Bug 159352
| Summary: | [GTK] Uninitialized memory use ConservativeRoots | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Michael Catanzaro <mcatanzaro> |
| Component: | JavaScriptCore | Assignee: | Nobody <webkit-unassigned> |
| Status: | RESOLVED DUPLICATE | ||
| Severity: | Normal | CC: | benjamin, bugs-noreply, calvaris, mcatanzaro |
| Priority: | P2 | ||
| Version: | Other | ||
| Hardware: | PC | ||
| OS: | Linux | ||
Michael Catanzaro
I found this in a user's valgrind log:
==597== Conditional jump or move depends on uninitialised value(s)
==597== at 0x088268f5: _ZN3JSC17ConservativeRoots14genericAddSpanINS_17CompositeMarkHookEEEvPvS3_RT_ (in /usr/lib/libjavascriptcoregtk-4.0.so.18.3.11)
==597== by 0x0882604c: _ZN3JSC17ConservativeRoots3addEPvS1_RNS_17JITStubRoutineSetERNS_12CodeBlockSetE (in /usr/lib/libjavascriptcoregtk-4.0.so.18.3.11)
==597== by 0x0884a3f9: _ZN3JSC14MachineThreads23gatherConservativeRootsERNS_17ConservativeRootsERNS_17JITStubRoutineSetERNS_12CodeBlockSetEPvS7_RA1_13__jmp_buf_tag (in /usr/lib/libjavascriptcoregtk-4.0.so.18.3.11)
==597== by 0x0882b2d0: _ZN3JSC4Heap16gatherStackRootsERNS_17ConservativeRootsEPvS3_RA1_13__jmp_buf_tag (in /usr/lib/libjavascriptcoregtk-4.0.so.18.3.11)
==597== by 0x088420b2: _ZN3JSC4Heap9markRootsEdPvS1_RA1_13__jmp_buf_tag (in /usr/lib/libjavascriptcoregtk-4.0.so.18.3.11)
==597== by 0x088450d5: _ZN3JSC4Heap11collectImplENS_13HeapOperationEPvS2_RA1_13__jmp_buf_tag (in /usr/lib/libjavascriptcoregtk-4.0.so.18.3.11)
==597== by 0x08845387: _ZN3JSC4Heap7collectENS_13HeapOperationE (in /usr/lib/libjavascriptcoregtk-4.0.so.18.3.11)
==597== by 0x08829559: _ZN3JSC18GCActivityCallback6doWorkEv (in /usr/lib/libjavascriptcoregtk-4.0.so.18.3.11)
==597== by 0x088470e1: _ZN3JSC9HeapTimer12timerDidFireEv (in /usr/lib/libjavascriptcoregtk-4.0.so.18.3.11)
==597== by 0x08847118: ??? (in /usr/lib/libjavascriptcoregtk-4.0.so.18.3.11)
==597== by 0x0bbcbc89: g_main_context_dispatch (in /usr/lib/libglib-2.0.so.0.4800.1)
==597== by 0x0bbcc03f: ??? (in /usr/lib/libglib-2.0.so.0.4800.1)
==597==
==597== Use of uninitialised value of size 8
==597== at 0x08826ac6: _ZN3JSC17ConservativeRoots14genericAddSpanINS_17CompositeMarkHookEEEvPvS3_RT_ (in /usr/lib/libjavascriptcoregtk-4.0.so.18.3.11)
==597== by 0x0882604c: _ZN3JSC17ConservativeRoots3addEPvS1_RNS_17JITStubRoutineSetERNS_12CodeBlockSetE (in /usr/lib/libjavascriptcoregtk-4.0.so.18.3.11)
==597== by 0x0884a3f9: _ZN3JSC14MachineThreads23gatherConservativeRootsERNS_17ConservativeRootsERNS_17JITStubRoutineSetERNS_12CodeBlockSetEPvS7_RA1_13__jmp_buf_tag (in /usr/lib/libjavascriptcoregtk-4.0.so.18.3.11)
==597== by 0x0882b2d0: _ZN3JSC4Heap16gatherStackRootsERNS_17ConservativeRootsEPvS3_RA1_13__jmp_buf_tag (in /usr/lib/libjavascriptcoregtk-4.0.so.18.3.11)
==597== by 0x088420b2: _ZN3JSC4Heap9markRootsEdPvS1_RA1_13__jmp_buf_tag (in /usr/lib/libjavascriptcoregtk-4.0.so.18.3.11)
==597== by 0x088450d5: _ZN3JSC4Heap11collectImplENS_13HeapOperationEPvS2_RA1_13__jmp_buf_tag (in /usr/lib/libjavascriptcoregtk-4.0.so.18.3.11)
==597== by 0x08845387: _ZN3JSC4Heap7collectENS_13HeapOperationE (in /usr/lib/libjavascriptcoregtk-4.0.so.18.3.11)
==597== by 0x08829559: _ZN3JSC18GCActivityCallback6doWorkEv (in /usr/lib/libjavascriptcoregtk-4.0.so.18.3.11)
==597== by 0x088470e1: _ZN3JSC9HeapTimer12timerDidFireEv (in /usr/lib/libjavascriptcoregtk-4.0.so.18.3.11)
==597== by 0x08847118: ??? (in /usr/lib/libjavascriptcoregtk-4.0.so.18.3.11)
==597== by 0x0bbcbc89: g_main_context_dispatch (in /usr/lib/libglib-2.0.so.0.4800.1)
==597== by 0x0bbcc03f: ??? (in /usr/lib/libglib-2.0.so.0.4800.1)
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Benjamin Poulain
I don't see the issue: https://trac.webkit.org/browser/trunk/Source/JavaScriptCore/heap/ConservativeRoots.cpp#L69
Any chance you could get more information? Like which branch/cmove has the issue?
Michael Catanzaro
*** This bug has been marked as a duplicate of bug 182272 ***