[Webkit-unassigned] [Bug 236647] New: [GTK] valgrind claim: Source and destination overlap in memcpy_chk(0x1ffeff9c77, 0x1ffeff9c76, 8) from CSSPropertyParser.cpp:158

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Feb 15 06:56:56 PST 2022 

https://bugs.webkit.org/show_bug.cgi?id=236647

            Bug ID: 236647
           Summary: [GTK] valgrind claim: Source and destination overlap
                    in memcpy_chk(0x1ffeff9c77, 0x1ffeff9c76, 8) from
                    CSSPropertyParser.cpp:158
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebKitGTK
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: mcrha at redhat.com
                CC: bugs-noreply at webkitgtk.org

This is with webkit2gtk3-2.34.5-1.fc35.x86_64. While testing [1], valgrind showed (I also used `--undef-value-errors=no` to avoid flood of errors from the JavaScriptCore) the below warning:


==10894== Source and destination overlap in memcpy_chk(0x1ffeff9c77, 0x1ffeff9c76, 8)
==10894==    at 0x10084F292: __memcpy_chk (vg_replace_strmem.c:1723)
==10894==    by 0x1029115AD: UnknownInlinedFun (string_fortified.h:36)
==10894==    by 0x1029115AD: UnknownInlinedFun (CSSPropertyParser.cpp:158)
==10894==    by 0x1029115AD: WebCore::cssValueKeywordID(WTF::StringView) [clone .isra.0] (CSSPropertyParser.cpp:176)
==10894==    by 0x101B3741D: UnknownInlinedFun (CSSParserToken.cpp:346)
==10894==    by 0x101B3741D: WebCore::CSSParserToken::id() const (CSSParserToken.cpp:341)
==10894==    by 0x101B38D63: WebCore::maybeConsumeCSSWideKeyword(WebCore::CSSParserTokenRange&) [clone .lto_priv.0] (CSSPropertyParser.cpp:250)
==10894==    by 0x101B612F8: UnknownInlinedFun (CSSPropertyParser.cpp:338)
==10894==    by 0x101B612F8: WebCore::CSSPropertyParser::parseValueStart(WebCore::CSSPropertyID, bool) (CSSPropertyParser.cpp:305)
==10894==    by 0x101B62269: UnknownInlinedFun (CSSPropertyParser.cpp:239)
==10894==    by 0x101B62269: UnknownInlinedFun (CSSParserImpl.cpp:962)
==10894==    by 0x101B62269: WebCore::CSSParserImpl::consumeDeclaration(WebCore::CSSParserTokenRange, WebCore::StyleRuleType) (CSSParserImpl.cpp:943)
==10894==    by 0x101B62605: WebCore::CSSParserImpl::consumeDeclarationList(WebCore::CSSParserTokenRange, WebCore::StyleRuleType) (CSSParserImpl.cpp:866)
==10894==    by 0x101B63E96: UnknownInlinedFun (CSSParserImpl.cpp:837)
==10894==    by 0x101B63E96: WebCore::CSSParserImpl::consumeQualifiedRule(WebCore::CSSParserTokenRange&, WebCore::CSSParserImpl::AllowedRulesType) (CSSParserImpl.cpp:476)
==10894==    by 0x101B682D6: UnknownInlinedFun (CSSParserImpl.cpp:388)
==10894==    by 0x101B682D6: WebCore::CSSParserImpl::parseStyleSheet(WTF::String const&, WebCore::CSSParserContext const&, WebCore::StyleSheetContents&, WebCore::CSSParser::RuleParsing) (CSSParserImpl.cpp:249)
==10894==    by 0x101B68419: UnknownInlinedFun (CSSParser.cpp:70)
==10894==    by 0x101B68419: WebCore::StyleSheetContents::parseString(WTF::String const&) (StyleSheetContents.cpp:349)
==10894==    by 0x102376AD7: WebCore::Style::parseUASheet(WTF::String const&) (UserAgentStyle.cpp:104)
==10894==    by 0x10237C984: UnknownInlinedFun (UserAgentStyle.cpp:142)
==10894==    by 0x10237C984: UnknownInlinedFun (UserAgentStyle.cpp:130)
==10894==    by 0x10237C984: WebCore::Style::Resolver::Resolver(WebCore::Document&) (StyleResolver.cpp:100)
==10894==    by 0x10237CE83: UnknownInlinedFun (StyleResolver.cpp:92)
==10894==    by 0x10237CE83: UnknownInlinedFun (StyleScope.cpp:98)
==10894==    by 0x10237CE83: WebCore::Style::Scope::resolver() (StyleScope.cpp:86)
==10894==    by 0x101BBD3D2: UnknownInlinedFun (StyleTreeResolver.cpp:602)
==10894==    by 0x101BBD3D2: WebCore::Document::resolveStyle(WebCore::Document::ResolveStyleType) (Document.cpp:2100)
==10894==    by 0x101FE553F: UnknownInlinedFun (Document.cpp:2459)
==10894==    by 0x101FE553F: UnknownInlinedFun (Document.cpp:2444)
==10894==    by 0x101FE553F: UnknownInlinedFun (Document.cpp:2471)
==10894==    by 0x101FE553F: UnknownInlinedFun (Document.cpp:2462)
==10894==    by 0x101FE553F: WebCore::Frame::setDocument(WTF::RefPtr<WebCore::Document, WTF::RawPtrTraits<WebCore::Document>, WTF::DefaultRefDerefTraits<WebCore::Document> >&&) [clone .part.0] (Frame.cpp:306)
==10894==    by 0x101F0A541: UnknownInlinedFun (Frame.cpp:273)
==10894==    by 0x101F0A541: WebCore::DocumentWriter::begin(WTF::URL const&, bool, WebCore::Document*) (DocumentWriter.cpp:176)
==10894==    by 0x101EE5233: WebCore::DocumentLoader::commitData(unsigned char const*, unsigned long) (DocumentLoader.cpp:1288)
==10894==    by 0x101EE5FCB: WebCore::DocumentLoader::finishedLoading() (DocumentLoader.cpp:482)
==10894==    by 0x101EFFB7F: WebCore::DocumentLoader::maybeLoadEmpty() (DocumentLoader.cpp:2040)
==10894==    by 0x101F00013: WebCore::DocumentLoader::startLoadingMainResource() (DocumentLoader.cpp:2054)
==10894==    by 0x101F00426: WebCore::FrameLoader::init() (FrameLoader.cpp:345)
==10894==    by 0x1013450D6: WebKit::WebPage::WebPage(WTF::ObjectIdentifier<WebCore::PageIdentifierType>, WebKit::WebPageCreationParameters&&) (WebPage.cpp:692)
==10894==    by 0x101219A65: UnknownInlinedFun (WebPage.cpp:444)
==10894==    by 0x101219A65: WebKit::WebProcess::createWebPage(WTF::ObjectIdentifier<WebCore::PageIdentifierType>, WebKit::WebPageCreationParameters&&) (WebProcess.cpp:798)
==10894==    by 0x102841D65: UnknownInlinedFun (HandleMessage.h:43)
==10894==    by 0x102841D65: UnknownInlinedFun (HandleMessage.h:49)
==10894==    by 0x102841D65: void IPC::handleMessage<Messages::WebProcess::CreateWebPage, WebKit::WebProcess, void (WebKit::WebProcess::*)(WTF::ObjectIdentifier<WebCore::PageIdentifierType>, WebKit::WebPageCreationParameters&&)>(IPC::Decoder&, WebKit::WebProcess*, void (WebKit::WebProcess::*)(WTF::ObjectIdentifier<WebCore::PageIdentifierType>, WebKit::WebPageCreationParameters&&)) [clone .constprop.0] (HandleMessage.h:119)
==10894==    by 0x10107435E: UnknownInlinedFun (Connection.cpp:1058)
==10894==    by 0x10107435E: IPC::Connection::dispatchMessage(std::unique_ptr<IPC::Decoder, std::default_delete<IPC::Decoder> >) (Connection.cpp:1103)
==10894==    by 0x1010762C2: UnknownInlinedFun (Connection.cpp:1172)
==10894==    by 0x1010762C2: UnknownInlinedFun (Connection.cpp:1027)
==10894==    by 0x1010762C2: WTF::Detail::CallableWrapper<IPC::Connection::enqueueIncomingMessage(std::unique_ptr<IPC::Decoder, std::default_delete<IPC::Decoder> >)::{lambda()#1}, void>::call() (Function.h:53)
==10894==    by 0x104B036FC: WTF::RunLoop::performWork() (in /usr/lib64/libjavascriptcoregtk-4.0.so.18.19.10)
==10894==    by 0x104B535EC: ??? (in /usr/lib64/libjavascriptcoregtk-4.0.so.18.19.10)
==10894==    by 0x104B4D362: ??? (in /usr/lib64/libjavascriptcoregtk-4.0.so.18.19.10)
==10894==    by 0x1039C805E: g_main_context_dispatch (in /usr/lib64/libglib-2.0.so.0.7000.4)


The memcpy() documentation claims to use memmove() in case the buffers overlap.

[1] https://gitlab.gnome.org/GNOME/evolution/-/issues/1804#note_1385346

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20220215/5e1ac48a/attachment.htm>

More information about the webkit-unassigned mailing list