RESOLVED FIXED308695
[libpas] Make pas_{small,tiny}_large_map_entry aware of delegation 
https://bugs.webkit.org/show_bug.cgi?id=308695
Summary [libpas] Make pas_{small,tiny}_large_map_entry aware of delegation
Marcus Plutowski
Reported 2026-02-25 19:28:25 PST
rdar://170836116 When non-delegated allocations are stored in the large-heap, it is possible that their metadata will be stored in the tiny_large_map or the small_large_map, which are compressed versions of the normal large-map. When this happens, we need to ensure that at the point the large-map reconstructs a large_map_entry from the compressed contents of those heaps, it populates all fields in the entry, as the entry is not guaranteed to be zero-filled beforehand. Otherwise, the delegated_to_system_malloc field could be filled with garbage, leading to an inevitable crash when we free the pointer from libmalloc.
Attachments
Add attachment proposed patch, testcase, etc.
Marcus Plutowski
Comment 1 2026-02-25 19:29:48 PST
Pull request: https://github.com/WebKit/WebKit/pull/59473
Marcus Plutowski
Comment 2 2026-02-25 21:00:23 PST
<rdar://problem/170300268>
EWS
Comment 3 2026-02-26 12:05:43 PST
Committed 308296@main (f209caf4db12): <https://commits.webkit.org/308296@main> Reviewed commits have been landed. Closing PR #59473 and removing active labels.
EWS
Comment 4 2026-02-27 22:37:10 PST
Committed 305413.380@safari-7624-branch (8e3eb903d2f8): <https://commits.webkit.org/305413.380@safari-7624-branch> Reviewed commits have been landed. Closing PR #4576 and removing active labels.
Note You need to log in before you can comment on or make changes to this bug.