDERR: #12 0x76d4d4d in DispatchToMethod base/tuple.h:261:0 STDERR: #13 0x76d4d4d in Dispatch content/common/view_messages.h:594:0 STDERR: #14 0x76d4d4d in content::RenderThreadImpl::OnControlMessageReceived(IPC::Message const&) content/renderer/render_thread_impl.cc:1547:0 STDERR: #15 0x7537189 in content::ChildThreadImpl::OnMessageReceived(IPC::Message const&) content/child/child_thread_impl.cc:590:10 STDERR: #16 0x83fd3ed in IPC::ChannelProxy::Context::OnDispatchMessage(IPC::Message const&) ipc/ipc_channel_proxy.cc:294:3 STDERR: #17 0x7738d7 in Run base/callback.h:396:12 STDERR: #18 0x7738d7 in base::debug::TaskAnnotator::RunTask(char const*, char const*, base::PendingTask const&) base/debug/task_annotator.cc:62:0 STDERR: #19 0x76510cb in scheduler::TaskQueueManager::ProcessTaskFromWorkQueue(unsigned long, bool, base::PendingTask*) components/scheduler/child/task_queue_manager.cc:674:5 STDERR: #20 0x764f472 in scheduler::TaskQueueManager::DoWork(bool) components/scheduler/child/task_queue_manager.cc:627:9 STDERR: #21 0x7738d7 in Run base/callback.h:396:12 STDERR: #22 0x7738d7 in base::debug::TaskAnnotator::RunTask(char const*, char const*, base::PendingTask const&) base/debug/task_annotator.cc:62:0 STDERR: #23 0x6b5a87 in base::MessageLoop::RunTask(base::PendingTask const&) base/message_loop/message_loop.cc:458:3 STDERR: #24 0x6b6c44 in DeferOrRunPendingTask base/message_loop/message_loop.cc:468:5 STDERR: #25 0x6b6c44 in base::MessageLoop::DoWork() base/message_loop/message_loop.cc:580:0 STDERR: #26 0x6bbf10 in base::MessagePumpDefault::Run(base::MessagePump::Delegate*) base/message_loop/message_pump_default.cc:34:21 STDERR: #27 0x6d6c28 in base::RunLoop::Run() base/run_loop.cc:55:3 STDERR: #28 0x6b448e in base::MessageLoop::Run() base/message_loop/message_loop.cc:286:3 STDERR: #29 0x774df4a in content::RendererMain(content::MainFunctionParams const&) content/renderer/renderer_main.cc:220:7 STDERR: #30 0x65c3b6 in content::RunZygote(content::MainFunctionParams const&, content::ContentMainDelegate*) content/app/content_main_runner.cc:310:14 STDERR: #31 0x65e2dd in content::ContentMainRunnerImpl::Run() content/app/content_main_runner.cc:788:12 STDERR: #32 0x65b93a in content::ContentMain(content::ContentMainParams const&) content/app/content_main.cc:19:15 STDERR: #33 0x4e4515 in main content/shell/app/shell_main.cc:49:10 STDERR: #34 0x7f94a33f876c in __libc_start_main /build/buildd/eglibc-2.15/csu/libc-start.c:226:0 STDERR: STDERR: SUMMARY: AddressSanitizer: heap-buffer-overflow (/mnt/data/b/build/slave/WebKit_Linux_ASAN/build/src/out/Release/content_shell+0x4af34b) STDERR: Shadow bytes around the buggy address: STDERR: 0x0c04800689d0: fa fa 00 06 fa fa 00 00 fa fa 00 06 fa fa 00 06 STDERR: 0x0c04800689e0: fa fa 00 07 fa fa 00 00 fa fa 00 00 fa fa 00 05 STDERR: 0x0c04800689f0: fa fa 00 06 fa fa 00 06 fa fa 00 00 fa fa 00 06 STDERR: 0x0c0480068a00: fa fa 00 00 fa fa 00 00 fa fa 00 07 fa fa 00 00 STDERR: 0x0c0480068a10: fa fa 00 07 fa fa 00 07 fa fa 00 06 fa fa 00 05 STDERR: =>0x0c0480068a20: fa fa 00 00 fa fa 00 06 fa fa 00[06]fa fa 00 06 STDERR: 0x0c0480068a30: fa fa 00 00 fa fa 00 06 fa fa 00 07 fa fa 00 07 STDERR: 0x0c0480068a40: fa fa 00 00 fa fa 00 07 fa fa 00 00 fa fa 00 00 STDERR: 0x0c0480068a50: fa fa 00 00 fa fa 00 05 fa fa 00 00 fa fa 00 07 STDERR: 0x0c0480068a60: fa fa 00 06 fa fa 00 06 fa fa 00 00 fa fa 00 00 STDERR: 0x0c0480068a70: fa fa 00 07 fa fa 00 07 fa fa 00 06 fa fa 00 05 STDERR: Shadow byte legend (one shadow byte represents 8 application bytes): STDERR: Addressable: 00 STDERR: Partially addressable: 01 02 03 04 05 06 07 STDERR: Heap left redzone: fa STDERR: Heap right redzone: fb STDERR: Freed heap region: fd STDERR: Stack left redzone: f1 STDERR: Stack mid redzone: f2 STDERR: Stack right redzone: f3 STDERR: Stack partial redzone: f4 STDERR: Stack after return: f5 STDERR: Stack use after scope: f8 STDERR: Global redzone: f9 STDERR: Global init order: f6 STDERR: Poisoned by user: f7 STDERR: Container overflow: fc STDERR: Array cookie: ac STDERR: Intra object redzone: bb STDERR: ASan internal: fe STDERR: Left alloca redzone: ca STDERR: Right alloca redzone: cb STDERR: ==4==ABORTING