Bug 218733 - REGRESSION (r269525): Many layout tests crash when run under ASan
Summary: REGRESSION (r269525): Many layout tests crash when run under ASan
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: Layout and Rendering (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Wenson Hsieh
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2020-11-09 18:38 PST by Wenson Hsieh
Modified: 2020-11-10 12:31 PST (History)
6 users (show)

See Also:

Attachments
Patch (32.23 KB, patch)
2020-11-09 20:17 PST, Wenson Hsieh 		no flags Details | Formatted Diff | Diff
roundUpToMultipleOf + remove some reinterpret_casts (31.03 KB, patch)
2020-11-10 10:59 PST, Wenson Hsieh 		thorton: review+
Details | Formatted Diff | Diff
Patch for landing (31.00 KB, patch)
2020-11-10 11:59 PST, Wenson Hsieh 		no flags Details | Formatted Diff | Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Wenson Hsieh 2020-11-09 18:38:17 PST 
<rdar://problem/71206273>
Comment 1 Wenson Hsieh 2020-11-09 20:17:52 PST Comment hidden (obsolete)
Comment 2 Wenson Hsieh 2020-11-10 10:59:07 PST 
Created attachment 413715 [details]
roundUpToMultipleOf + remove some reinterpret_casts
Comment 3 Tim Horton 2020-11-10 11:10:34 PST 
Comment on attachment 413715 [details]
roundUpToMultipleOf + remove some reinterpret_casts

View in context: https://bugs.webkit.org/attachment.cgi?id=413715&action=review

> Source/WebCore/platform/graphics/displaylists/DisplayListItemBuffer.cpp:558
> +    auto itemLocation = destination.data + sizeof(uint64_t);

offset?

> Source/WebCore/platform/graphics/displaylists/DisplayListItemBuffer.h:80
> -        return *reinterpret_cast<T*>(&data[sizeof(ItemType)]);
> +        return *reinterpret_cast<T*>(&data[sizeof(uint64_t)]);

Didn't want to just inflate ItemType? I guess that's OK
Comment 4 Wenson Hsieh 2020-11-10 11:25:10 PST 
Comment on attachment 413715 [details]
roundUpToMultipleOf + remove some reinterpret_casts

View in context: https://bugs.webkit.org/attachment.cgi?id=413715&action=review

>> Source/WebCore/platform/graphics/displaylists/DisplayListItemBuffer.cpp:558
>> +    auto itemLocation = destination.data + sizeof(uint64_t);
> 
> offset?

Renamed!

>> Source/WebCore/platform/graphics/displaylists/DisplayListItemBuffer.h:80
>> +        return *reinterpret_cast<T*>(&data[sizeof(uint64_t)]);
> 
> Didn't want to just inflate ItemType? I guess that's OK

Interesting. I suppose I could!

I wasn't sure if it made sense to make ItemType itself larger for the sake of aligning item data to 8 bytes…(for instance, if another data structure wants to keep just a list of item types, it would end up being much larger than necessary. But perhaps that's not really an issue, seeing as there's already padding after each type in the item buffer itself).
Comment 5 Wenson Hsieh 2020-11-10 11:59:38 PST 
Created attachment 413720 [details]
Patch for landing
Comment 6 EWS 2020-11-10 12:31:09 PST 
Committed r269640: <https://trac.webkit.org/changeset/269640>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 413720 [details].