RESOLVED FIXED 215976
[GTK] REGRESSION(r150392) insufficient space allocation results in heap corruption 
https://bugs.webkit.org/show_bug.cgi?id=215976
Summary [GTK] REGRESSION(r150392) insufficient space allocation results in heap corru...
Jim Mason
Reported 2020-08-29 02:17:37 PDT
The change introduced by the patch for 150392 fails to allocate enough space for the new RunLoopSource struct in the TimerBase ctor, resulting in a segmentation fault due to heap corruption: (gdb) bt #0 0x00007ffaa94e30d1 in _malloc_unlocked () at /lib/64/libc.so.1 #1 0x00007ffaa94e2f14 in malloc () at /lib/64/libc.so.1 #2 0x00007ffaa94caaef in calloc () at /lib/64/libc.so.1 #3 0x00007ffaa8f90189 in g_malloc0 () at /usr/lib/64/libglib-2.0.so.0 #4 0x00007ffaa8f864fb in g_source_new () at /usr/lib/64/libglib-2.0.so.0 #5 0x00007ffa9edcc6f4 in WTF::RunLoop::TimerBase::TimerBase(WTF::RunLoop&) ()
Attachments
Patch (1.30 KB, patch)
2020-08-29 02:18 PDT, Jim Mason 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Jim Mason
Comment 1 2020-08-29 02:18:44 PDT
Created attachment 407537 [details] Patch
Carlos Garcia Campos
Comment 2 2020-08-30 02:24:22 PDT
Comment on attachment 407537 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=407537&action=review Thanks! > Source/WTF/wtf/glib/RunLoopGLib.cpp:162 > - , m_source(adoptGRef(g_source_new(&RunLoop::s_runLoopSourceFunctions, sizeof(GSource)))) > + , m_source(adoptGRef(g_source_new(&RunLoop::s_runLoopSourceFunctions, sizeof(RunLoopSource)))) Oops, I forgot this one.
EWS
Comment 3 2020-08-30 02:40:47 PDT
Committed r266331: <https://trac.webkit.org/changeset/266331> All reviewed patches have been landed. Closing bug and clearing flags on attachment 407537 [details].
Note You need to log in before you can comment on or make changes to this bug.