[webkit-changes] [WebKit/WebKit] a42795: REGRESSION(r255164) [PlayStation] WTFReportBacktra...

Tomoki Imai noreply at github.com
Tue Sep 19 06:24:05 PDT 2023


  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: a4279526dfa54a830c0dce1130887778043b84f4
      https://github.com/WebKit/WebKit/commit/a4279526dfa54a830c0dce1130887778043b84f4
  Author: Tomoki Imai <Tomoki.Imai at sony.com>
  Date:   2023-09-19 (Tue, 19 Sep 2023)

  Changed paths:
    M Source/WTF/wtf/Assertions.cpp

  Log Message:
  -----------
  REGRESSION(r255164) [PlayStation] WTFReportBacktrace tries to print backtrace even when backtrace cannot be obtained and crashes

https://bugs.webkit.org/show_bug.cgi?id=261497

Reviewed by Kimmo Kinnunen.

WTFPrintBacktraceWithPrefixAndPrintStream should wrap the size parameter to 0 if it is negative not to print stack.

Currently, when !HAVE(BACKTRACE) && !OS(WINDOWS),
- WTFGetBacktrace(samples, &frames) makes frames = 0
- WTFReportBacktraceWithPrefixAndPrintStream passes -2 (=frames-framesToSkip) to WTFPrintBacktraceWithPrefixAndPrintStream.
- WTFPrintBacktraceWithPrefixAndPrintStream static_cast -2 to size_t, which can overflow and makes large number.
- It possibly tries to print the large stack and eventually crashes.

* Source/WTF/wtf/Assertions.cpp:
(WTFPrintBacktraceWithPrefixAndPrintStream): Wraps negative size to 0.
(WTFReportBacktraceWithPrefixAndPrintStream): Check the frame size and print "no stacktrace available" if the size is not enough.
(WTFReportBacktrace): Ditto.

Canonical link: https://commits.webkit.org/268121@main




More information about the webkit-changes mailing list