WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED DUPLICATE of
bug 182272
159352
[GTK] Uninitialized memory use ConservativeRoots
https://bugs.webkit.org/show_bug.cgi?id=159352
Summary
[GTK] Uninitialized memory use ConservativeRoots
Michael Catanzaro
Reported
2016-07-01 07:49:34 PDT
I found this in a user's valgrind log: ==597== Conditional jump or move depends on uninitialised value(s) ==597== at 0x088268f5: _ZN3JSC17ConservativeRoots14genericAddSpanINS_17CompositeMarkHookEEEvPvS3_RT_ (in /usr/lib/libjavascriptcoregtk-4.0.so.18.3.11) ==597== by 0x0882604c: _ZN3JSC17ConservativeRoots3addEPvS1_RNS_17JITStubRoutineSetERNS_12CodeBlockSetE (in /usr/lib/libjavascriptcoregtk-4.0.so.18.3.11) ==597== by 0x0884a3f9: _ZN3JSC14MachineThreads23gatherConservativeRootsERNS_17ConservativeRootsERNS_17JITStubRoutineSetERNS_12CodeBlockSetEPvS7_RA1_13__jmp_buf_tag (in /usr/lib/libjavascriptcoregtk-4.0.so.18.3.11) ==597== by 0x0882b2d0: _ZN3JSC4Heap16gatherStackRootsERNS_17ConservativeRootsEPvS3_RA1_13__jmp_buf_tag (in /usr/lib/libjavascriptcoregtk-4.0.so.18.3.11) ==597== by 0x088420b2: _ZN3JSC4Heap9markRootsEdPvS1_RA1_13__jmp_buf_tag (in /usr/lib/libjavascriptcoregtk-4.0.so.18.3.11) ==597== by 0x088450d5: _ZN3JSC4Heap11collectImplENS_13HeapOperationEPvS2_RA1_13__jmp_buf_tag (in /usr/lib/libjavascriptcoregtk-4.0.so.18.3.11) ==597== by 0x08845387: _ZN3JSC4Heap7collectENS_13HeapOperationE (in /usr/lib/libjavascriptcoregtk-4.0.so.18.3.11) ==597== by 0x08829559: _ZN3JSC18GCActivityCallback6doWorkEv (in /usr/lib/libjavascriptcoregtk-4.0.so.18.3.11) ==597== by 0x088470e1: _ZN3JSC9HeapTimer12timerDidFireEv (in /usr/lib/libjavascriptcoregtk-4.0.so.18.3.11) ==597== by 0x08847118: ??? (in /usr/lib/libjavascriptcoregtk-4.0.so.18.3.11) ==597== by 0x0bbcbc89: g_main_context_dispatch (in /usr/lib/libglib-2.0.so.0.4800.1) ==597== by 0x0bbcc03f: ??? (in /usr/lib/libglib-2.0.so.0.4800.1) ==597== ==597== Use of uninitialised value of size 8 ==597== at 0x08826ac6: _ZN3JSC17ConservativeRoots14genericAddSpanINS_17CompositeMarkHookEEEvPvS3_RT_ (in /usr/lib/libjavascriptcoregtk-4.0.so.18.3.11) ==597== by 0x0882604c: _ZN3JSC17ConservativeRoots3addEPvS1_RNS_17JITStubRoutineSetERNS_12CodeBlockSetE (in /usr/lib/libjavascriptcoregtk-4.0.so.18.3.11) ==597== by 0x0884a3f9: _ZN3JSC14MachineThreads23gatherConservativeRootsERNS_17ConservativeRootsERNS_17JITStubRoutineSetERNS_12CodeBlockSetEPvS7_RA1_13__jmp_buf_tag (in /usr/lib/libjavascriptcoregtk-4.0.so.18.3.11) ==597== by 0x0882b2d0: _ZN3JSC4Heap16gatherStackRootsERNS_17ConservativeRootsEPvS3_RA1_13__jmp_buf_tag (in /usr/lib/libjavascriptcoregtk-4.0.so.18.3.11) ==597== by 0x088420b2: _ZN3JSC4Heap9markRootsEdPvS1_RA1_13__jmp_buf_tag (in /usr/lib/libjavascriptcoregtk-4.0.so.18.3.11) ==597== by 0x088450d5: _ZN3JSC4Heap11collectImplENS_13HeapOperationEPvS2_RA1_13__jmp_buf_tag (in /usr/lib/libjavascriptcoregtk-4.0.so.18.3.11) ==597== by 0x08845387: _ZN3JSC4Heap7collectENS_13HeapOperationE (in /usr/lib/libjavascriptcoregtk-4.0.so.18.3.11) ==597== by 0x08829559: _ZN3JSC18GCActivityCallback6doWorkEv (in /usr/lib/libjavascriptcoregtk-4.0.so.18.3.11) ==597== by 0x088470e1: _ZN3JSC9HeapTimer12timerDidFireEv (in /usr/lib/libjavascriptcoregtk-4.0.so.18.3.11) ==597== by 0x08847118: ??? (in /usr/lib/libjavascriptcoregtk-4.0.so.18.3.11) ==597== by 0x0bbcbc89: g_main_context_dispatch (in /usr/lib/libglib-2.0.so.0.4800.1) ==597== by 0x0bbcc03f: ??? (in /usr/lib/libglib-2.0.so.0.4800.1)
Attachments
Add attachment
proposed patch, testcase, etc.
Benjamin Poulain
Comment 1
2016-07-03 22:04:27 PDT
I don't see the issue:
https://trac.webkit.org/browser/trunk/Source/JavaScriptCore/heap/ConservativeRoots.cpp#L69
Any chance you could get more information? Like which branch/cmove has the issue?
Michael Catanzaro
Comment 2
2018-06-30 06:55:00 PDT
*** This bug has been marked as a duplicate of
bug 182272
***
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug