[Webkit-unassigned] [Bug 146729] Syscall param sendmsg(msg.msg_iov[0]) points to uninitialised byte(s) in IPC::Connection::sendOutgoingMessage
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Sep 7 01:06:14 PDT 2016
https://bugs.webkit.org/show_bug.cgi?id=146729
Milan Crha <mcrha at redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |mcrha at redhat.com
--- Comment #6 from Milan Crha <mcrha at redhat.com> ---
The 2.13.90 gives me these:
==17692== Warning: set address range perms: large range [0x395d9000, 0x795db000) (noaccess)
==17692== Thread 4:
==17692== Syscall param sendmsg(msg.msg_iov[0]) points to uninitialised byte(s)
==17692== at 0x772166D: ??? (in /usr/lib64/libc-2.23.so)
==17692== by 0x559B881: IPC::Connection::sendOutgoingMessage(std::unique_ptr<IPC::Encoder, std::default_delete<IPC::Encoder> >) (in /build/local/lib/libwebkit2gtk-4.0.so.37.14.4)
==17692== by 0x535316B: IPC::Connection::sendOutgoingMessages() (in /build/local/lib/libwebkit2gtk-4.0.so.37.14.4)
==17692== by 0xA8F780A: WTF::RunLoop::performWork() (in /build/local/lib/libjavascriptcoregtk-4.0.so.18.4.4)
==17692== by 0xA92C258: WTF::RunLoop::RunLoop()::{lambda(void*)#1}::_FUN(void*) (in /build/local/lib/libjavascriptcoregtk-4.0.so.18.4.4)
==17692== by 0x977E802: g_main_context_dispatch (in /usr/lib64/libglib-2.0.so.0.4800.0)
==17692== by 0x977EBAF: ??? (in /usr/lib64/libglib-2.0.so.0.4800.0)
==17692== by 0x977EED1: g_main_loop_run (in /usr/lib64/libglib-2.0.so.0.4800.0)
==17692== by 0xA92CB3F: WTF::RunLoop::run() (in /build/local/lib/libjavascriptcoregtk-4.0.so.18.4.4)
==17692== by 0xA92B867: std::_Function_handler<void (), WTF::WorkQueue::platformInitialize(char const*, WTF::WorkQueue::Type, WTF::WorkQueue::QOS)::{lambda()#1}>::_M_invoke(std::_Any_data const&) (in /build/local/lib/libjavascriptcoregtk-4.0.so.18.4.4)
==17692== by 0xA8F86E7: WTF::threadEntryPoint(void*) (in /build/local/lib/libjavascriptcoregtk-4.0.so.18.4.4)
==17692== by 0xA929CAC: WTF::wtfThreadEntryPoint(void*) (in /build/local/lib/libjavascriptcoregtk-4.0.so.18.4.4)
==17692== by 0xB19F589: start_thread (in /usr/lib64/libpthread-2.23.so)
==17692== by 0x77205CC: clone (in /usr/lib64/libc-2.23.so)
==17692== Address 0x23ba8871 is on thread 4's stack
==17692== in frame #1, created by IPC::Connection::sendOutgoingMessage(std::unique_ptr<IPC::Encoder, std::default_delete<IPC::Encoder> >) (???:)
==17692==
==17692== Syscall param sendmsg(msg.msg_iov[1]) points to uninitialised byte(s)
==17692== at 0x772166D: ??? (in /usr/lib64/libc-2.23.so)
==17692== by 0x559B881: IPC::Connection::sendOutgoingMessage(std::unique_ptr<IPC::Encoder, std::default_delete<IPC::Encoder> >) (in /build/local/lib/libwebkit2gtk-4.0.so.37.14.4)
==17692== by 0x535316B: IPC::Connection::sendOutgoingMessages() (in /build/local/lib/libwebkit2gtk-4.0.so.37.14.4)
==17692== by 0xA8F780A: WTF::RunLoop::performWork() (in /build/local/lib/libjavascriptcoregtk-4.0.so.18.4.4)
==17692== by 0xA92C258: WTF::RunLoop::RunLoop()::{lambda(void*)#1}::_FUN(void*) (in /build/local/lib/libjavascriptcoregtk-4.0.so.18.4.4)
==17692== by 0x977E802: g_main_context_dispatch (in /usr/lib64/libglib-2.0.so.0.4800.0)
==17692== by 0x977EBAF: ??? (in /usr/lib64/libglib-2.0.so.0.4800.0)
==17692== by 0x977EED1: g_main_loop_run (in /usr/lib64/libglib-2.0.so.0.4800.0)
==17692== by 0xA92CB3F: WTF::RunLoop::run() (in /build/local/lib/libjavascriptcoregtk-4.0.so.18.4.4)
==17692== by 0xA92B867: std::_Function_handler<void (), WTF::WorkQueue::platformInitialize(char const*, WTF::WorkQueue::Type, WTF::WorkQueue::QOS)::{lambda()#1}>::_M_invoke(std::_Any_data const&) (in /build/local/lib/libjavascriptcoregtk-4.0.so.18.4.4)
==17692== by 0xA8F86E7: WTF::threadEntryPoint(void*) (in /build/local/lib/libjavascriptcoregtk-4.0.so.18.4.4)
==17692== by 0xA929CAC: WTF::wtfThreadEntryPoint(void*) (in /build/local/lib/libjavascriptcoregtk-4.0.so.18.4.4)
==17692== by 0xB19F589: start_thread (in /usr/lib64/libpthread-2.23.so)
==17692== by 0x77205CC: clone (in /usr/lib64/libc-2.23.so)
==17692== Address 0x1b3d3ab9 is 41 bytes inside a block of size 600 alloc'd
==17692== at 0x4C2BBAD: malloc (vg_replace_malloc.c:299)
==17692== by 0xA8EB868: WTF::fastMalloc(unsigned long) (in /build/local/lib/libjavascriptcoregtk-4.0.so.18.4.4)
==17692== by 0x535254B: IPC::Connection::createSyncMessageEncoder(IPC::StringReference, IPC::StringReference, unsigned long, unsigned long&) (in /build/local/lib/libwebkit2gtk-4.0.so.37.14.4)
==17692== by 0x5484622: WebKit::WebProcess::ensureNetworkProcessConnection() (in /build/local/lib/libwebkit2gtk-4.0.so.37.14.4)
==17692== by 0x54875A8: WebKit::WebProcess::initializeWebProcess(WebKit::WebProcessCreationParameters&&) (in /build/local/lib/libwebkit2gtk-4.0.so.37.14.4)
==17692== by 0x5673259: void IPC::handleMessage<Messages::WebProcess::InitializeWebProcess, WebKit::WebProcess, void (WebKit::WebProcess::*)(WebKit::WebProcessCreationParameters&&)>(IPC::Decoder&, WebKit::WebProcess*, void (WebKit::WebProcess::*)(WebKit::WebProcessCreationParameters&&)) (in /build/local/lib/libwebkit2gtk-4.0.so.37.14.4)
==17692== by 0x5672033: WebKit::WebProcess::didReceiveWebProcessMessage(IPC::Connection&, IPC::Decoder&) (in /build/local/lib/libwebkit2gtk-4.0.so.37.14.4)
==17692== by 0x5355595: IPC::Connection::dispatchMessage(std::unique_ptr<IPC::Decoder, std::default_delete<IPC::Decoder> >) (in /build/local/lib/libwebkit2gtk-4.0.so.37.14.4)
==17692== by 0x5356547: IPC::Connection::dispatchOneMessage() (in /build/local/lib/libwebkit2gtk-4.0.so.37.14.4)
==17692== by 0xA8F780A: WTF::RunLoop::performWork() (in /build/local/lib/libjavascriptcoregtk-4.0.so.18.4.4)
==17692== by 0xA92C258: WTF::RunLoop::RunLoop()::{lambda(void*)#1}::_FUN(void*) (in /build/local/lib/libjavascriptcoregtk-4.0.so.18.4.4)
==17692== by 0x977E802: g_main_context_dispatch (in /usr/lib64/libglib-2.0.so.0.4800.0)
==17692== by 0x977EBAF: ??? (in /usr/lib64/libglib-2.0.so.0.4800.0)
==17692== by 0x977EED1: g_main_loop_run (in /usr/lib64/libglib-2.0.so.0.4800.0)
==17692== by 0xA92CB3F: WTF::RunLoop::run() (in /build/local/lib/libjavascriptcoregtk-4.0.so.18.4.4)
==17692== by 0x5620541: int WebKit::ChildProcessMain<WebKit::WebProcess, WebKit::WebProcessMain>(int, char**) (in /build/local/lib/libwebkit2gtk-4.0.so.37.14.4)
==17692== by 0x7635720: (below main) (in /usr/lib64/libc-2.23.so)
==17692==
==17692== Thread 1:
==17692== Conditional jump or move depends on uninitialised value(s)
==17692== at 0x552F05E: WebKit::WebPage::setPageActivityState(unsigned int) (in /build/local/lib/libwebkit2gtk-4.0.so.37.14.4)
==17692== by 0x5EDBE21: WebCore::Page::setPageActivityState(unsigned int) (in /build/local/lib/libwebkit2gtk-4.0.so.37.14.4)
==17692== by 0x5EEAE41: WebCore::PageThrottler::pageLoadActivityCounterChanged() (in /build/local/lib/libwebkit2gtk-4.0.so.37.14.4)
==17692== by 0x5EEACCD: WebCore::PageThrottler::pageLoadActivityToken() (in /build/local/lib/libwebkit2gtk-4.0.so.37.14.4)
==17692== by 0x5DB5A39: WebCore::FrameLoader::started() (in /build/local/lib/libwebkit2gtk-4.0.so.37.14.4)
==17692== by 0x5DB5BC2: WebCore::FrameLoader::didOpenURL() (in /build/local/lib/libwebkit2gtk-4.0.so.37.14.4)
==17692== by 0x5DBF57F: WebCore::FrameLoader::commitProvisionalLoad() (in /build/local/lib/libwebkit2gtk-4.0.so.37.14.4)
==17692== by 0x5DA4215: WebCore::DocumentLoader::finishedLoading(double) (in /build/local/lib/libwebkit2gtk-4.0.so.37.14.4)
==17692== by 0x5DA4B17: WebCore::DocumentLoader::maybeLoadEmpty() (in /build/local/lib/libwebkit2gtk-4.0.so.37.14.4)
==17692== by 0x5DA4EA2: WebCore::DocumentLoader::startLoadingMainResource() (in /build/local/lib/libwebkit2gtk-4.0.so.37.14.4)
==17692== by 0x5DB8DDA: WebCore::FrameLoader::init() (in /build/local/lib/libwebkit2gtk-4.0.so.37.14.4)
==17692== by 0x551FDE2: WebKit::WebFrame::createWithCoreMainFrame(WebKit::WebPage*, WebCore::Frame*) (in /build/local/lib/libwebkit2gtk-4.0.so.37.14.4)
==17692== by 0x553E08B: WebKit::WebPage::WebPage(unsigned long, WebKit::WebPageCreationParameters const&) (in /build/local/lib/libwebkit2gtk-4.0.so.37.14.4)
==17692== by 0x553E66D: WebKit::WebPage::create(unsigned long, WebKit::WebPageCreationParameters const&) (in /build/local/lib/libwebkit2gtk-4.0.so.37.14.4)
==17692== by 0x5487B07: WebKit::WebProcess::createWebPage(unsigned long, WebKit::WebPageCreationParameters const&) (in /build/local/lib/libwebkit2gtk-4.0.so.37.14.4)
==17692== by 0x5673C35: void IPC::handleMessage<Messages::WebProcess::CreateWebPage, WebKit::WebProcess, void (WebKit::WebProcess::*)(unsigned long, WebKit::WebPageCreationParameters const&)>(IPC::Decoder&, WebKit::WebProcess*, void (WebKit::WebProcess::*)(unsigned long, WebKit::WebPageCreationParameters const&)) (in /build/local/lib/libwebkit2gtk-4.0.so.37.14.4)
==17692== by 0x56720B3: WebKit::WebProcess::didReceiveWebProcessMessage(IPC::Connection&, IPC::Decoder&) (in /build/local/lib/libwebkit2gtk-4.0.so.37.14.4)
==17692== by 0x5355595: IPC::Connection::dispatchMessage(std::unique_ptr<IPC::Decoder, std::default_delete<IPC::Decoder> >) (in /build/local/lib/libwebkit2gtk-4.0.so.37.14.4)
==17692== by 0x5356547: IPC::Connection::dispatchOneMessage() (in /build/local/lib/libwebkit2gtk-4.0.so.37.14.4)
==17692== by 0xA8F78D2: WTF::RunLoop::performWork() (in /build/local/lib/libjavascriptcoregtk-4.0.so.18.4.4)
==17692== by 0xA92C258: WTF::RunLoop::RunLoop()::{lambda(void*)#1}::_FUN(void*) (in /build/local/lib/libjavascriptcoregtk-4.0.so.18.4.4)
==17692== by 0x977E802: g_main_context_dispatch (in /usr/lib64/libglib-2.0.so.0.4800.0)
==17692== by 0x977EBAF: ??? (in /usr/lib64/libglib-2.0.so.0.4800.0)
==17692== by 0x977EED1: g_main_loop_run (in /usr/lib64/libglib-2.0.so.0.4800.0)
==17692== by 0xA92CB3F: WTF::RunLoop::run() (in /build/local/lib/libjavascriptcoregtk-4.0.so.18.4.4)
==17692== by 0x5620541: int WebKit::ChildProcessMain<WebKit::WebProcess, WebKit::WebProcessMain>(int, char**) (in /build/local/lib/libwebkit2gtk-4.0.so.37.14.4)
==17692== by 0x7635720: (below main) (in /usr/lib64/libc-2.23.so)
==17692==
==17692== Thread 4:
==17692== Syscall param sendmsg(msg.msg_iov[2]) points to uninitialised byte(s)
==17692== at 0x772166D: ??? (in /usr/lib64/libc-2.23.so)
==17692== by 0x559B881: IPC::Connection::sendOutgoingMessage(std::unique_ptr<IPC::Encoder, std::default_delete<IPC::Encoder> >) (in /build/local/lib/libwebkit2gtk-4.0.so.37.14.4)
==17692== by 0x535316B: IPC::Connection::sendOutgoingMessages() (in /build/local/lib/libwebkit2gtk-4.0.so.37.14.4)
==17692== by 0xA8F780A: WTF::RunLoop::performWork() (in /build/local/lib/libjavascriptcoregtk-4.0.so.18.4.4)
==17692== by 0xA92C258: WTF::RunLoop::RunLoop()::{lambda(void*)#1}::_FUN(void*) (in /build/local/lib/libjavascriptcoregtk-4.0.so.18.4.4)
==17692== by 0x977E802: g_main_context_dispatch (in /usr/lib64/libglib-2.0.so.0.4800.0)
==17692== by 0x977EBAF: ??? (in /usr/lib64/libglib-2.0.so.0.4800.0)
==17692== by 0x977EED1: g_main_loop_run (in /usr/lib64/libglib-2.0.so.0.4800.0)
==17692== by 0xA92CB3F: WTF::RunLoop::run() (in /build/local/lib/libjavascriptcoregtk-4.0.so.18.4.4)
==17692== by 0xA92B867: std::_Function_handler<void (), WTF::WorkQueue::platformInitialize(char const*, WTF::WorkQueue::Type, WTF::WorkQueue::QOS)::{lambda()#1}>::_M_invoke(std::_Any_data const&) (in /build/local/lib/libjavascriptcoregtk-4.0.so.18.4.4)
==17692== by 0xA8F86E7: WTF::threadEntryPoint(void*) (in /build/local/lib/libjavascriptcoregtk-4.0.so.18.4.4)
==17692== by 0xA929CAC: WTF::wtfThreadEntryPoint(void*) (in /build/local/lib/libjavascriptcoregtk-4.0.so.18.4.4)
==17692== by 0xB19F589: start_thread (in /usr/lib64/libpthread-2.23.so)
==17692== by 0x77205CC: clone (in /usr/lib64/libc-2.23.so)
==17692== Address 0x32e2c309 is 41 bytes inside a block of size 600 alloc'd
==17692== at 0x4C2BBAD: malloc (vg_replace_malloc.c:299)
==17692== by 0xA8EB868: WTF::fastMalloc(unsigned long) (in /build/local/lib/libjavascriptcoregtk-4.0.so.18.4.4)
==17692== by 0x5617D1F: WebKit::AcceleratedDrawingArea::sendDidUpdateBackingStoreState() (in /build/local/lib/libwebkit2gtk-4.0.so.37.14.4)
==17692== by 0x561A298: WebKit::DrawingAreaImpl::sendDidUpdateBackingStoreState() (in /build/local/lib/libwebkit2gtk-4.0.so.37.14.4)
==17692== by 0x561825B: WebKit::AcceleratedDrawingArea::updateBackingStoreState(unsigned long, bool, float, WebCore::IntSize const&, WebCore::IntSize const&) (in /build/local/lib/libwebkit2gtk-4.0.so.37.14.4)
==17692== by 0x561AEEA: WebKit::DrawingAreaImpl::updateBackingStoreState(unsigned long, bool, float, WebCore::IntSize const&, WebCore::IntSize const&) (in /build/local/lib/libwebkit2gtk-4.0.so.37.14.4)
==17692== by 0x5683491: void IPC::handleMessage<Messages::DrawingArea::UpdateBackingStoreState, WebKit::DrawingArea, void (WebKit::DrawingArea::*)(unsigned long, bool, float, WebCore::IntSize const&, WebCore::IntSize const&)>(IPC::Decoder&, WebKit::DrawingArea*, void (WebKit::DrawingArea::*)(unsigned long, bool, float, WebCore::IntSize const&, WebCore::IntSize const&)) (in /build/local/lib/libwebkit2gtk-4.0.so.37.14.4)
==17692== by 0x56833A1: WebKit::DrawingArea::didReceiveMessage(IPC::Connection&, IPC::Decoder&) (in /build/local/lib/libwebkit2gtk-4.0.so.37.14.4)
==17692== by 0x535965B: IPC::MessageReceiverMap::dispatchMessage(IPC::Connection&, IPC::Decoder&) (in /build/local/lib/libwebkit2gtk-4.0.so.37.14.4)
==17692== by 0x548ACA5: WebKit::WebProcess::didReceiveMessage(IPC::Connection&, IPC::Decoder&) (in /build/local/lib/libwebkit2gtk-4.0.so.37.14.4)
==17692== by 0x5355595: IPC::Connection::dispatchMessage(std::unique_ptr<IPC::Decoder, std::default_delete<IPC::Decoder> >) (in /build/local/lib/libwebkit2gtk-4.0.so.37.14.4)
==17692== by 0x5356547: IPC::Connection::dispatchOneMessage() (in /build/local/lib/libwebkit2gtk-4.0.so.37.14.4)
==17692== by 0xA8F78D2: WTF::RunLoop::performWork() (in /build/local/lib/libjavascriptcoregtk-4.0.so.18.4.4)
==17692== by 0xA92C258: WTF::RunLoop::RunLoop()::{lambda(void*)#1}::_FUN(void*) (in /build/local/lib/libjavascriptcoregtk-4.0.so.18.4.4)
==17692== by 0x977E802: g_main_context_dispatch (in /usr/lib64/libglib-2.0.so.0.4800.0)
==17692== by 0x977EBAF: ??? (in /usr/lib64/libglib-2.0.so.0.4800.0)
==17692== by 0x977EED1: g_main_loop_run (in /usr/lib64/libglib-2.0.so.0.4800.0)
==17692== by 0xA92CB3F: WTF::RunLoop::run() (in /build/local/lib/libjavascriptcoregtk-4.0.so.18.4.4)
==17692== by 0x5620541: int WebKit::ChildProcessMain<WebKit::WebProcess, WebKit::WebProcessMain>(int, char**) (in /build/local/lib/libwebkit2gtk-4.0.so.37.14.4)
==17692== by 0x7635720: (below main) (in /usr/lib64/libc-2.23.so)
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20160907/5d98a88a/attachment-0001.html>
More information about the webkit-unassigned
mailing list