204107 2019-11-12 01:24:35 -0800 valgrind: Source and destination overlap in memcpy_chk() 2022-07-01 14:40:33 -0700 1 1 1 Unclassified WebKit WebCore Misc. Other Unspecified Unspecified NEW DoNotImportToRadar P2 Normal --- 1 mcrha webkit-unassigned bfulgham bugs-noreply mcatanzaro oldest_to_newest 1589478 0 mcrha 2019-11-12 01:24:35 -0800 I just noticed this when running WebKitWebProcess of 2.26.2 release under valgrind. It showed when starting evolution. ==9353== Thread 1: ==9353== Source and destination overlap in memcpy_chk(0x1ffeffc117, 0x1ffeffc116, 8) ==9353== at 0x4840960: __memcpy_chk (vg_replace_strmem.c:1595) ==9353== by 0x5E18C00: UnknownInlinedFun (string_fortified.h:40) ==9353== by 0x5E18C00: cssValueKeywordID<char16_t> (CSSPropertyParser.cpp:190) ==9353== by 0x5E18C00: WebCore::cssValueKeywordID(WTF::StringView) (CSSPropertyParser.cpp:208) ==9353== by 0x5E18D21: WebCore::CSSParserToken::id() const [clone .part.0] (CSSParserToken.cpp:310) ==9353== by 0x5E3B6AB: WebCore::CSSPropertyParser::consumeCSSWideKeyword(WebCore::CSSPropertyID, bool) (CSSPropertyParser.cpp:352) ==9353== by 0x5E471C9: WebCore::CSSPropertyParser::parseValueStart(WebCore::CSSPropertyID, bool) (CSSPropertyParser.cpp:317) ==9353== by 0x5E4748F: WebCore::CSSPropertyParser::parseValue(WebCore::CSSPropertyID, bool, WebCore::CSSParserTokenRange const&, WebCore::CSSParserContext const&, WTF::Vector<WebCore::CSSProperty, 256ul, WTF::CrashOnOverflow, 16ul>&, WebCore::StyleRuleBase::Type) (CSSPropertyParser.cpp:277) ==9353== by 0x5E0B390: WebCore::CSSParserImpl::consumeDeclarationValue(WebCore::CSSParserTokenRange, WebCore::CSSPropertyID, bool, WebCore::StyleRuleBase::Type) (CSSParserImpl.cpp:850) ==9353== by 0x5E0F5E6: WebCore::CSSParserImpl::consumeDeclaration(WebCore::CSSParserTokenRange, WebCore::StyleRuleBase::Type) (CSSParserImpl.cpp:833) ==9353== by 0x5E0FAA1: WebCore::CSSParserImpl::consumeDeclarationList(WebCore::CSSParserTokenRange, WebCore::StyleRuleBase::Type) (CSSParserImpl.cpp:771) ==9353== by 0x5E12141: WebCore::CSSParserImpl::consumeStyleRule(WebCore::CSSParserTokenRange, WebCore::CSSParserTokenRange) (CSSParserImpl.cpp:742) ==9353== by 0x5E124B6: WebCore::CSSParserImpl::consumeQualifiedRule(WebCore::CSSParserTokenRange&, WebCore::CSSParserImpl::AllowedRulesType) (CSSParserImpl.cpp:471) ==9353== by 0x5E141CE: consumeRuleList<WebCore::CSSParserImpl::parseStyleSheet(const WTF::String&, const WebCore::CSSParserContext&, WebCore::StyleSheetContents*, WebCore::CSSParser::RuleParsing)::<lambda(WTF::RefPtr<WebCore::StyleRuleBase>)> > (CSSParserImpl.cpp:385) ==9353== by 0x5E141CE: WebCore::CSSParserImpl::parseStyleSheet(WTF::String const&, WebCore::CSSParserContext const&, WebCore::StyleSheetContents*, WebCore::CSSParser::RuleParsing) (CSSParserImpl.cpp:247) ==9353== by 0x5DFE79E: WebCore::StyleSheetContents::parseString(WTF::String const&) (StyleSheetContents.cpp:347) ==9353== by 0x5D489B7: WebCore::parseUASheet(WTF::String const&) (CSSDefaultStyleSheets.cpp:114) ==9353== by 0x5D4D2F1: WebCore::CSSDefaultStyleSheets::loadFullDefaultStyle() (CSSDefaultStyleSheets.cpp:179) ==9353== by 0x5D4D825: WebCore::CSSDefaultStyleSheets::ensureDefaultStyleSheetsForElement(WebCore::Element const&) (CSSDefaultStyleSheets.cpp:207) ==9353== by 0x5DF5190: WebCore::StyleResolver::styleForElement(WebCore::Element const&, WebCore::RenderStyle const*, WebCore::RenderStyle const*, WebCore::RuleMatchingBehavior, WebCore::SelectorFilter const*) (StyleResolver.cpp:373) ==9353== by 0x5EAD978: WebCore::Document::styleForElementIgnoringPendingStylesheets(WebCore::Element&, WebCore::RenderStyle const*, WebCore::PseudoId) (Document.cpp:2120) ==9353== by 0x5EE7B03: WebCore::Element::resolveComputedStyle() (Element.cpp:3160) ==9353== by 0x5EE7E87: computedStyle (Element.cpp:3199) ==9353== by 0x5EE7E87: WebCore::Element::computedStyle(WebCore::PseudoId) (Element.cpp:3189) ==9353== by 0x6125AEF: WebCore::HTMLTitleElement::computedTextWithDirection() (HTMLTitleElement.cpp:84) ==9353== by 0x6125C5B: WebCore::HTMLTitleElement::childrenChanged(WebCore::ContainerNode::ChildChange const&) (HTMLTitleElement.cpp:72) ==9353== by 0x5E7FB13: executeNodeInsertionWithScriptAssertion<WebCore::ContainerNode::parserAppendChild(WebCore::Node&)::<lambda()> > (ContainerNode.cpp:204) ==9353== by 0x5E7FB13: WebCore::ContainerNode::parserAppendChild(WebCore::Node&) (ContainerNode.cpp:746) ==9353== by 0x61AC2FC: insert (HTMLConstructionSite.cpp:114) ==9353== by 0x61AC2FC: insert (HTMLConstructionSite.cpp:103) ==9353== by 0x61AC2FC: executeInsertTask (HTMLConstructionSite.cpp:121) ==9353== by 0x61AC2FC: executeTask (HTMLConstructionSite.cpp:175) ==9353== by 0x61AC2FC: WebCore::HTMLConstructionSite::insertTextNode(WTF::String const&, WebCore::WhitespaceMode) (HTMLConstructionSite.cpp:606) ==9353== by 0x61DDDEF: WebCore::HTMLTreeBuilder::processCharacterBuffer(WebCore::HTMLTreeBuilder::ExternalCharacterTokenBuffer&) (HTMLTreeBuilder.cpp:2421) ==9353== by 0x61DF50B: WebCore::HTMLTreeBuilder::processCharacter(WebCore::AtomicHTMLToken&&) (HTMLTreeBuilder.cpp:2191) ==9353== by 0x61DFC54: WebCore::HTMLTreeBuilder::constructTree(WebCore::AtomicHTMLToken&&) (HTMLTreeBuilder.cpp:350) ==9353== by 0x61B7190: WebCore::HTMLDocumentParser::constructTreeFromHTMLToken(WebCore::HTMLTokenizer::TokenPtr&) (HTMLDocumentParser.cpp:348) ==9353== by 0x61B7368: WebCore::HTMLDocumentParser::pumpTokenizerLoop(WebCore::HTMLDocumentParser::SynchronousMode, bool, WebCore::PumpSession&) (HTMLDocumentParser.cpp:285) ==9353== by 0x61B769A: WebCore::HTMLDocumentParser::pumpTokenizer(WebCore::HTMLDocumentParser::SynchronousMode) (HTMLDocumentParser.cpp:303) ==9353== by 0x61B8436: WebCore::HTMLDocumentParser::append(WTF::RefPtr<WTF::StringImpl, WTF::DumbPtrTraits<WTF::StringImpl> >&&) (HTMLDocumentParser.cpp:417) ==9353== by 0x5E96198: WebCore::DecodedDataDocumentParser::appendBytes(WebCore::DocumentWriter&, char const*, unsigned long) (DecodedDataDocumentParser.cpp:50) ==9353== by 0x62C5A96: WebCore::DocumentLoader::commitData(char const*, unsigned long) (DocumentLoader.cpp:1160) ==9353== by 0x53D5635: WebKit::WebFrameLoaderClient::committedLoad(WebCore::DocumentLoader*, char const*, int) (WebFrameLoaderClient.cpp:1094) ==9353== by 0x62C272E: WebCore::DocumentLoader::commitLoad(char const*, int) (DocumentLoader.cpp:1047) ==9353== by 0x6370304: notifyClientsDataWasReceived (CachedRawResource.cpp:136) ==9353== by 0x6370304: WebCore::CachedRawResource::notifyClientsDataWasReceived(char const*, unsigned int) (CachedRawResource.cpp:128) ==9353== by 0x6370675: updateBuffer (CachedRawResource.cpp:73) ==9353== by 0x6370675: WebCore::CachedRawResource::updateBuffer(WebCore::SharedBuffer&) (CachedRawResource.cpp:57) ==9353== by 0x633B427: WebCore::SubresourceLoader::didReceiveDataOrBuffer(char const*, int, WTF::RefPtr<WebCore::SharedBuffer, WTF::DumbPtrTraits<WebCore::SharedBuffer> >&&, long long, WebCore::DataPayloadType) (SubresourceLoader.cpp:481) ==9353== by 0x633B596: WebCore::SubresourceLoader::didReceiveData(char const*, unsigned int, long long, WebCore::DataPayloadType) (SubresourceLoader.cpp:449) ==9353== by 0x4F40B68: callMemberFunctionImpl<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(const IPC::DataReference&, long int), std::tuple<IPC::DataReference, long int>, 0, 1> (HandleMessage.h:41) ==9353== by 0x4F40B68: callMemberFunction<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(const IPC::DataReference&, long int), std::tuple<IPC::DataReference, long int> > (HandleMessage.h:47) ==9353== by 0x4F40B68: void IPC::handleMessage<Messages::WebResourceLoader::DidReceiveData, WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(IPC::DataReference const&, long)>(IPC::Decoder&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(IPC::DataReference const&, long)) (HandleMessage.h:120) ==9353== by 0x503E3F3: IPC::Connection::dispatchMessage(IPC::Decoder&) (Connection.cpp:939) ==9353== by 0x503F66C: IPC::Connection::dispatchMessage(std::unique_ptr<IPC::Decoder, std::default_delete<IPC::Decoder> >) (Connection.cpp:991) ==9353== by 0x504073E: IPC::Connection::dispatchOneIncomingMessage() (Connection.cpp:1060) ==9353== by 0xA01DD24: WTF::RunLoop::performWork() (in /usr/lib64/libjavascriptcoregtk-4.0.so.18.14.7) ==9353== by 0xA06A88C: ??? (in /usr/lib64/libjavascriptcoregtk-4.0.so.18.14.7) ==9353== by 0x89AB49F: g_main_dispatch (gmain.c:3179) ==9353== by 0x89AB49F: g_main_context_dispatch (gmain.c:3844) ==9353== by 0x89AB82F: g_main_context_iterate.isra.0 (gmain.c:3917) ==9353== by 0x89ABB22: g_main_loop_run (gmain.c:4111) ==9353== by 0xA06B2FF: WTF::RunLoop::run() (in /usr/lib64/libjavascriptcoregtk-4.0.so.18.14.7) ==9353== by 0x543DD29: int WebKit::AuxiliaryProcessMain<WebKit::WebProcess, WebKit::WebProcessMain>(int, char**) (AuxiliaryProcessMain.h:66)