Bug 281565
| Summary: | Use after free in ProcessLauncher::launchProcess() | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Mike Gorse <mgorse> |
| Component: | WebKitGTK | Assignee: | Nobody <webkit-unassigned> |
| Status: | RESOLVED DUPLICATE | ||
| Severity: | Normal | CC: | bugs-noreply, mcatanzaro |
| Priority: | P2 | ||
| Version: | WebKit Nightly Build | ||
| Hardware: | All | ||
| OS: | Linux | ||
Mike Gorse
WxPython's WebKit-related tests are failing on Tumbleweed under i586 after R283414, and running epiphany often crashes for me, but only on i586. But valgrind reports a use after free even on x86_64; I suspect it is related:
Invalid read of size 8
at 0x69D5D57: UnknownInlinedFun (ProcessLauncherGLib.cpp:265)
by 0x69D5D57: WTF::Detail::CallableWrapper<WebKit::ProcessLauncher::launchProcess()::{lambda(GIOCondition)#1}, int, GIOCondition>::call(GIOCondition) (Function.h:53)
...
Address 0x54989340 is 16 bytes inside a block of size 32 free'd
at 0x484A75B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
by 0xBA12477: bmalloc_heap_config_specialized_try_deallocate_not_small_exclusive_segregated (in /usr/lib64/libjavascriptcoregtk-6.0.so.1.3.10)
by 0x69D5D56: UnknownInlinedFun (ProcessLauncherGLib.cpp:263)
by 0x69D5D56: WTF::Detail::CallableWrapper<WebKit::ProcessLauncher::launchProcess()::{lambda(GIOCondition)#1}, int, GIOCondition>::call(GIOCondition) (Function.h:53)
by 0x4A6F5C6: ??? (in /usr/lib64/libgio-2.0.so.0.8200.1)
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Michael Catanzaro
*** This bug has been marked as a duplicate of bug 281495 ***