[Webkit-unassigned] [Bug 242517] WebCore::Document::createDOMWindow() Conditional jump or move depends on uninitialised value(s)
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Jul 8 12:47:56 PDT 2022
https://bugs.webkit.org/show_bug.cgi?id=242517
Darin Adler <darin at apple.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |darin at apple.com
--- Comment #1 from Darin Adler <darin at apple.com> ---
This is because the deleted value for a GlobalWindowIdentifier sets the windowIdentifier but not the processIdentifier. Then we do a comparison and we don’t care that if the processIdentifier is uninitialized, because we know the windowIdentifier won’t be equal. We could quiet valgrind by changing HashTraits<WebCore::GlobalWindowIdentifier>::constructDeletedValue to initialize processIdentifier too, not just windowIdentifier, which would have a small but likely negligible performance cost, and no other effect on behavior.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20220708/82f015ab/attachment-0001.htm>
More information about the webkit-unassigned
mailing list