[Webkit-unassigned] [Bug 212412] New: REGRESSION(r260318): [WPE][GTK] Uninitialized memory read in MemoryPressureMonitor

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed May 27 09:40:46 PDT 2020 

https://bugs.webkit.org/show_bug.cgi?id=212412

            Bug ID: 212412
           Summary: REGRESSION(r260318): [WPE][GTK] Uninitialized memory
                    read in MemoryPressureMonitor
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebKitGTK
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: mcatanzaro at gnome.org
                CC: bugs-noreply at webkitgtk.org, psaavedra at igalia.com

Hm, I don't fully understand this one:

==9020== Thread 46 PressureMonitor:
==9020== Conditional jump or move depends on uninitialised value(s)
==9020==    at 0x6AD5D77: systemMemoryUsedAsPercentage (MemoryPressureMonitor.cpp:246)
==9020==    by 0x6AD5D77: WebKit::MemoryPressureMonitor::start()::{lambda()#1}::operator()() const [clone .constprop.0] (MemoryPressureMonitor.cpp:347)
==9020==    by 0x6AD6358: WTF::Detail::CallableWrapper<WebKit::MemoryPressureMonitor::start()::{lambda()#1}, void>::call() (Function.h:52)
==9020==    by 0xA4ACE98: operator() (Function.h:84)
==9020==    by 0xA4ACE98: WTF::Thread::entryPoint(WTF::Thread::NewThreadContext*) (Threading.cpp:167)
==9020==    by 0xA4F83A8: WTF::wtfThreadEntryPoint(void*) (ThreadingPOSIX.cpp:197)
==9020==    by 0xB1AB431: start_thread (pthread_create.c:477)
==9020==    by 0x58BF9D2: clone (clone.S:95)
==9020==  Uninitialised value was created by a stack allocation
==9020==    at 0x6AD5BAB: WebKit::MemoryPressureMonitor::start()::{lambda()#1}::operator()() const [clone .constprop.0] (MemoryPressureMonitor.cpp:330)

Zero-initializing the token buffer avoids the warning. I'm not sure, but I *think* it's a false positive. token should be initialized by fscanf up through the first NUL character. Past that can be uninitialized, but that shouldn't affect program execution. So I *think* it's not a real bug, though we should certainly initialize the buffer to suppress the warning.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20200527/583e12fd/attachment.htm>

More information about the webkit-unassigned mailing list