[Webkit-unassigned] [Bug 281565] New: Use after free in ProcessLauncher::launchProcess()
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Oct 16 01:49:12 PDT 2024
https://bugs.webkit.org/show_bug.cgi?id=281565
Bug ID: 281565
Summary: Use after free in ProcessLauncher::launchProcess()
Product: WebKit
Version: WebKit Nightly Build
Hardware: All
OS: Linux
Status: NEW
Severity: Normal
Priority: P2
Component: WebKitGTK
Assignee: webkit-unassigned at lists.webkit.org
Reporter: mgorse at suse.com
CC: bugs-noreply at webkitgtk.org
WxPython's WebKit-related tests are failing on Tumbleweed under i586 after R283414, and running epiphany often crashes for me, but only on i586. But valgrind reports a use after free even on x86_64; I suspect it is related:
Invalid read of size 8
at 0x69D5D57: UnknownInlinedFun (ProcessLauncherGLib.cpp:265)
by 0x69D5D57: WTF::Detail::CallableWrapper<WebKit::ProcessLauncher::launchProcess()::{lambda(GIOCondition)#1}, int, GIOCondition>::call(GIOCondition) (Function.h:53)
...
Address 0x54989340 is 16 bytes inside a block of size 32 free'd
at 0x484A75B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
by 0xBA12477: bmalloc_heap_config_specialized_try_deallocate_not_small_exclusive_segregated (in /usr/lib64/libjavascriptcoregtk-6.0.so.1.3.10)
by 0x69D5D56: UnknownInlinedFun (ProcessLauncherGLib.cpp:263)
by 0x69D5D56: WTF::Detail::CallableWrapper<WebKit::ProcessLauncher::launchProcess()::{lambda(GIOCondition)#1}, int, GIOCondition>::call(GIOCondition) (Function.h:53)
by 0x4A6F5C6: ??? (in /usr/lib64/libgio-2.0.so.0.8200.1)
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20241016/528f6efc/attachment.htm>
More information about the webkit-unassigned
mailing list