Bug 226824 - [GTK] Unitialized memory read from NativeWebWheelEvent
Summary: [GTK] Unitialized memory read from NativeWebWheelEvent
Status: NEW
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebKitGTK (show other bugs)
Version: WebKit Nightly Build
Hardware: PC Linux
: P2 Normal
Assignee: Nobody
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2021-06-09 09:17 PDT by Michael Catanzaro
Modified: 2021-06-09 09:17 PDT (History)
1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Michael Catanzaro 2021-06-09 09:17:28 PDT 
==793346== Syscall param sendmsg(msg.msg_iov[1]) points to uninitialised byte(s)
==793346==    at 0x5990ACD: sendmsg (in /usr/lib64/libc-2.33.so)
==793346==    by 0x6AA9F03: IPC::Connection::sendOutputMessage(IPC::UnixMessage&) (ConnectionUnix.cpp:536)
==793346==    by 0x6AABE99: IPC::Connection::sendOutgoingMessage(WTF::UniqueRef<IPC::Encoder>&&) (ConnectionUnix.cpp:454)
==793346==    by 0x6A99047: IPC::Connection::sendOutgoingMessages() [clone .part.0] (Connection.cpp:932)
==793346==    by 0xA940735: operator() (Function.h:82)
==793346==    by 0xA940735: WTF::RunLoop::performWork() (RunLoop.cpp:133)
==793346==    by 0xA995928: operator() (RunLoopGLib.cpp:80)
==793346==    by 0xA995928: WTF::RunLoop::RunLoop()::{lambda(void*)#1}::_FUN(void*) (RunLoopGLib.cpp:82)
==793346==    by 0xA99625E: operator() (RunLoopGLib.cpp:53)
==793346==    by 0xA99625E: WTF::RunLoop::{lambda(_GSource*, int (*)(void*), void*)#1}::_FUN(_GSource*, int (*)(void*), void*) (RunLoopGLib.cpp:56)
==793346==    by 0x55FAE37: g_main_dispatch (gmain.c:3344)
==793346==    by 0x55FBD8A: g_main_context_dispatch (gmain.c:4062)
==793346==    by 0x55FBF76: g_main_context_iterate (gmain.c:4138)
==793346==    by 0x55FC413: g_main_loop_run (gmain.c:4336)
==793346==    by 0xA99637F: WTF::RunLoop::run() (RunLoopGLib.cpp:108)
==793346==  Address 0xf86453a is 74 bytes inside a block of size 576 alloc'd
==793346==    at 0x484086F: malloc (vg_replace_malloc.c:380)
==793346==    by 0xA99C33A: bmalloc::DebugHeap::malloc(unsigned long, bmalloc::FailureAction) (DebugHeap.cpp:98)
==793346==    by 0x6B3F26B: operator new (Encoder.h:44)
==793346==    by 0x6B3F26B: WTF::UniqueRef<IPC::Encoder> WTF::makeUniqueRefWithoutFastMallocCheck<IPC::Encoder, IPC::MessageName, unsigned long&>(IPC::MessageName&&, unsigned long&) [clone .isra.0] (UniqueRef.h:38)
==793346==    by 0x6B475C2: makeUniqueRef<IPC::Encoder, IPC::MessageName, long unsigned int&> (UniqueRef.h:45)
==793346==    by 0x6B475C2: send<Messages::EventDispatcher::WheelEvent> (MessageSender.h:47)
==793346==    by 0x6B475C2: WebKit::WebPageProxy::sendWheelEvent(WebKit::WebWheelEvent const&) (WebPageProxy.cpp:2848)
==793346==    by 0x6B50767: WebKit::WebPageProxy::handleWheelEvent(WebKit::NativeWebWheelEvent const&) (WebPageProxy.cpp:2814)
==793346==    by 0x6C44B79: webkitWebViewBaseHandleWheelEvent (WebKitWebViewBase.cpp:1283)
==793346==    by 0x6C44B79: webkitWebViewBaseScrollEvent(_GtkWidget*, _GdkEventScroll*) (WebKitWebViewBase.cpp:1317)
==793346==    by 0x4A5DA3E: _gtk_marshal_BOOLEAN__BOXEDv (gtkmarshalers.c:130)
==793346==    by 0x554AF45: g_type_class_meta_marshalv (gclosure.c:1034)
==793346==    by 0x554AA98: _g_closure_invoke_va (gclosure.c:873)
==793346==    by 0x55684F7: g_signal_emit_valist (gsignal.c:3406)
==793346==    by 0x5569789: g_signal_emit (gsignal.c:3553)
==793346==    by 0x4E3CFFE: gtk_widget_event_internal (gtkwidget.c:7808)
==793346==  Uninitialised value was created by a stack allocation
==793346==    at 0x6B0A7D0: WebKit::NativeWebWheelEvent::NativeWebWheelEvent(WebKit::NativeWebWheelEvent const&) (NativeWebWheelEventGtk.cpp:57)

Unfortunately I don't see where it's coming from.