[Webkit-unassigned] [Bug 226824] New: [GTK] Unitialized memory read from NativeWebWheelEvent
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Jun 9 09:17:28 PDT 2021
https://bugs.webkit.org/show_bug.cgi?id=226824
Bug ID: 226824
Summary: [GTK] Unitialized memory read from NativeWebWheelEvent
Product: WebKit
Version: WebKit Nightly Build
Hardware: PC
OS: Linux
Status: NEW
Severity: Normal
Priority: P2
Component: WebKitGTK
Assignee: webkit-unassigned at lists.webkit.org
Reporter: mcatanzaro at gnome.org
CC: bugs-noreply at webkitgtk.org
==793346== Syscall param sendmsg(msg.msg_iov[1]) points to uninitialised byte(s)
==793346== at 0x5990ACD: sendmsg (in /usr/lib64/libc-2.33.so)
==793346== by 0x6AA9F03: IPC::Connection::sendOutputMessage(IPC::UnixMessage&) (ConnectionUnix.cpp:536)
==793346== by 0x6AABE99: IPC::Connection::sendOutgoingMessage(WTF::UniqueRef<IPC::Encoder>&&) (ConnectionUnix.cpp:454)
==793346== by 0x6A99047: IPC::Connection::sendOutgoingMessages() [clone .part.0] (Connection.cpp:932)
==793346== by 0xA940735: operator() (Function.h:82)
==793346== by 0xA940735: WTF::RunLoop::performWork() (RunLoop.cpp:133)
==793346== by 0xA995928: operator() (RunLoopGLib.cpp:80)
==793346== by 0xA995928: WTF::RunLoop::RunLoop()::{lambda(void*)#1}::_FUN(void*) (RunLoopGLib.cpp:82)
==793346== by 0xA99625E: operator() (RunLoopGLib.cpp:53)
==793346== by 0xA99625E: WTF::RunLoop::{lambda(_GSource*, int (*)(void*), void*)#1}::_FUN(_GSource*, int (*)(void*), void*) (RunLoopGLib.cpp:56)
==793346== by 0x55FAE37: g_main_dispatch (gmain.c:3344)
==793346== by 0x55FBD8A: g_main_context_dispatch (gmain.c:4062)
==793346== by 0x55FBF76: g_main_context_iterate (gmain.c:4138)
==793346== by 0x55FC413: g_main_loop_run (gmain.c:4336)
==793346== by 0xA99637F: WTF::RunLoop::run() (RunLoopGLib.cpp:108)
==793346== Address 0xf86453a is 74 bytes inside a block of size 576 alloc'd
==793346== at 0x484086F: malloc (vg_replace_malloc.c:380)
==793346== by 0xA99C33A: bmalloc::DebugHeap::malloc(unsigned long, bmalloc::FailureAction) (DebugHeap.cpp:98)
==793346== by 0x6B3F26B: operator new (Encoder.h:44)
==793346== by 0x6B3F26B: WTF::UniqueRef<IPC::Encoder> WTF::makeUniqueRefWithoutFastMallocCheck<IPC::Encoder, IPC::MessageName, unsigned long&>(IPC::MessageName&&, unsigned long&) [clone .isra.0] (UniqueRef.h:38)
==793346== by 0x6B475C2: makeUniqueRef<IPC::Encoder, IPC::MessageName, long unsigned int&> (UniqueRef.h:45)
==793346== by 0x6B475C2: send<Messages::EventDispatcher::WheelEvent> (MessageSender.h:47)
==793346== by 0x6B475C2: WebKit::WebPageProxy::sendWheelEvent(WebKit::WebWheelEvent const&) (WebPageProxy.cpp:2848)
==793346== by 0x6B50767: WebKit::WebPageProxy::handleWheelEvent(WebKit::NativeWebWheelEvent const&) (WebPageProxy.cpp:2814)
==793346== by 0x6C44B79: webkitWebViewBaseHandleWheelEvent (WebKitWebViewBase.cpp:1283)
==793346== by 0x6C44B79: webkitWebViewBaseScrollEvent(_GtkWidget*, _GdkEventScroll*) (WebKitWebViewBase.cpp:1317)
==793346== by 0x4A5DA3E: _gtk_marshal_BOOLEAN__BOXEDv (gtkmarshalers.c:130)
==793346== by 0x554AF45: g_type_class_meta_marshalv (gclosure.c:1034)
==793346== by 0x554AA98: _g_closure_invoke_va (gclosure.c:873)
==793346== by 0x55684F7: g_signal_emit_valist (gsignal.c:3406)
==793346== by 0x5569789: g_signal_emit (gsignal.c:3553)
==793346== by 0x4E3CFFE: gtk_widget_event_internal (gtkwidget.c:7808)
==793346== Uninitialised value was created by a stack allocation
==793346== at 0x6B0A7D0: WebKit::NativeWebWheelEvent::NativeWebWheelEvent(WebKit::NativeWebWheelEvent const&) (NativeWebWheelEventGtk.cpp:57)
Unfortunately I don't see where it's coming from.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20210609/25ff487b/attachment.htm>
More information about the webkit-unassigned
mailing list