[Webkit-unassigned] [Bug 204107] New: [GTK] valgrind: Source and destination overlap in memcpy_chk()

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Nov 12 01:24:35 PST 2019 

https://bugs.webkit.org/show_bug.cgi?id=204107

            Bug ID: 204107
           Summary: [GTK] valgrind: Source and destination overlap in
                    memcpy_chk()
           Product: WebKit
           Version: Other
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebKitGTK
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: mcrha at redhat.com
                CC: bugs-noreply at webkitgtk.org

I just noticed this when running WebKitWebProcess of 2.26.2 release under valgrind. It showed when starting evolution.

==9353== Thread 1:
==9353== Source and destination overlap in memcpy_chk(0x1ffeffc117, 0x1ffeffc116, 8)
==9353==    at 0x4840960: __memcpy_chk (vg_replace_strmem.c:1595)
==9353==    by 0x5E18C00: UnknownInlinedFun (string_fortified.h:40)
==9353==    by 0x5E18C00: cssValueKeywordID<char16_t> (CSSPropertyParser.cpp:190)
==9353==    by 0x5E18C00: WebCore::cssValueKeywordID(WTF::StringView) (CSSPropertyParser.cpp:208)
==9353==    by 0x5E18D21: WebCore::CSSParserToken::id() const [clone .part.0] (CSSParserToken.cpp:310)
==9353==    by 0x5E3B6AB: WebCore::CSSPropertyParser::consumeCSSWideKeyword(WebCore::CSSPropertyID, bool) (CSSPropertyParser.cpp:352)
==9353==    by 0x5E471C9: WebCore::CSSPropertyParser::parseValueStart(WebCore::CSSPropertyID, bool) (CSSPropertyParser.cpp:317)
==9353==    by 0x5E4748F: WebCore::CSSPropertyParser::parseValue(WebCore::CSSPropertyID, bool, WebCore::CSSParserTokenRange const&, WebCore::CSSParserContext const&, WTF::Vector<WebCore::CSSProperty, 256ul, WTF::CrashOnOverflow, 16ul>&, WebCore::StyleRuleBase::Type) (CSSPropertyParser.cpp:277)
==9353==    by 0x5E0B390: WebCore::CSSParserImpl::consumeDeclarationValue(WebCore::CSSParserTokenRange, WebCore::CSSPropertyID, bool, WebCore::StyleRuleBase::Type) (CSSParserImpl.cpp:850)
==9353==    by 0x5E0F5E6: WebCore::CSSParserImpl::consumeDeclaration(WebCore::CSSParserTokenRange, WebCore::StyleRuleBase::Type) (CSSParserImpl.cpp:833)
==9353==    by 0x5E0FAA1: WebCore::CSSParserImpl::consumeDeclarationList(WebCore::CSSParserTokenRange, WebCore::StyleRuleBase::Type) (CSSParserImpl.cpp:771)
==9353==    by 0x5E12141: WebCore::CSSParserImpl::consumeStyleRule(WebCore::CSSParserTokenRange, WebCore::CSSParserTokenRange) (CSSParserImpl.cpp:742)
==9353==    by 0x5E124B6: WebCore::CSSParserImpl::consumeQualifiedRule(WebCore::CSSParserTokenRange&, WebCore::CSSParserImpl::AllowedRulesType) (CSSParserImpl.cpp:471)
==9353==    by 0x5E141CE: consumeRuleList<WebCore::CSSParserImpl::parseStyleSheet(const WTF::String&, const WebCore::CSSParserContext&, WebCore::StyleSheetContents*, WebCore::CSSParser::RuleParsing)::<lambda(WTF::RefPtr<WebCore::StyleRuleBase>)> > (CSSParserImpl.cpp:385)
==9353==    by 0x5E141CE: WebCore::CSSParserImpl::parseStyleSheet(WTF::String const&, WebCore::CSSParserContext const&, WebCore::StyleSheetContents*, WebCore::CSSParser::RuleParsing) (CSSParserImpl.cpp:247)
==9353==    by 0x5DFE79E: WebCore::StyleSheetContents::parseString(WTF::String const&) (StyleSheetContents.cpp:347)
==9353==    by 0x5D489B7: WebCore::parseUASheet(WTF::String const&) (CSSDefaultStyleSheets.cpp:114)
==9353==    by 0x5D4D2F1: WebCore::CSSDefaultStyleSheets::loadFullDefaultStyle() (CSSDefaultStyleSheets.cpp:179)
==9353==    by 0x5D4D825: WebCore::CSSDefaultStyleSheets::ensureDefaultStyleSheetsForElement(WebCore::Element const&) (CSSDefaultStyleSheets.cpp:207)
==9353==    by 0x5DF5190: WebCore::StyleResolver::styleForElement(WebCore::Element const&, WebCore::RenderStyle const*, WebCore::RenderStyle const*, WebCore::RuleMatchingBehavior, WebCore::SelectorFilter const*) (StyleResolver.cpp:373)
==9353==    by 0x5EAD978: WebCore::Document::styleForElementIgnoringPendingStylesheets(WebCore::Element&, WebCore::RenderStyle const*, WebCore::PseudoId) (Document.cpp:2120)
==9353==    by 0x5EE7B03: WebCore::Element::resolveComputedStyle() (Element.cpp:3160)
==9353==    by 0x5EE7E87: computedStyle (Element.cpp:3199)
==9353==    by 0x5EE7E87: WebCore::Element::computedStyle(WebCore::PseudoId) (Element.cpp:3189)
==9353==    by 0x6125AEF: WebCore::HTMLTitleElement::computedTextWithDirection() (HTMLTitleElement.cpp:84)
==9353==    by 0x6125C5B: WebCore::HTMLTitleElement::childrenChanged(WebCore::ContainerNode::ChildChange const&) (HTMLTitleElement.cpp:72)
==9353==    by 0x5E7FB13: executeNodeInsertionWithScriptAssertion<WebCore::ContainerNode::parserAppendChild(WebCore::Node&)::<lambda()> > (ContainerNode.cpp:204)
==9353==    by 0x5E7FB13: WebCore::ContainerNode::parserAppendChild(WebCore::Node&) (ContainerNode.cpp:746)
==9353==    by 0x61AC2FC: insert (HTMLConstructionSite.cpp:114)
==9353==    by 0x61AC2FC: insert (HTMLConstructionSite.cpp:103)
==9353==    by 0x61AC2FC: executeInsertTask (HTMLConstructionSite.cpp:121)
==9353==    by 0x61AC2FC: executeTask (HTMLConstructionSite.cpp:175)
==9353==    by 0x61AC2FC: WebCore::HTMLConstructionSite::insertTextNode(WTF::String const&, WebCore::WhitespaceMode) (HTMLConstructionSite.cpp:606)
==9353==    by 0x61DDDEF: WebCore::HTMLTreeBuilder::processCharacterBuffer(WebCore::HTMLTreeBuilder::ExternalCharacterTokenBuffer&) (HTMLTreeBuilder.cpp:2421)
==9353==    by 0x61DF50B: WebCore::HTMLTreeBuilder::processCharacter(WebCore::AtomicHTMLToken&&) (HTMLTreeBuilder.cpp:2191)
==9353==    by 0x61DFC54: WebCore::HTMLTreeBuilder::constructTree(WebCore::AtomicHTMLToken&&) (HTMLTreeBuilder.cpp:350)
==9353==    by 0x61B7190: WebCore::HTMLDocumentParser::constructTreeFromHTMLToken(WebCore::HTMLTokenizer::TokenPtr&) (HTMLDocumentParser.cpp:348)
==9353==    by 0x61B7368: WebCore::HTMLDocumentParser::pumpTokenizerLoop(WebCore::HTMLDocumentParser::SynchronousMode, bool, WebCore::PumpSession&) (HTMLDocumentParser.cpp:285)
==9353==    by 0x61B769A: WebCore::HTMLDocumentParser::pumpTokenizer(WebCore::HTMLDocumentParser::SynchronousMode) (HTMLDocumentParser.cpp:303)
==9353==    by 0x61B8436: WebCore::HTMLDocumentParser::append(WTF::RefPtr<WTF::StringImpl, WTF::DumbPtrTraits<WTF::StringImpl> >&&) (HTMLDocumentParser.cpp:417)
==9353==    by 0x5E96198: WebCore::DecodedDataDocumentParser::appendBytes(WebCore::DocumentWriter&, char const*, unsigned long) (DecodedDataDocumentParser.cpp:50)
==9353==    by 0x62C5A96: WebCore::DocumentLoader::commitData(char const*, unsigned long) (DocumentLoader.cpp:1160)
==9353==    by 0x53D5635: WebKit::WebFrameLoaderClient::committedLoad(WebCore::DocumentLoader*, char const*, int) (WebFrameLoaderClient.cpp:1094)
==9353==    by 0x62C272E: WebCore::DocumentLoader::commitLoad(char const*, int) (DocumentLoader.cpp:1047)
==9353==    by 0x6370304: notifyClientsDataWasReceived (CachedRawResource.cpp:136)
==9353==    by 0x6370304: WebCore::CachedRawResource::notifyClientsDataWasReceived(char const*, unsigned int) (CachedRawResource.cpp:128)
==9353==    by 0x6370675: updateBuffer (CachedRawResource.cpp:73)
==9353==    by 0x6370675: WebCore::CachedRawResource::updateBuffer(WebCore::SharedBuffer&) (CachedRawResource.cpp:57)
==9353==    by 0x633B427: WebCore::SubresourceLoader::didReceiveDataOrBuffer(char const*, int, WTF::RefPtr<WebCore::SharedBuffer, WTF::DumbPtrTraits<WebCore::SharedBuffer> >&&, long long, WebCore::DataPayloadType) (SubresourceLoader.cpp:481)
==9353==    by 0x633B596: WebCore::SubresourceLoader::didReceiveData(char const*, unsigned int, long long, WebCore::DataPayloadType) (SubresourceLoader.cpp:449)
==9353==    by 0x4F40B68: callMemberFunctionImpl<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(const IPC::DataReference&, long int), std::tuple<IPC::DataReference, long int>, 0, 1> (HandleMessage.h:41)
==9353==    by 0x4F40B68: callMemberFunction<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(const IPC::DataReference&, long int), std::tuple<IPC::DataReference, long int> > (HandleMessage.h:47)
==9353==    by 0x4F40B68: void IPC::handleMessage<Messages::WebResourceLoader::DidReceiveData, WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(IPC::DataReference const&, long)>(IPC::Decoder&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(IPC::DataReference const&, long)) (HandleMessage.h:120)
==9353==    by 0x503E3F3: IPC::Connection::dispatchMessage(IPC::Decoder&) (Connection.cpp:939)
==9353==    by 0x503F66C: IPC::Connection::dispatchMessage(std::unique_ptr<IPC::Decoder, std::default_delete<IPC::Decoder> >) (Connection.cpp:991)
==9353==    by 0x504073E: IPC::Connection::dispatchOneIncomingMessage() (Connection.cpp:1060)
==9353==    by 0xA01DD24: WTF::RunLoop::performWork() (in /usr/lib64/libjavascriptcoregtk-4.0.so.18.14.7)
==9353==    by 0xA06A88C: ??? (in /usr/lib64/libjavascriptcoregtk-4.0.so.18.14.7)
==9353==    by 0x89AB49F: g_main_dispatch (gmain.c:3179)
==9353==    by 0x89AB49F: g_main_context_dispatch (gmain.c:3844)
==9353==    by 0x89AB82F: g_main_context_iterate.isra.0 (gmain.c:3917)
==9353==    by 0x89ABB22: g_main_loop_run (gmain.c:4111)
==9353==    by 0xA06B2FF: WTF::RunLoop::run() (in /usr/lib64/libjavascriptcoregtk-4.0.so.18.14.7)
==9353==    by 0x543DD29: int WebKit::AuxiliaryProcessMain<WebKit::WebProcess, WebKit::WebProcessMain>(int, char**) (AuxiliaryProcessMain.h:66)

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20191112/296f57e9/attachment-0001.htm>

More information about the webkit-unassigned mailing list