Bug 244560

Summary:	Workaround ASAN false positive stack-use-after-scope in pas_fast_large_free_heap_try_allocate
Product:	WebKit	Reporter:	David Kilzer (:ddkilzer) <ddkilzer>
Component:	bmalloc	Assignee:	David Kilzer (:ddkilzer) <ddkilzer>
Status:	RESOLVED FIXED
Severity:	Normal	CC:	ggaren, webkit-bug-importer, ysuzuki
Priority:	P2	Keywords:	InRadar
Version:	Other
Hardware:	Unspecified
OS:	Unspecified
Bug Depends on:	236001
Bug Blocks:

David Kilzer (:ddkilzer)

Reported 2022-08-30 16:39:38 PDT

Workaround ASAN false positive stack-buffer-underflow in pas_fast_large_free_heap_try_allocate. Use the same workaround as Bug 236001. <rdar://97106809>

Attachments
Add attachment proposed patch, testcase, etc.

David Kilzer (:ddkilzer)

Comment 1 2022-08-30 16:46:44 PDT

These two tests will always crash when run without this workaround: LayoutTests/fast/selectors/nth-child-of-boundaries-2.html LayoutTests/fast/selectors/nth-child-of-boundaries-3.html

David Kilzer (:ddkilzer)

Comment 2 2022-08-30 16:50:39 PDT

Pull request: https://github.com/WebKit/WebKit/pull/3830

EWS

Comment 3 2022-08-30 20:02:55 PDT

Committed 253973@main (0427d190dce9): <https://commits.webkit.org/253973@main> Reviewed commits have been landed. Closing PR #3830 and removing active labels.

David Kilzer (:ddkilzer)

Comment 4 2022-09-01 16:45:35 PDT

Oops, this was a stack-use-after-scope, not a stack-buffer-overflow. Not sure how I typed the wrong issue in the original title!

Note You need to log in before you can comment on or make changes to this bug.