[Webkit-unassigned] [Bug 215976] New: [GTK] REGRESSION(r150392) insufficient space allocation results in heap corruption
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Sat Aug 29 02:17:37 PDT 2020
https://bugs.webkit.org/show_bug.cgi?id=215976
Bug ID: 215976
Summary: [GTK] REGRESSION(r150392) insufficient space
allocation results in heap corruption
Product: WebKit
Version: WebKit Nightly Build
Hardware: Unspecified
OS: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: WebKitGTK
Assignee: webkit-unassigned at lists.webkit.org
Reporter: jmason at ibinx.com
CC: bugs-noreply at webkitgtk.org
The change introduced by the patch for 150392 fails to allocate enough space for the new RunLoopSource struct in the TimerBase ctor, resulting in a segmentation fault due to heap corruption:
(gdb) bt
#0 0x00007ffaa94e30d1 in _malloc_unlocked () at /lib/64/libc.so.1
#1 0x00007ffaa94e2f14 in malloc () at /lib/64/libc.so.1
#2 0x00007ffaa94caaef in calloc () at /lib/64/libc.so.1
#3 0x00007ffaa8f90189 in g_malloc0 () at /usr/lib/64/libglib-2.0.so.0
#4 0x00007ffaa8f864fb in g_source_new () at /usr/lib/64/libglib-2.0.so.0
#5 0x00007ffa9edcc6f4 in WTF::RunLoop::TimerBase::TimerBase(WTF::RunLoop&) ()
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20200829/7cf3c6b2/attachment.htm>
More information about the webkit-unassigned
mailing list