Bug 161427

Summary: [JSC] AbstractValue can contain padding which is not zero-filled
Product: WebKit Reporter: Yusuke Suzuki <ysuzuki>
Component: New BugsAssignee: Yusuke Suzuki <ysuzuki>
Status: RESOLVED FIXED    
Severity: Normal CC: cgarcia, commit-queue, keith_miller, mark.lam, msaboff, saam
Priority: P2    
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Bug Depends on:    
Bug Blocks: 161268, 161308    
Attachments:
Description Flags
Patch
none
Patch
none
Patch none

Yusuke Suzuki
Reported 2016-08-30 23:06:38 PDT
[JSC][GTK] AbstractValue can contain padding which is not zero-filled
Attachments
Patch (3.21 KB, patch)
2016-08-30 23:11 PDT, Yusuke Suzuki 		no flags
DetailsFormatted DiffDiff
Patch (3.24 KB, patch)
2016-08-30 23:26 PDT, Yusuke Suzuki 		no flags
DetailsFormatted DiffDiff
Patch (3.31 KB, patch)
2016-08-30 23:31 PDT, Yusuke Suzuki 		no flags
DetailsFormatted DiffDiff
Show Obsolete (2) View All Add attachment proposed patch, testcase, etc.
Yusuke Suzuki
Comment 1 2016-08-30 23:11:29 PDT
Created attachment 287489 [details] Patch
Carlos Garcia Campos
Comment 2 2016-08-30 23:22:25 PDT
Note that this is not GTK+ specific, JSCOnly compiled with GCC also fails, so it's more GCC vs clang issue.
Yusuke Suzuki
Comment 3 2016-08-30 23:26:19 PDT
Created attachment 287493 [details] Patch
Yusuke Suzuki
Comment 4 2016-08-30 23:26:44 PDT
(In reply to comment #2) > Note that this is not GTK+ specific, JSCOnly compiled with GCC also fails, > so it's more GCC vs clang issue. Renamed the issue & ChangeLog :)
Carlos Garcia Campos
Comment 5 2016-08-30 23:27:17 PDT
Comment on attachment 287489 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=287489&action=review Thanks for working on this! > Source/JavaScriptCore/ChangeLog:12 > + So debug assertion fails in GTK port. So debug assertion fails when building with GCC. > Source/JavaScriptCore/dfg/DFGAbstractValue.cpp:547 > +void AbstractValue::ensureCanInitializeWithZeros() > +{ > + std::aligned_storage<sizeof(AbstractValue), alignof(AbstractValue)>::type zeroFilledStorage; > + memset(static_cast<void*>(&zeroFilledStorage), 0, sizeof(AbstractValue)); > + ASSERT(*this == *static_cast<AbstractValue*>(static_cast<void*>(&zeroFilledStorage))); > +} This is only used inside a #if USE(JSVALUE64) && !defined(NDEBUG) block, so maybe it should be defined using the same #if. > Source/JavaScriptCore/dfg/DFGAbstractValue.h:461 > + void ensureCanInitializeWithZeros(); Ditto.
Yusuke Suzuki
Comment 6 2016-08-30 23:31:06 PDT
Created attachment 287495 [details] Patch
Yusuke Suzuki
Comment 7 2016-08-30 23:31:18 PDT
Comment on attachment 287489 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=287489&action=review >> Source/JavaScriptCore/ChangeLog:12 >> + So debug assertion fails in GTK port. > > So debug assertion fails when building with GCC. Thanks. Fixed. >> Source/JavaScriptCore/dfg/DFGAbstractValue.cpp:547 >> +} > > This is only used inside a #if USE(JSVALUE64) && !defined(NDEBUG) block, so maybe it should be defined using the same #if. OK, wrapped. >> Source/JavaScriptCore/dfg/DFGAbstractValue.h:461 >> + void ensureCanInitializeWithZeros(); > > Ditto. Done.
Saam Barati
Comment 8 2016-08-31 08:19:16 PDT
Comment on attachment 287495 [details] Patch r=me
Yusuke Suzuki
Comment 9 2016-08-31 08:45:03 PDT
Comment on attachment 287495 [details] Patch Thanks!
WebKit Commit Bot
Comment 10 2016-08-31 10:02:12 PDT
Comment on attachment 287495 [details] Patch Clearing flags on attachment: 287495 Committed r205254: <http://trac.webkit.org/changeset/205254>
WebKit Commit Bot
Comment 11 2016-08-31 10:02:21 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.