312298 2026-04-14 12:21:08 -0700 Uninitialized memory write in WebCore::ContentExtensions::SerializedNFA::serialize 2026-05-01 06:24:19 -0700 1 1 1 Unclassified WebKit WebCore Misc. WebKit Nightly Build PC Linux RESOLVED FIXED InRadar P2 Normal --- 1 mcatanzaro cdumez webkit-bug-importer oldest_to_newest 2200307 0 mcatanzaro 2026-04-14 12:21:08 -0700 There is a decent chance this warning is a false positive, because sometimes when serializing a foobar it's just not a problem if some padding bytes are garbage, as the garbage will be ignored when they are deserialized. But we should still fix it in order to not trip valgrind. ==444078== Thread 20 ileSystem Queue: ==444078== Syscall param write(buf) points to uninitialised byte(s) ==444078== at 0x61EC5FD: write (write.c:26) ==444078== by 0xDF97C2A: WTF::FileSystemImpl::FileHandle::write(std::span<unsigned char const, 18446744073709551615ul>) (Source/WTF/wtf/posix/FileHandlePOSIX.cpp:63) ==444078== by 0xA13E20D: writeAllToFile<WTF::Vector<WebCore::ContentExtensions::ImmutableRange<char>, 0UL, WTF::UnsafeVectorOverflow, 16UL, WTF::FastMalloc> > (Source/WebCore/contentextensions/SerializedNFA.cpp:44) ==444078== by 0xA13E20D: WebCore::ContentExtensions::SerializedNFA::serialize(WebCore::ContentExtensions::NFA&&) (Source/WebCore/contentextensions/SerializedNFA.cpp:59) ==444078== by 0xA13D092: WebCore::ContentExtensions::NFAToDFA::convert(WebCore::ContentExtensions::NFA&&) (Source/WebCore/contentextensions/NFAToDFA.cpp:320) ==444078== by 0xA12ADB6: operator() (Source/WebCore/contentextensions/ContentExtensionCompiler.cpp:246) ==444078== by 0xA12ADB6: WTF::Detail::CallableWrapper<WebCore::ContentExtensions::compileToBytecode<WebCore::ContentExtensions::compileRuleList(WebCore::ContentExtensions::ContentExtensionCompilationClient&, WTF::String&&, WTF::Vector<WebCore::ContentExtensions::ContentExtensionRule, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&&)::$_0>(WebCore::ContentExtensions::CombinedURLFilters&&, WTF::HashSet<unsigned long, WTF::DefaultHash<unsigned long>, WTF::UnsignedWithZeroKeyHashTraits<unsigned long>, WTF::HashTableTraits, (WTF::ShouldValidateKey)1>&&, WebCore::ContentExtensions::compileRuleList(WebCore::ContentExtensions::ContentExtensionCompilationClient&, WTF::String&&, WTF::Vector<WebCore::ContentExtensions::ContentExtensionRule, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&&)::$_0)::{lambda(WebCore::ContentExtensions::NFA&&)#1}, bool, WebCore::ContentExtensions::NFA&&>::call(WebCore::ContentExtensions::NFA&&) (Function.h:59) ==444078== by 0xA113132: operator() (Function.h:103) ==444078== by 0xA113132: WebCore::ContentExtensions::CombinedURLFilters::processNFAs(unsigned long, WTF::Function<bool (WebCore::ContentExtensions::NFA&&)>&&) (Source/WebCore/contentextensions/CombinedURLFilters.cpp:445) ==444078== by 0xA11CEA9: compileToBytecode<(lambda at /home/mcatanzaro/Projects/WebKit/Source/WebCore/contentextensions/ContentExtensionCompiler.cpp:397:90)> (Source/WebCore/contentextensions/ContentExtensionCompiler.cpp:240) ==444078== by 0xA11CEA9: WebCore::ContentExtensions::compileRuleList(WebCore::ContentExtensions::ContentExtensionCompilationClient&, WTF::String&&, WTF::Vector<WebCore::ContentExtensions::ContentExtensionRule, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&&) (Source/WebCore/contentextensions/ContentExtensionCompiler.cpp:397) ==444078== by 0x8BEE8F8: compiledToFile (Source/WebKit/UIProcess/API/APIContentRuleListStore.cpp:416) ==444078== by 0x8BEE8F8: operator() (Source/WebKit/UIProcess/API/APIContentRuleListStore.cpp:618) ==444078== by 0x8BEE8F8: WTF::Detail::CallableWrapper<API::ContentRuleListStore::compileContentRuleListFile(WTF::String&&, WTF::String&&, WTF::String&&, WebCore::ContentExtensions::CSSSelectorsAllowed, WTF::CompletionHandler<void (WTF::RefPtr<API::ContentRuleList, WTF::RawPtrTraits<API::ContentRuleList>, WTF::DefaultRefDerefTraits<API::ContentRuleList> >, std::error_code)>)::$_0, void>::call() (Function.h:59) ==444078== by 0xDECF804: operator() (Source/WTF/wtf/Function.h:103) ==444078== by 0xDECF804: WTF::RunLoop::performWork() (Source/WTF/wtf/RunLoop.cpp:145) ==444078== Address 0x49aa03ba is 10 bytes inside a block of size 631,164 alloc'd ==444078== at 0x4841B26: malloc (vg_replace_malloc.c:447) ==444078== by 0xDFAD9A4: pas_system_heap_allocate(unsigned long, unsigned long, pas_allocation_mode) (Source/bmalloc/libpas/src/libpas/pas_system_heap.h:145) ==444078== by 0xA1292D3: malloc (FastMalloc.h:230) ==444078== by 0xA1292D3: allocateBuffer<(WTF::FailureAction)0> (Vector.h:235) ==444078== by 0xA1292D3: reserveCapacity<(WTF::FailureAction)0> (Vector.h:1371) ==444078== by 0xA1292D3: expandCapacity<(WTF::FailureAction)0> (Vector.h:1221) ==444078== by 0xA1292D3: WebCore::ContentExtensions::ImmutableRange<char>* WTF::Vector<WebCore::ContentExtensions::ImmutableRange<char>, 0ul, WTF::UnsafeVectorOverflow, 16ul, WTF::FastMalloc>::expandCapacity<(WTF::FailureAction)0>(unsigned long, WebCore::ContentExtensions::ImmutableRange<char>*) (Vector.h:1230) ==444078== by 0xA128E9F: appendSlowCase<(WTF::FailureAction)0, WebCore::ContentExtensions::ImmutableRange<char> > (Vector.h:1531) ==444078== by 0xA128E9F: append<(WTF::FailureAction)0, WebCore::ContentExtensions::ImmutableRange<char> > (Vector.h:1506) ==444078== by 0xA128E9F: append<WebCore::ContentExtensions::ImmutableRange<char> > (Vector.h:829) ==444078== by 0xA128E9F: append (Vector.h:827) ==444078== by 0xA128E9F: WebCore::ContentExtensions::ImmutableNFANodeBuilder<char, unsigned long>::sinkTransitions(WebCore::ContentExtensions::ImmutableNFANode&) (ImmutableNFANodeBuilder.h:198) ==444078== by 0xA1136C9: finalize (ImmutableNFANodeBuilder.h:176) ==444078== by 0xA1136C9: WebCore::ContentExtensions::ImmutableNFANodeBuilder<char, unsigned long>::~ImmutableNFANodeBuilder() (ImmutableNFANodeBuilder.h:71) ==444078== by 0xA112E39: generateSuffixWithReverseSuffixTree (Source/WebCore/contentextensions/CombinedURLFilters.cpp:301) ==444078== by 0xA112E39: generateNFAForSubtree (Source/WebCore/contentextensions/CombinedURLFilters.cpp:381) ==444078== by 0xA112E39: WebCore::ContentExtensions::CombinedURLFilters::processNFAs(unsigned long, WTF::Function<bool (WebCore::ContentExtensions::NFA&&)>&&) (Source/WebCore/contentextensions/CombinedURLFilters.cpp:442) ==444078== by 0xA11CEA9: compileToBytecode<(lambda at /home/mcatanzaro/Projects/WebKit/Source/WebCore/contentextensions/ContentExtensionCompiler.cpp:397:90)> (Source/WebCore/contentextensions/ContentExtensionCompiler.cpp:240) ==444078== by 0xA11CEA9: WebCore::ContentExtensions::compileRuleList(WebCore::ContentExtensions::ContentExtensionCompilationClient&, WTF::String&&, WTF::Vector<WebCore::ContentExtensions::ContentExtensionRule, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&&) (Source/WebCore/contentextensions/ContentExtensionCompiler.cpp:397) ==444078== by 0x8BEE8F8: compiledToFile (Source/WebKit/UIProcess/API/APIContentRuleListStore.cpp:416) ==444078== by 0x8BEE8F8: operator() (Source/WebKit/UIProcess/API/APIContentRuleListStore.cpp:618) ==444078== by 0x8BEE8F8: WTF::Detail::CallableWrapper<API::ContentRuleListStore::compileContentRuleListFile(WTF::String&&, WTF::String&&, WTF::String&&, WebCore::ContentExtensions::CSSSelectorsAllowed, WTF::CompletionHandler<void (WTF::RefPtr<API::ContentRuleList, WTF::RawPtrTraits<API::ContentRuleList>, WTF::DefaultRefDerefTraits<API::ContentRuleList> >, std::error_code)>)::$_0, void>::call() (Function.h:59) ==444078== by 0xDECF804: operator() (Source/WTF/wtf/Function.h:103) ==444078== by 0xDECF804: WTF::RunLoop::performWork() (Source/WTF/wtf/RunLoop.cpp:145) ==444078== by 0xDF949E8: operator() (Source/WTF/wtf/glib/RunLoopGLib.cpp:153) ==444078== by 0xDF949E8: WTF::RunLoop::RunLoop()::$_0::__invoke(void*) (Source/WTF/wtf/glib/RunLoopGLib.cpp:152) ==444078== by 0xDF93328: operator() (Source/WTF/wtf/glib/RunLoopGLib.cpp:116) ==444078== by 0xDF93328: WTF::RunLoop::$_3::__invoke(_GSource*, int (*)(void*), void*) (Source/WTF/wtf/glib/RunLoopGLib.cpp:89) ==444078== by 0x4D6D62B: g_main_dispatch (gmain.c:3591) ==444078== Uninitialised value was created by a stack allocation ==444078== at 0xA128D00: WebCore::ContentExtensions::ImmutableNFANodeBuilder<char, unsigned long>::sinkTransitions(WebCore::ContentExtensions::ImmutableNFANode&) (ImmutableNFANodeBuilder.h:190) 2202872 1 webkit-bug-importer 2026-04-21 12:22:11 -0700 <rdar://problem/175273937> 2206516 2 cdumez 2026-05-01 00:57:10 -0700 Pull request: https://github.com/WebKit/WebKit/pull/64034 2206555 3 ews-feeder 2026-05-01 06:24:17 -0700 Committed 312425@main (07918cccab88): <https://commits.webkit.org/312425@main> Reviewed commits have been landed. Closing PR #64034 and removing active labels.