[Webkit-unassigned] [Bug 248232] REGRESSION(2.39.1): gibberish text visible in blank placeholder tabs before first "real" page load
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Nov 22 14:01:41 PST 2022
https://bugs.webkit.org/show_bug.cgi?id=248232
--- Comment #3 from Michael Catanzaro <mcatanzaro at gnome.org> ---
Oooh, valgrind found it right away. Good job, valgrind! WebKit is missing a strdup() somewhere; it's using the original html string passed in by Epiphany after a run loop iteration without duplicating it, but WebKit doesn't own that string and Epiphany has correctly already freed it. Not sure where exactly the bug is yet.
==384967== Invalid read of size 8
==384967== at 0x484C35D: memmove (vg_replace_strmem.c:1398)
==384967== by 0x6B838E8: encode<IPC::Encoder> (ArgumentCoders.h:77)
==384967== by 0x6B838E8: operator<< <const WTF::Span<unsigned char const>&> (Encoder.h:72)
==384967== by 0x6B838E8: WebKit::LoadParameters::encode(IPC::Encoder&) const (LoadParameters.cpp:46)
==384967== by 0x6C62639: encode<IPC::Encoder> (ArgumentCoder.h:52)
==384967== by 0x6C62639: operator<< <const WebKit::LoadParameters&> (Encoder.h:72)
==384967== by 0x6C62639: encode<IPC::Encoder, 0> (ArgumentCoders.h:319)
==384967== by 0x6C62639: encode<IPC::Encoder> (ArgumentCoders.h:312)
==384967== by 0x6C62639: operator<< <const std::tuple<const WebKit::LoadParameters&>&> (Encoder.h:72)
==384967== by 0x6C62639: send<Messages::WebPage::LoadAlternateHTML> (MessageSender.h:48)
==384967== by 0x6C62639: send<Messages::WebPage::LoadAlternateHTML> (MessageSender.h:40)
==384967== by 0x6C62639: operator() (WebPageProxy.cpp:1733)
==384967== by 0x6C62639: WTF::Detail::CallableWrapper<WebKit::WebPageProxy::loadAlternateHTML(WTF::Span<unsigned char const, 18446744073709551615ul> const&, WTF::String const&, WTF::URL const&, WTF::URL const&, API::Object*)::{lambda()#1}, void>::call() (Function.h:53)
==384967== by 0x68E9503: Messages::NetworkProcess::AddAllowedFirstPartyForCookies::callReply(IPC::Decoder&, WTF::CompletionHandler<void ()>&&) (NetworkProcessMessageReceiver.cpp:147)
==384967== by 0x6C39B29: operator() (Connection.h:383)
==384967== by 0x6C39B29: WTF::Detail::CallableWrapper<IPC::Connection::makeAsyncReplyHandler<Messages::NetworkProcess::AddAllowedFirstPartyForCookies, WebKit::WebPageProxy::loadAlternateHTML(WTF::Span<unsigned char const, 18446744073709551615ul> const&, WTF::String const&, WTF::URL const&, WTF::URL const&, API::Object*)::{lambda()#1}>(WebKit::WebPageProxy::loadAlternateHTML(WTF::Span<unsigned char const, 18446744073709551615ul> const&, WTF::String const&, WTF::URL const&, WTF::URL const&, API::Object*)::{lambda()#1}&&, WTF::ThreadLikeAssertion)::{lambda(IPC::Decoder*)#1}, void, IPC::Decoder*>::call(IPC::Decoder*) (Function.h:53)
==384967== by 0x6BDFAF5: operator() (Function.h:82)
==384967== by 0x6BDFAF5: operator() (CompletionHandler.h:75)
==384967== by 0x6BDFAF5: operator() (AuxiliaryProcessProxy.cpp:219)
==384967== by 0x6BDFAF5: WTF::Detail::CallableWrapper<WebKit::AuxiliaryProcessProxy::sendMessage(WTF::UniqueRef<IPC::Encoder>&&, WTF::OptionSet<IPC::SendOption>, std::optional<IPC::Connection::AsyncReplyHandler>, WebKit::AuxiliaryProcessProxy::ShouldStartProcessThrottlerActivity)::{lambda(IPC::Decoder*)#2}, void, IPC::Decoder*>::call(IPC::Decoder*) (Function.h:53)
==384967== by 0x6B6F0EF: operator() (Function.h:82)
==384967== by 0x6B6F0EF: operator() (CompletionHandler.h:75)
==384967== by 0x6B6F0EF: IPC::Connection::dispatchMessage(IPC::Decoder&) (Connection.cpp:1180)
==384967== by 0x6B6F28C: IPC::Connection::dispatchMessage(std::unique_ptr<IPC::Decoder, std::default_delete<IPC::Decoder> >) (Connection.cpp:1242)
==384967== by 0x6B70A85: IPC::Connection::dispatchOneIncomingMessage() (Connection.cpp:1303)
==384967== by 0xB6A26DD: operator() (Function.h:82)
==384967== by 0xB6A26DD: WTF::RunLoop::performWork() (RunLoop.cpp:146)
==384967== by 0xB6FE138: WTF::RunLoop::RunLoop()::{lambda(void*)#1}::_FUN(void*) (RunLoopGLib.cpp:80)
==384967== by 0xB6FEA8E: operator() (RunLoopGLib.cpp:53)
==384967== by 0xB6FEA8E: WTF::RunLoop::{lambda(_GSource*, int (*)(void*), void*)#1}::_FUN(_GSource*, int (*)(void*), void*) (RunLoopGLib.cpp:56)
==384967== Address 0x54c47b20 is 0 bytes inside a block of size 128 free'd
==384967== at 0x48450E4: free (vg_replace_malloc.c:884)
==384967== by 0x4AC9A2D: g_free (gmem.c:229)
==384967== by 0x4933A42: ephy_web_view_set_placeholder (ephy-web-view.c:1742)
==384967== by 0x48D15CA: session_parse_embed (ephy-session.c:1293)
==384967== by 0x48D177E: session_start_element (ephy-session.c:1338)
==384967== by 0x4AC6287: emit_start_element (gmarkup.c:1066)
==384967== by 0x4AC6F46: g_markup_parse_context_parse (gmarkup.c:1425)
==384967== by 0x48D1C22: load_stream_read_cb (ephy-session.c:1492)
==384967== by 0x4C4D508: async_ready_callback_wrapper (ginputstream.c:565)
==384967== by 0x4C947BF: g_task_return_now (gtask.c:1259)
==384967== by 0x4C94814: complete_in_idle_cb (gtask.c:1273)
==384967== by 0x4AC35AD: g_idle_dispatch (gmain.c:6124)
==384967== Block was alloc'd at
==384967== at 0x484278A: malloc (vg_replace_malloc.c:392)
==384967== by 0x484770B: realloc (vg_replace_malloc.c:1451)
==384967== by 0x4AC99BA: g_realloc (gmem.c:201)
==384967== by 0x4AED57F: g_string_maybe_expand (gstring.c:92)
==384967== by 0x4AED5E5: g_string_sized_new (gstring.c:116)
==384967== by 0x4AED61D: g_string_new (gstring.c:137)
==384967== by 0x4AC8CCF: g_markup_vprintf_escaped (gmarkup.c:2547)
==384967== by 0x4AC8ECE: g_markup_printf_escaped (gmarkup.c:2636)
==384967== by 0x49339D2: ephy_web_view_set_placeholder (ephy-web-view.c:1738)
==384967== by 0x48D15CA: session_parse_embed (ephy-session.c:1293)
==384967== by 0x48D177E: session_start_element (ephy-session.c:1338)
==384967== by 0x4AC6287: emit_start_element (gmarkup.c:1066)
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20221122/c17d3afd/attachment-0001.htm>
More information about the webkit-unassigned
mailing list