Bug 272363

Summary: Regression(277164@main) Crash under UserAgentStyle::initDefaultStyleSheet()
Product: WebKit Reporter: Chris Dumez <cdumez>
Component: WebCore Misc.Assignee: Chris Dumez <cdumez>
Status: RESOLVED FIXED    
Severity: Normal CC: pgriffis, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Bug Depends on:    
Bug Blocks: 272269    

Chris Dumez
Reported 2024-04-08 18:09:17 PDT
Regression(277164@main) Crash under UserAgentStyle::initDefaultStyleSheet() on ASAN bots: ``` "==43907==ERROR: AddressSanitizer: global-buffer-overflow on address 0x771f33f7974a at pc 0x771f36668402 bp 0x7ffd49cbbe00 sp 0x7ffd49cbb5a8 READ of size 27339 at 0x771f33f7974a thread T0 #0 0x771f36668401 in __interceptor_strlen ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:461 #1 0x771f236ca53a in WTF::String WTF::makeString<char const*, WTF::String>(char const*, WTF::String) (/home/androueru/WebKit/WebKitBuild/GTK/Release/lib/lib webkitgtk-6.0.so.4+0x26ca53a) (BuildId: 4deecf8f64119fc2a832f1aee8968fde1be1c948) #2 0x771f31944889 in WebCore::Style::UserAgentStyle::initDefaultStyleSheet() (/home/androueru/WebKit/WebKitBuild/GTK/Release/lib/libwebkitgtk-6.0.so.4+0x109 44889) (BuildId: 4deecf8f64119fc2a832f1aee8968fde1be1c948) #3 0x771f318e15c4 in WebCore::Style::Resolver::initialize() (/home/androueru/WebKit/WebKitBuild/GTK/Release/lib/libwebkitgtk-6.0.so.4+0x108e15c4) (BuildId: 4deecf8f64119fc2a832f1aee8968fde1be1c948)" ```
Attachments
Add attachment proposed patch, testcase, etc.
Chris Dumez
Comment 1 2024-04-08 18:15:42 PDT
Pull request: https://github.com/WebKit/WebKit/pull/27004
EWS
Comment 2 2024-04-08 21:07:20 PDT
Committed 277231@main (ad622ae6c2eb): <https://commits.webkit.org/277231@main> Reviewed commits have been landed. Closing PR #27004 and removing active labels.
Radar WebKit Bug Importer
Comment 3 2024-04-08 21:08:14 PDT
<rdar://problem/126113659>
Note You need to log in before you can comment on or make changes to this bug.