[Webkit-unassigned] [Bug 199572] REGRESSION(r246671): [WPE][GTK] Memory corruption in NetworkProcess since the DNS cache landed
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Jul 8 07:55:53 PDT 2019
https://bugs.webkit.org/show_bug.cgi?id=199572
--- Comment #4 from Claudio Saavedra <csaavedra at igalia.com> ---
==27300== Thread 1:
==27300== Invalid read of size 8
==27300== at 0xE4B5029: g_error_free (gerror.c:493)
==27300== by 0x6428719: webkitCachedResolverLookupByNameAsync(_GResolver*, char const*, _GCancellable*, void (*)(_GObject*, _GAsyncResult*, void*), void*)::{lambda(_GObject*, _GAsyncResult*, void*)#1}::_FUN(_
GObject*, _GAsyncResult*, void*) (in /home/claudio/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37.38.1)
==27300== by 0xED40AF8: g_task_return_now (gtask.c:1148)
==27300== by 0xED40B38: complete_in_idle_cb (gtask.c:1162)
==27300== by 0xE4C99B7: g_main_dispatch (gmain.c:3182)
==27300== by 0xE4C99B7: g_main_context_dispatch (gmain.c:3847)
==27300== by 0xE4C9D77: g_main_context_iterate.isra.26 (gmain.c:3920)
==27300== by 0xE4CA061: g_main_loop_run (gmain.c:4116)
==27300== by 0xAAEEA2F: WTF::RunLoop::run() (in /home/claudio/git/gnome/WebKit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18.14.1)
==27300== by 0x6430329: int WebKit::AuxiliaryProcessMain<WebKit::NetworkProcess, WebKit::NetworkProcessMain>(int, char**) (in /home/claudio/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37.38.
1)
==27300== by 0xFC7B09A: (below main) (libc-start.c:308)
==27300== Address 0x5c749bd8 is 8 bytes inside a block of size 16 free'd
==27300== at 0x48369AB: free (vg_replace_malloc.c:530)
==27300== by 0xE205350: lookup_resolved (soup-address.c:762)
==27300== by 0xED40AF8: g_task_return_now (gtask.c:1148)
==27300== by 0xED41575: g_task_return (gtask.c:1206)
==27300== by 0x6428744: webkitCachedResolverLookupByNameAsync(_GResolver*, char const*, _GCancellable*, void (*)(_GObject*, _GAsyncResult*, void*), void*)::{lambda(_GObject*, _GAsyncResult*, void*)#1}::_FUN(_
GObject*, _GAsyncResult*, void*) (in /home/claudio/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37.38.1)
==27300== by 0xED40AF8: g_task_return_now (gtask.c:1148)
==27300== by 0xED40B38: complete_in_idle_cb (gtask.c:1162)
==27300== by 0xE4C99B7: g_main_dispatch (gmain.c:3182)
==27300== by 0xE4C99B7: g_main_context_dispatch (gmain.c:3847)
==27300== by 0xE4C9D77: g_main_context_iterate.isra.26 (gmain.c:3920)
==27300== by 0xE4CA061: g_main_loop_run (gmain.c:4116)
==27300== by 0xAAEEA2F: WTF::RunLoop::run() (in /home/claudio/git/gnome/WebKit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18.14.1)
==27300== by 0x6430329: int WebKit::AuxiliaryProcessMain<WebKit::NetworkProcess, WebKit::NetworkProcessMain>(int, char**) (in /home/claudio/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37.38.
1)
==27300== by 0xFC7B09A: (below main) (libc-start.c:308)
==27300== Block was alloc'd at
==27300== at 0x483577F: malloc (vg_replace_malloc.c:299)
==27300== by 0xE4CF2E0: g_malloc (gmem.c:99)
==27300== by 0xE4E6782: g_slice_alloc (gslice.c:1024)
==27300== by 0xE4B4E2C: g_error_new_valist (gerror.c:410)
==27300== by 0xED42077: g_task_return_new_error (gtask.c:1811)
==27300== by 0xED44C75: do_lookup_by_name (gthreadedresolver.c:123)
==27300== by 0xED416A2: g_task_thread_pool_thread (gtask.c:1331)
==27300== by 0xE4F19B2: g_thread_pool_thread_proxy (gthreadpool.c:307)
==27300== by 0xE4F1054: g_thread_proxy (gthread.c:784)
==27300== by 0xDD5BFA2: start_thread (pthread_create.c:486)
==27300== by 0xFD504CE: clone (clone.S:95)
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20190708/8ba0ba02/attachment.html>
More information about the webkit-unassigned
mailing list