Bug 209468

Summary: valgrind claims uninitialized memory when opening inspector (WebKit::InspectorBrowserAgent::enable(WTF::String&))
Product: WebKit Reporter: Milan Crha <mcrha>
Component: WebKitGTKAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: bugs-noreply, cgarcia, hi, mcatanzaro
Priority: P2    
Version: Other   
Hardware: Unspecified   
OS: Unspecified   
See Also: https://bugs.webkit.org/show_bug.cgi?id=248293
Attachments:
Description Flags
Patch mcatanzaro: review+

Milan Crha
Reported 2020-03-24 02:33:04 PDT
I'm currently at r258908, but I noticed this earlier, using WebKitGTK+. Steps: a) run MiniBrowser under valgrind $ export GIGACAGE_ENABLED=0 $ G_SLICE=always-malloc valgrind --show-leak-kinds=definite --num-callers=30 --leak-check=no --aspace-minaddr=0x100000000 --track-origins=yes ./MiniBrowser b) right-click in the body and pick "Inspect Element" This shows on console: ==16894== Conditional jump or move depends on uninitialised value(s) ==16894== at 0x10123C193: WebKit::InspectorBrowserAgent::enable(WTF::String&) (InspectorBrowserAgent.cpp:69) ==16894== by 0x104FA215D: Inspector::BrowserBackendDispatcher::enable(long, WTF::RefPtr<WTF::JSONImpl::Object, WTF::DumbPtrTraits<WTF::JSONImpl::Object> >&&) (InspectorBackendDispatchers.cpp:560) ==16894== by 0x104FA1F7B: Inspector::BrowserBackendDispatcher::dispatch(long, WTF::String const&, WTF::Ref<WTF::JSONImpl::Object, WTF::DumbPtrTraits<WTF::JSONImpl::Object> >&&) (InspectorBackendDispatchers.cpp:542) ==16894== by 0x104F9E609: Inspector::BackendDispatcher::dispatch(WTF::String const&) (InspectorBackendDispatcher.cpp:180) ==16894== by 0x100F4C215: callMemberFunctionImpl<WebKit::WebInspectorProxy, void (WebKit::WebInspectorProxy::*)(const WTF::String &), std::tuple<WTF::String>, 0> (HandleMessage.h:41) ==16894== by 0x100F4C215: callMemberFunction<WebKit::WebInspectorProxy, void (WebKit::WebInspectorProxy::*)(const WTF::String &), std::tuple<WTF::String>, std::integer_sequence<unsigned long, 0> > (HandleMessage.h:47) ==16894== by 0x100F4C215: handleMessage<Messages::WebInspectorProxy::SendMessageToBackend, WebKit::WebInspectorProxy, void (WebKit::WebInspectorProxy::*)(const WTF::String &)> (HandleMessage.h:114) ==16894== by 0x100F4C215: WebKit::WebInspectorProxy::didReceiveMessage(IPC::Connection&, IPC::Decoder&) (WebInspectorProxyMessageReceiver.cpp:55) ==16894== by 0x101082B4A: IPC::MessageReceiverMap::dispatchMessage(IPC::Connection&, IPC::Decoder&) (MessageReceiverMap.cpp:123) ==16894== by 0x101162059: didReceiveMessage (WebProcessProxy.cpp:751) ==16894== by 0x101162059: non-virtual thunk to WebKit::WebProcessProxy::didReceiveMessage(IPC::Connection&, IPC::Decoder&) (WebProcessProxy.cpp:0) ==16894== by 0x10107B86A: IPC::Connection::dispatchMessage(std::unique_ptr<IPC::Decoder, std::default_delete<IPC::Decoder> >) (Connection.cpp:1077) ==16894== by 0x10107AD2A: IPC::Connection::dispatchIncomingMessages() (Connection.cpp:1181) ==16894== by 0x105650358: operator() (Lock.h:84) ==16894== by 0x105650358: WTF::RunLoop::performWork() (RunLoop.cpp:119) ==16894== by 0x10569FA15: operator() (RunLoopGLib.cpp:68) ==16894== by 0x10569FA15: WTF::RunLoop::RunLoop()::$_0::__invoke(void*) (RunLoopGLib.cpp:67) ==16894== by 0x10413A139: g_main_dispatch (gmain.c:3202) ==16894== by 0x10413B02F: g_main_context_dispatch (gmain.c:3867) ==16894== by 0x10413B214: g_main_context_iterate (gmain.c:3940) ==16894== by 0x10413B63B: g_main_loop_run (gmain.c:4136) ==16894== by 0x1037881AC: gtk_main (gtkmain.c:1323) ==16894== by 0x416539: main (main.c:649) ==16894== Uninitialised value was created by a heap allocation ==16894== at 0x10083880B: malloc (vg_replace_malloc.c:309) ==16894== by 0x105642525: WTF::fastMalloc(unsigned long) (FastMalloc.cpp:201) ==16894== by 0x10110F05D: operator new (WebPageInspectorController.h:49) ==16894== by 0x10110F05D: make_unique<WebKit::WebPageInspectorController, WebKit::WebPageProxy &> (unique_ptr.h:849) ==16894== by 0x10110F05D: makeUnique<WebKit::WebPageInspectorController, WebKit::WebPageProxy &> (StdLibExtras.h:483) ==16894== by 0x10110F05D: WebKit::WebPageProxy::WebPageProxy(WebKit::PageClient&, WebKit::WebProcessProxy&, WTF::Ref<API::PageConfiguration, WTF::DumbPtrTraits<API::PageConfiguration> >&&) (WebPageProxy.cpp:476) ==16894== by 0x10115AF50: create (WebPageProxy.cpp:428) ==16894== by 0x10115AF50: createWebPage (WebProcessProxy.cpp:465) ==16894== by 0x10115AF50: WebKit::WebProcessPool::createWebPage(WebKit::PageClient&, WTF::Ref<API::PageConfiguration, WTF::DumbPtrTraits<API::PageConfiguration> >&&) (WebProcessPool.cpp:1288) ==16894== by 0x10120D27E: webkitWebViewBaseCreateWebPage(_WebKitWebViewBase*, WTF::Ref<API::PageConfiguration, WTF::DumbPtrTraits<API::PageConfiguration> >&&) (WebKitWebViewBase.cpp:1503) ==16894== by 0x1011EA75D: webkitWebContextCreatePageForWebView(_WebKitWebContext*, _WebKitWebView*, _WebKitUserContentManager*, _WebKitWebView*) (WebKitWebContext.cpp:1818) ==16894== by 0x1011F6D0D: webkitWebViewConstructed(_GObject*) (WebKitWebView.cpp:758) ==16894== by 0x10409D3A0: g_object_new_internal (gobject.c:1999) ==16894== by 0x10409E138: g_object_new_valist (gobject.c:2287) ==16894== by 0x10409CE0D: g_object_new (gobject.c:1797) ==16894== by 0x41694E: createBrowserTab (main.c:81) ==16894== by 0x4164B6: main (main.c:632)
Attachments
Patch (1.30 KB, patch)
2020-07-16 06:25 PDT, Carlos Garcia Campos 		mcatanzaro: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Carlos Garcia Campos
Comment 1 2020-07-16 06:24:26 PDT
I can't reproduce this now because valgrind is not working for me now, but I'm pretty sure it's m_targetAgent not initialized in WebPageInspectorController constructor. I'll submit a patch.
Carlos Garcia Campos
Comment 2 2020-07-16 06:25:55 PDT
Created attachment 404437 [details] Patch
Carlos Garcia Campos
Comment 3 2020-07-20 01:24:59 PDT
Committed r264592: <https://trac.webkit.org/changeset/264592>
Note You need to log in before you can comment on or make changes to this bug.