[Webkit-unassigned] [Bug 235931] New: [libpas] get_num_free_bytes_for_each_heap_callback() is called with `arg` pointing to uninitialized stack memory
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Jan 31 17:26:34 PST 2022
https://bugs.webkit.org/show_bug.cgi?id=235931
Bug ID: 235931
Summary: [libpas] get_num_free_bytes_for_each_heap_callback()
is called with `arg` pointing to uninitialized stack
memory
Product: WebKit
Version: Other
Hardware: Unspecified
OS: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: bmalloc
Assignee: webkit-unassigned at lists.webkit.org
Reporter: ddkilzer at webkit.org
CC: ggaren at apple.com
In libpas, get_num_free_bytes_for_each_heap_callback() is called with `arg` pointing to uninitialized stack memory.
pas_all_heaps_get_num_free_bytes() is called and doesn't initialize `result` on the stack, then calls the following functions with a pointer to `result`:
- pas_all_heaps_for_each_heap(),
- pas_all_heaps_for_each_static_heap(),
- callback() / get_num_free_bytes_for_each_heap_callback().
Found by clang static analyzer.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20220201/5f4b4c8f/attachment.htm>
More information about the webkit-unassigned
mailing list