244560 – Workaround ASAN false positive stack-use-after-scope in pas_fast_large_free_heap_try_allocate

Bug 244560 - Workaround ASAN false positive stack-use-after-scope in pas_fast_large_free_heap_try_allocate

Summary: Workaround ASAN false positive stack-use-after-scope in pas_fast_large_free_h...

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	bmalloc (show other bugs)
Version:	Other
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	David Kilzer (:ddkilzer)

URL:
Keywords:	InRadar

Depends on:	236001
Blocks:
	Show dependency tree / graph

Reported:	2022-08-30 16:39 PDT by David Kilzer (:ddkilzer)
Modified:	2022-09-01 16:45 PDT (History)
CC List:	3 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description David Kilzer (:ddkilzer) 2022-08-30 16:39:38 PDT

Workaround ASAN false positive stack-buffer-underflow in pas_fast_large_free_heap_try_allocate.

Use the same workaround as Bug 236001.

<rdar://97106809>

Comment 1 David Kilzer (:ddkilzer) 2022-08-30 16:46:44 PDT

These two tests will always crash when run without this workaround:

LayoutTests/fast/selectors/nth-child-of-boundaries-2.html
LayoutTests/fast/selectors/nth-child-of-boundaries-3.html

Comment 2 David Kilzer (:ddkilzer) 2022-08-30 16:50:39 PDT

Pull request: https://github.com/WebKit/WebKit/pull/3830

Comment 3 EWS 2022-08-30 20:02:55 PDT

Committed 253973@main (0427d190dce9): <https://commits.webkit.org/253973@main>

Reviewed commits have been landed. Closing PR #3830 and removing active labels.

Comment 4 David Kilzer (:ddkilzer) 2022-09-01 16:45:35 PDT

Oops, this was a stack-use-after-scope, not a stack-buffer-overflow.  Not sure how I typed the wrong issue in the original title!