[webkit-changes] [WebKit/WebKit] a42795: REGRESSION(r255164) [PlayStation] WTFReportBacktra...
Tomoki Imai
noreply at github.com
Tue Sep 19 06:24:05 PDT 2023
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: a4279526dfa54a830c0dce1130887778043b84f4
https://github.com/WebKit/WebKit/commit/a4279526dfa54a830c0dce1130887778043b84f4
Author: Tomoki Imai <Tomoki.Imai at sony.com>
Date: 2023-09-19 (Tue, 19 Sep 2023)
Changed paths:
M Source/WTF/wtf/Assertions.cpp
Log Message:
-----------
REGRESSION(r255164) [PlayStation] WTFReportBacktrace tries to print backtrace even when backtrace cannot be obtained and crashes
https://bugs.webkit.org/show_bug.cgi?id=261497
Reviewed by Kimmo Kinnunen.
WTFPrintBacktraceWithPrefixAndPrintStream should wrap the size parameter to 0 if it is negative not to print stack.
Currently, when !HAVE(BACKTRACE) && !OS(WINDOWS),
- WTFGetBacktrace(samples, &frames) makes frames = 0
- WTFReportBacktraceWithPrefixAndPrintStream passes -2 (=frames-framesToSkip) to WTFPrintBacktraceWithPrefixAndPrintStream.
- WTFPrintBacktraceWithPrefixAndPrintStream static_cast -2 to size_t, which can overflow and makes large number.
- It possibly tries to print the large stack and eventually crashes.
* Source/WTF/wtf/Assertions.cpp:
(WTFPrintBacktraceWithPrefixAndPrintStream): Wraps negative size to 0.
(WTFReportBacktraceWithPrefixAndPrintStream): Check the frame size and print "no stacktrace available" if the size is not enough.
(WTFReportBacktrace): Ditto.
Canonical link: https://commits.webkit.org/268121@main
More information about the webkit-changes
mailing list