[Webkit-unassigned] [Bug 228901] New: UBSan: KeyboardScrollingAnimator.cpp:303:10: runtime error: load of value nnn, which is not a valid value for type 'bool'
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Sat Aug 7 18:47:06 PDT 2021
https://bugs.webkit.org/show_bug.cgi?id=228901
Bug ID: 228901
Summary: UBSan: KeyboardScrollingAnimator.cpp:303:10: runtime
error: load of value nnn, which is not a valid value
for type 'bool'
Product: WebKit
Version: WebKit Nightly Build
Hardware: Unspecified
OS: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: WebCore Misc.
Assignee: webkit-unassigned at lists.webkit.org
Reporter: ddkilzer at webkit.org
UBSan: KeyboardScrollingAnimator.cpp:303:10: runtime error: load of value nnn, which is not a valid value for type 'bool'
Occurs here:
void KeyboardScrollingAnimator::handleKeyUpEvent()
{
if (!m_scrollTriggeringKeyIsPressed) // UBSan warning
return;
stopKeyboardScrollAnimation();
m_scrollTriggeringKeyIsPressed = false;
}
Caused by the m_wasAccumulatingRepaintRegion instance variable not being initialized:
class KeyboardScrollingAnimator {
[...]
private:
[...]
bool m_scrollTriggeringKeyIsPressed; // BUG: No default initialization.
[...]
};
Affects the following 78 layout tests:
accessibility/aria-slider-value-change.html
accessibility/insert-children-assert.html
accessibility/mac/focus-moves-cursor.html
accessibility/mac/input-type-change-crash-2.html
accessibility/mac/input-type-change-crash.html
accessibility/mac/selection-initial.html
accessibility/mac/text-marker-line-boundary.html
accessibility/spinbutton-crash.html
editing/caret/emoji.html
editing/deleting/5729680.html
editing/input/caret-at-the-edge-of-input.html
editing/input/cocoa/autocorrect-off.html
editing/inserting/typing-tab-designmode-forms.html
editing/mac/deleting/backward-delete.html
editing/mac/spelling/autocorrection-blockquote-crash.html
editing/pasteboard/emacs-ctrl-a-k-y.html
editing/selection/context-menu-text-selection-lookup.html
editing/selection/move-begin-end.html
editing/selection/verify-editing-behavior-for-line-granularity.html
fast/dom/MutationObserver/inline-event-listener.html
fast/dom/access-key-iframe.html
fast/dom/fragment-activation-focuses-target.html
fast/dom/hidden-iframe-no-focus.html
fast/dom/mutation-details-focus.html
fast/events/autoscroll-should-not-stop-on-keypress.html
fast/events/beforeunload-alert-handled-keydown.html
fast/events/event-input-contentEditable.html
fast/events/focus-label-legend-elements-with-tab.html
fast/events/select-element.html
fast/events/tab-focus-anchor.html
fast/forms/access-key-case-insensitive.html
fast/forms/call-text-did-change-in-text-field-when-typing.html
fast/forms/datalist/datalist-option-labels.html
fast/forms/datetimelocal/datetimelocal-editable-components/datetimelocal-editable-components-keyboard-events.html
fast/forms/disabled-search-input.html
fast/forms/input-first-letter-edit.html
fast/forms/legend-access-key.html
fast/forms/month/month-editable-components/month-editable-components-focus-and-blur-events.html
fast/forms/onchange-enter-submit.html
fast/forms/radio/input-radio-checked-tab.html
fast/forms/range/range-keyboard-oninput-event.html
fast/forms/search-event-delay.html
fast/forms/tabbing-input-iframe.html
fast/forms/time/time-editable-components/time-editable-components-focus-and-blur-events.html
fast/forms/validation-message-maxLength.html
fast/frames/focus-controller-crash-change-event.html
fast/frames/iframe-window-focus.html
fast/html/details-keyboard-show-hide.html
fast/html/progress-user-modify.html
fast/repaint/fixed-move-after-keyboard-scroll.html
fast/scrolling/arrow-key-scroll-in-rtl-document.html
fast/text/scroll-text-overflow-ellipsis.html
fullscreen/full-screen-crash-custom-scrollbars.html
fullscreen/full-screen-iframe-allowed-prefixed.html
fullscreen/full-screen-table-section.html
http/tests/fullscreen/fullscreenelement-different-origin.html
http/tests/navigation/keyboard-events-during-provisional-subframe-navigation.html
http/tests/pointer-lock/iframe-sandboxed-nested-allow-pointer-lock.html
http/tests/storageAccess/aggregate-sorted-data-with-storage-access.html
http/tests/storageAccess/deny-without-prompt-preserves-gesture.html
http/tests/storageAccess/request-and-grant-access-cross-origin-non-sandboxed-iframe-ephemeral.html
http/tests/storageAccess/request-and-grant-access-cross-origin-non-sandboxed-iframe.html
http/tests/storageAccess/request-and-grant-access-then-navigate-same-site-should-have-access.html
http/tests/storageAccess/request-and-grant-access-with-per-page-scope-access-from-another-frame.html
imported/blink/fast/events/click-focus-keydown-no-ring.html
imported/w3c/web-platform-tests/css/css-contain/content-visibility/content-visibility-047.html
imported/w3c/web-platform-tests/css/css-scroll-snap/input/keyboard.html
imported/w3c/web-platform-tests/css/selectors/focus-visible-008.html
imported/w3c/web-platform-tests/html/interaction/focus/focus-keyboard-js.html
imported/w3c/web-platform-tests/html/semantics/forms/the-input-element/maxlength-number.html
imported/w3c/web-platform-tests/shadow-dom/focus/focus-tabindex-order-shadow-negative-delegatesFocus.html
imported/w3c/web-platform-tests/shadow-dom/focus/focus-tabindex-order-shadow-negative.html
platform/mac/fast/events/non-roman-key-code.html
pointer-lock/lock-element-not-in-dom.html
scrollbars/scrollbar-miss-mousemove-disabled.html
svg/custom/focus-event-handling-keyboard.xhtml
tiled-drawing/scrolling/scroll-snap/scroll-snap-mandatory-mainframe-horizontal-with-keyboard-scaled.html
webaudio/audiocontext-restriction-audiobuffersourcenode-start.html
How to find list of tests:
$ cd OpenSource/LayoutTests
$ $ for F in `grep -l -r 'KeyboardScrollingAnimator.cpp:303:10' ../WebKitBuild/layout-test-results/ | sed -e 's#^.*//##' -e 's/-stderr.txt/*/'`; do ls $F | grep -v 'expected'; done | sort | pbcopy
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20210808/e85d2cd4/attachment-0001.htm>
More information about the webkit-unassigned
mailing list