WebKit Bugzilla
New
Browse
Search+
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
283136
[WPE][Stable][2.46] Many layout tests crash on 32-bits due to an overflow issue at FrameLoader::updateNavigationAPIEntries
https://bugs.webkit.org/show_bug.cgi?id=283136
Summary
[WPE][Stable][2.46] Many layout tests crash on 32-bits due to an overflow iss...
Carlos Alberto Lopez Perez
Reported
2024-11-14 14:51:03 PST
On 32-bit platforms, specifically on ARMv7 (armhf) lots of layout test crash with the following backtrace. Thread 1 (Thread 0xf335a020 (LWP 386352)): #0 0xf37cd314 in WTFCrash() () at /home/buildbot/worker/WPE-242-ARM-32-bit-Release-Build/build/Source/WTF/wtf/Assertions.cpp:362 #1 0xf60fc402 in WTF::CrashOnOverflow::crash() () at /home/buildbot/worker/WPE-242-ARM-32-bit-Release-Build/build/WebKitBuild/WPE/Release/WTF/Headers/wtf/CheckedArithmetic.h:109 #2 WTF::CrashOnOverflow::overflowed() () at /home/buildbot/worker/WPE-242-ARM-32-bit-Release-Build/build/WebKitBuild/WPE/Release/WTF/Headers/wtf/CheckedArithmetic.h:102 #3 WTF::Vector<WTF::Ref<WebCore::HistoryItem, WTF::RawPtrTraits<WebCore::HistoryItem>, WTF::DefaultRefDerefTraits<WebCore::HistoryItem> >, 0u, WTF::CrashOnOverflow, 16u, WTF::FastMalloc>::at(unsigned int) () at /home/buildbot/worker/WPE-242-ARM-32-bit-Release-Build/build/WebKitBuild/WPE/Release/WTF/Headers/wtf/Vector.h:816 #4 WTF::Vector<WTF::Ref<WebCore::HistoryItem, WTF::RawPtrTraits<WebCore::HistoryItem>, WTF::DefaultRefDerefTraits<WebCore::HistoryItem> >, 0u, WTF::CrashOnOverflow, 16u, WTF::FastMalloc>::operator[](unsigned int) () at /home/buildbot/worker/WPE-242-ARM-32-bit-Release-Build/build/WebKitBuild/WPE/Release/WTF/Headers/wtf/Vector.h:826 #5 WebCore::FrameLoader::updateNavigationAPIEntries(std::optional<WebCore::NavigationNavigationType>) () at /home/buildbot/worker/WPE-242-ARM-32-bit-Release-Build/build/Source/WebCore/loader/FrameLoader.cpp:4874 #6 0xf60fc7b2 in WebCore::FrameLoader::didBeginDocument(bool) () at /home/buildbot/worker/WPE-242-ARM-32-bit-Release-Build/build/Source/WebCore/loader/FrameLoader.cpp:848 #7 0xf60e36e4 in WebCore::DocumentWriter::begin(WTF::URL const&, bool, WebCore::Document*, WebCore::ProcessQualified<WTF::UUID>, WebCore::NavigationAction const*) () at /home/buildbot/worker/WPE-242-ARM-32-bit-Release-Build/build/Source/WebCore/loader/DocumentWriter.cpp:244 #8 0xf60e4174 in WebCore::DocumentLoader::commitData(WebCore::SharedBuffer const&) () at /home/buildbot/worker/WPE-242-ARM-32-bit-Release-Build/build/Source/WebCore/loader/DocumentLoader.cpp:1264 #9 0xf60e4c58 in WebCore::DocumentLoader::finishedLoading() () at /home/buildbot/worker/WPE-242-ARM-32-bit-Release-Build/build/Source/WebCore/loader/DocumentLoader.cpp:500 #10 0xf60e519e in WebCore::DocumentLoader::maybeLoadEmpty() () at /home/buildbot/worker/WPE-242-ARM-32-bit-Release-Build/build/Source/WebCore/loader/DocumentLoader.cpp:2071 #11 0xf60e7616 in WebCore::DocumentLoader::startLoadingMainResource() () at /home/buildbot/worker/WPE-242-ARM-32-bit-Release-Build/build/Source/WebCore/loader/DocumentLoader.cpp:2132 #12 0xf60f2d7e in operator() () at /home/buildbot/worker/WPE-242-ARM-32-bit-Release-Build/build/Source/WebCore/loader/FrameLoader.cpp:4038 #13 call() () at /home/buildbot/worker/WPE-242-ARM-32-bit-Release-Build/build/WebKitBuild/WPE/Release/WTF/Headers/wtf/Function.h:53 #14 0xf6102c38 in WTF::Function<void ()>::operator()() const () at /home/buildbot/worker/WPE-242-ARM-32-bit-Release-Build/build/WebKitBuild/WPE/Release/WTF/Headers/wtf/Function.h:82 #15 WTF::CompletionHandler<void ()>::operator()() () at /home/buildbot/worker/WPE-242-ARM-32-bit-Release-Build/build/WebKitBuild/WPE/Release/WTF/Headers/wtf/CompletionHandler.h:78 #16 WebCore::FrameLoader::continueLoadAfterNavigationPolicy(WebCore::ResourceRequest const&, WebCore::FormState*, WebCore::NavigationPolicyDecision, WebCore::AllowNavigationToInvalidURL) () at /home/buildbot/worker/WPE-242-ARM-32-bit-Release-Build/build/Source/WebCore/loader/FrameLoader.cpp:4042 #17 0xf6108064 in operator() () at /home/buildbot/worker/WPE-242-ARM-32-bit-Release-Build/build/Source/WebCore/loader/FrameLoader.cpp:1866 #18 call() () at /home/buildbot/worker/WPE-242-ARM-32-bit-Release-Build/build/WebKitBuild/WPE/Release/WTF/Headers/wtf/Function.h:53 #19 0xf612857a in WTF::Function<void (WebCore::ResourceRequest&&, WTF::WeakPtr<WebCore::FormState, WTF::DefaultWeakPtrImpl, WTF::RawPtrTraits<WTF::DefaultWeakPtrImpl> >&&, WebCore::NavigationPolicyDecision)>::operator()(WebCore::ResourceRequest&&, WTF::WeakPtr<WebCore::FormState, WTF::DefaultWeakPtrImpl, WTF::RawPtrTraits<WTF::DefaultWeakPtrImpl> >&&, WebCore::NavigationPolicyDecision) const () at /home/buildbot/worker/WPE-242-ARM-32-bit-Release-Build/build/WebKitBuild/WPE/Release/WTF/Headers/wtf/Function.h:82 #20 WTF::CompletionHandler<void (WebCore::ResourceRequest&&, WTF::WeakPtr<WebCore::FormState, WTF::DefaultWeakPtrImpl, WTF::RawPtrTraits<WTF::DefaultWeakPtrImpl> >&&, WebCore::NavigationPolicyDecision)>::operator()(WebCore::ResourceRequest&&, WTF::WeakPtr<WebCore::FormState, WTF::DefaultWeakPtrImpl, WTF::RawPtrTraits<WTF::DefaultWeakPtrImpl> >&&, WebCore::NavigationPolicyDecision) () at /home/buildbot/worker/WPE-242-ARM-32-bit-Release-Build/build/WebKitBuild/WPE/Release/WTF/Headers/wtf/CompletionHandler.h:78 #21 operator()() () at /home/buildbot/worker/WPE-242-ARM-32-bit-Release-Build/build/Source/WebCore/loader/PolicyChecker.cpp:264 #22 0xf6129d0e in WTF::Function<void (WebCore::PolicyAction)>::operator()(WebCore::PolicyAction) const () at /home/buildbot/worker/WPE-242-ARM-32-bit-Release-Build/build/WebKitBuild/WPE/Release/WTF/Headers/wtf/Function.h:82 #23 WTF::CompletionHandler<void (WebCore::PolicyAction)>::operator()(WebCore::PolicyAction) () at /home/buildbot/worker/WPE-242-ARM-32-bit-Release-Build/build/WebKitBuild/WPE/Release/WTF/Headers/wtf/CompletionHandler.h:78 #24 WebCore::PolicyChecker::checkNavigationPolicy(WebCore::ResourceRequest&&, WebCore::ResourceResponse const&, WebCore::DocumentLoader*, WTF::RefPtr<WebCore::FormState, WTF::RawPtrTraits<WebCore::FormState>, WTF::DefaultRefDerefTraits<WebCore::FormState> >&&, WTF::CompletionHandler<void (WebCore::ResourceRequest&&, WTF::WeakPtr<WebCore::FormState, WTF::DefaultWeakPtrImpl, WTF::RawPtrTraits<WTF::DefaultWeakPtrImpl> >&&, WebCore::NavigationPolicyDecision)>&&, WebCore::PolicyDecisionMode) () at /home/buildbot/worker/WPE-242-ARM-32-bit-Release-Build/build/Source/WebCore/loader/PolicyChecker.cpp:302 #25 0xf6103152 in WebCore::FrameLoader::loadWithDocumentLoader(WebCore::DocumentLoader*, WebCore::FrameLoadType, WTF::RefPtr<WebCore::FormState, WTF::RawPtrTraits<WebCore::FormState>, WTF::DefaultRefDerefTraits<WebCore::FormState> >&&, WebCore::AllowNavigationToInvalidURL, WTF::CompletionHandler<void ()>&&) () at /home/buildbot/worker/WPE-242-ARM-32-bit-Release-Build/build/Source/WebCore/loader/FrameLoader.cpp:1865 #26 0xf6105c3e in WebCore::FrameLoader::load(WebCore::DocumentLoader&, WebCore::SecurityOrigin const*) () at /home/buildbot/worker/WPE-242-ARM-32-bit-Release-Build/build/Source/WebCore/loader/FrameLoader.cpp:1780 #27 0xf6106372 in WebCore::FrameLoader::load(WebCore::FrameLoadRequest&&) () at /home/buildbot/worker/WPE-242-ARM-32-bit-Release-Build/build/Source/WebCore/loader/FrameLoader.cpp:1709 #28 0xf3dece5a in WebKit::WebPage::loadRequest(WebKit::LoadParameters&&) () at /home/buildbot/worker/WPE-242-ARM-32-bit-Release-Build/build/Source/WebKit/WebProcess/WebPage/WebPage.cpp:2106 #29 0xf39ab624 in _ZZN3IPC18callMemberFunctionIN6WebKit7WebPageES2_FvONS1_14LoadParametersEESt5tupleIJS3_EEEEvPT_MT0_T1_OT2_ENKUlDpOT_E_clIJS3_EEEDaSH_ () at /home/buildbot/worker/WPE-242-ARM-32-bit-Release-Build/build/Source/WebKit/Platform/IPC/HandleMessage.h:135 #30 _ZSt13__invoke_implIvZN3IPC18callMemberFunctionIN6WebKit7WebPageES3_FvONS2_14LoadParametersEESt5tupleIJS4_EEEEvPT_MT0_T1_OT2_EUlDpOT_E_JS4_EES9_St14__invoke_otherOSB_DpOT1_ () at /usr/include/c++/11/bits/invoke.h:61 #31 _ZSt8__invokeIZN3IPC18callMemberFunctionIN6WebKit7WebPageES3_FvONS2_14LoadParametersEESt5tupleIJS4_EEEEvPT_MT0_T1_OT2_EUlDpOT_E_JS4_EENSt15__invoke_resultIS9_JDpT0_EE4typeEOS9_DpOSL_ () at /usr/include/c++/11/bits/invoke.h:96 #32 _ZSt12__apply_implIZN3IPC18callMemberFunctionIN6WebKit7WebPageES3_FvONS2_14LoadParametersEESt5tupleIJS4_EEEEvPT_MT0_T1_OT2_EUlDpOT_E_S8_JLj0EEEDcOS9_OSB_St16integer_sequenceIjJXspT1_EEE () at /usr/include/c++/11/tuple:1854 #33 _ZSt5applyIZN3IPC18callMemberFunctionIN6WebKit7WebPageES3_FvONS2_14LoadParametersEESt5tupleIJS4_EEEEvPT_MT0_T1_OT2_EUlDpOT_E_S8_EDcOS9_OSB_ () at /usr/include/c++/11/tuple:1865 #34 IPC::callMemberFunction<WebKit::WebPage, WebKit::WebPage, void (WebKit::LoadParameters&&), std::tuple<WebKit::LoadParameters> >(WebKit::WebPage*, void (WebKit::WebPage::*)(WebKit::LoadParameters&&), std::tuple<WebKit::LoadParameters>&&) () at /home/buildbot/worker/WPE-242-ARM-32-bit-Release-Build/build/Source/WebKit/Platform/IPC/HandleMessage.h:133 #35 IPC::handleMessage<Messages::WebPage::LoadRequest, WebKit::WebPage, WebKit::WebPage, void (WebKit::LoadParameters&&)>(IPC::Connection&, IPC::Decoder&, WebKit::WebPage*, void (WebKit::WebPage::*)(WebKit::LoadParameters&&)) () at /home/buildbot/worker/WPE-242-ARM-32-bit-Release-Build/build/Source/WebKit/Platform/IPC/HandleMessage.h:235 #36 WebKit::WebPage::didReceiveWebPageMessage(IPC::Connection&, IPC::Decoder&) () at /home/buildbot/worker/WPE-242-ARM-32-bit-Release-Build/build/WebKitBuild/WPE/Release/DerivedSources/WebKit/WebPageMessageReceiver.cpp:587 #37 0xf3b494fe in IPC::MessageReceiverMap::dispatchMessage(IPC::Connection&, IPC::Decoder&) () at /home/buildbot/worker/WPE-242-ARM-32-bit-Release-Build/build/Source/WebKit/Platform/IPC/MessageReceiverMap.cpp:129 #38 0xf3d2c026 in WebKit::WebProcess::didReceiveMessage(IPC::Connection&, IPC::Decoder&) () at /home/buildbot/worker/WPE-242-ARM-32-bit-Release-Build/build/Source/WebKit/WebProcess/WebProcess.cpp:984 #39 0xf3b46278 in IPC::Connection::dispatchMessage(WTF::UniqueRef<IPC::Decoder>) () at /home/buildbot/worker/WPE-242-ARM-32-bit-Release-Build/build/Source/WebKit/Platform/IPC/Connection.cpp:1451 #40 0xf3b46940 in IPC::Connection::dispatchMessage(WTF::UniqueRef<IPC::Decoder>) () at /home/buildbot/worker/WPE-242-ARM-32-bit-Release-Build/build/Source/WebKit/Platform/IPC/Connection.cpp:1408 #41 IPC::Connection::dispatchOneIncomingMessage() () at /home/buildbot/worker/WPE-242-ARM-32-bit-Release-Build/build/Source/WebKit/Platform/IPC/Connection.cpp:1518 #42 0xf4cc2c50 in WTF::Function<void ()>::operator()() const () at /home/buildbot/worker/WPE-242-ARM-32-bit-Release-Build/build/Source/WTF/wtf/Function.h:82 #43 WTF::RunLoop::performWork() () at /home/buildbot/worker/WPE-242-ARM-32-bit-Release-Build/build/Source/WTF/wtf/RunLoop.cpp:147 #44 0xf4d1b7a2 in operator() () at /home/buildbot/worker/WPE-242-ARM-32-bit-Release-Build/build/Source/WTF/wtf/glib/RunLoopGLib.cpp:80 #45 _FUN() () at /home/buildbot/worker/WPE-242-ARM-32-bit-Release-Build/build/Source/WTF/wtf/glib/RunLoopGLib.cpp:82 #46 0xf4d1c1ea in operator() () at /home/buildbot/worker/WPE-242-ARM-32-bit-Release-Build/build/Source/WTF/wtf/glib/RunLoopGLib.cpp:53 #47 _FUN() () at /home/buildbot/worker/WPE-242-ARM-32-bit-Release-Build/build/Source/WTF/wtf/glib/RunLoopGLib.cpp:56 #48 0xf311f2d8 in g_main_context_dispatch () at /lib/arm-linux-gnueabihf/libglib-2.0.so.0 #49 0x00000000 in ()
Attachments
Add attachment
proposed patch, testcase, etc.
Carlos Alberto Lopez Perez
Comment 1
2024-11-14 15:16:27 PST
Pull request:
https://github.com/WebKit/WebKit/pull/36662
EWS
Comment 2
2024-11-17 09:05:41 PST
Committed
282416.283@fix_overflow_32bits
(edcd1a11dfe3): <
https://commits.webkit.org/282416.283@fix_overflow_32bits
> Reviewed commits have been landed. Closing PR #36662 and removing active labels.
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug