RESOLVED WORKSFORME128348
ASAN DRT crashes on empty page 
https://bugs.webkit.org/show_bug.cgi?id=128348
Summary ASAN DRT crashes on empty page
Myles C. Maxfield
Reported 2014-02-06 17:35:34 PST
mmaxfield:OpenSource mmaxfield$ DYLD_FRAMEWORK_PATH=/Volumes/Data/home/mmaxfield/Build/Release ~/Build/Release/DumpRenderTree ================================================================= ==49898==ERROR: AddressSanitizer: global-buffer-overflow on address 0x0001035de740 at pc 0x1036e6ebd bp 0x7fff5c69f560 sp 0x7fff5c69f530 READ of size 21 at 0x0001035de740 thread T0 #0 0x1036e6ebc (/Applications/Xcode.app/Contents/Developer/Toolchains/ASAN.xctoolchain/usr/lib/clang/3.5/lib/darwin/libclang_rt.asan_osx_dynamic.dylib+0x15ebc) #1 0x7fff8be1f1c1 (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x351c1) #2 0x7fff8bdf134a (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x734a) #3 0x7fff8be3984d (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x4f84d) #4 0x7fff8be5027e (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x6627e) #5 0x10357ef03 (/Volumes/Data/home/mmaxfield/Build/Release/DumpRenderTree+0x10001ef03) #6 0x10357e51b (/Volumes/Data/home/mmaxfield/Build/Release/DumpRenderTree+0x10001e51b) #7 0x7fff89a675f0 (/usr/lib/system/libdyld.dylib+0x35f0) 0x0001035de740 is located 32 bytes to the left of global variable '.str581' from '/Volumes/Data/home/mmaxfield/src/WebKit/OpenSource/Tools/DumpRenderTree/mac/DumpRenderTree.mm' (0x1035de760) of size 20 '.str581' is ascii string 'AppleHighlightColor' 0x0001035de740 is located 0 bytes inside of global variable '.str579' from '/Volumes/Data/home/mmaxfield/src/WebKit/OpenSource/Tools/DumpRenderTree/mac/DumpRenderTree.mm' (0x1035de740) of size 22 '.str579' is ascii string 'AppleAquaColorVariant' 0x0001035de740 is located 13 bytes to the right of global variable '.str577' from '/Volumes/Data/home/mmaxfield/src/WebKit/OpenSource/Tools/DumpRenderTree/mac/DumpRenderTree.mm' (0x1035de720) of size 19 '.str577' is ascii string 'AppleFontSmoothing' SUMMARY: AddressSanitizer: global-buffer-overflow ??:0 ?? Shadow bytes around the buggy address: 0x1000206bbc90: f9 f9 f9 f9 01 f9 f9 f9 06 f9 f9 f9 f9 f9 f9 f9 0x1000206bbca0: f9 02 f9 f9 f9 07 f9 f9 f9 f9 f9 f9 f9 f9 02 f9 0x1000206bbcb0: f9 03 f9 f9 f9 06 f9 f9 f9 05 f9 f9 f9 04 f9 f9 0x1000206bbcc0: f9 04 f9 f9 f9 01 f9 f9 f9 f9 f9 f9 00 05 f9 f9 0x1000206bbcd0: f9 f9 f9 f9 04 f9 f9 f9 f9 f9 04 f9 f9 f9 03 f9 =>0x1000206bbce0: f9 f9 f9 03 f9 f9 03 f9[f9]f9 06 f9 f9 f9 04 f9 0x1000206bbcf0: f9 f9 f9 03 f9 f9 f9 01 f9 f9 f9 03 f9 07 f9 f9 0x1000206bbd00: 03 f9 f9 f9 f9 f9 f9 f9 01 f9 f9 f9 f9 f9 f9 f9 0x1000206bbd10: f9 f9 06 f9 f9 f9 f9 03 f9 02 f9 f9 f9 03 f9 f9 0x1000206bbd20: 07 f9 f9 f9 f9 f9 f9 f9 07 f9 f9 f9 06 f9 f9 f9 0x1000206bbd30: f9 01 f9 f9 f9 f9 f9 f9 f9 05 f9 f9 f9 04 f9 f9 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Contiguous container OOB:fc ASan internal: fe ==49898==ABORTING
Attachments
Add attachment proposed patch, testcase, etc.
David Farler
Comment 1 2014-02-21 15:26:46 PST
Myles - is this still happening?
Myles C. Maxfield
Comment 2 2014-02-21 15:41:02 PST
Reopened so I can verify
Alexey Proskuryakov
Comment 3 2015-01-20 11:13:06 PST
DumpRenderTree runs the whole test suite now.
Note You need to log in before you can comment on or make changes to this bug.