REGRESSION(r255164) [PlayStation] WTFReportBacktrace tries to print b…

…acktrace even when backtrace cannot be obtained and crashes https://bugs.webkit.org/show_bug.cgi?id=261497 Reviewed by Kimmo Kinnunen. WTFPrintBacktraceWithPrefixAndPrintStream should wrap the size parameter to 0 if it is negative not to print stack. Currently, when !HAVE(BACKTRACE) && !OS(WINDOWS), - WTFGetBacktrace(samples, &frames) makes frames = 0 - WTFReportBacktraceWithPrefixAndPrintStream passes -2 (=frames-framesToSkip) to WTFPrintBacktraceWithPrefixAndPrintStream. - WTFPrintBacktraceWithPrefixAndPrintStream static_cast -2 to size_t, which can overflow and makes large number. - It possibly tries to print the large stack and eventually crashes. * Source/WTF/wtf/Assertions.cpp: (WTFPrintBacktraceWithPrefixAndPrintStream): Wraps negative size to 0. (WTFReportBacktraceWithPrefixAndPrintStream): Check the frame size and print "no stacktrace available" if the size is not enough. (WTFReportBacktrace): Ditto. Canonical link: https://commits.webkit.org/268121@main
WebKit · Sep 19, 2023 · a427952 · a427952
1 parent a53ad48
commit a427952
Showing 1 changed file with 9 additions and 3 deletions.
diff --git a/Source/WTF/wtf/Assertions.cpp b/Source/WTF/wtf/Assertions.cpp
@@ -292,7 +292,10 @@ void WTFReportBacktraceWithPrefixAndPrintStream(PrintStream& out, const char* pr
     int frames = framesToShow + framesToSkip;
 
     WTFGetBacktrace(samples, &frames);
-    WTFPrintBacktraceWithPrefixAndPrintStream(out, samples + framesToSkip, frames - framesToSkip, prefix);
+    if (frames > framesToSkip)
+        WTFPrintBacktraceWithPrefixAndPrintStream(out, samples + framesToSkip, frames - framesToSkip, prefix);
+    else
+        out.print("%sno stacktrace available", prefix);
 }
 
 void WTFReportBacktrace()
@@ -303,12 +306,15 @@ void WTFReportBacktrace()
     int frames = framesToShow + framesToSkip;
 
     WTFGetBacktrace(samples, &frames);
-    WTFPrintBacktrace(samples + framesToSkip, frames - framesToSkip);
+    if (frames > framesToSkip)
+        WTFPrintBacktrace(samples + framesToSkip, frames - framesToSkip);
+    else
+        CrashLogPrintStream { }.print("no stacktrace available");
 }
 
 void WTFPrintBacktraceWithPrefixAndPrintStream(PrintStream& out, void** stack, int size, const char* prefix)
 {
-    out.print(StackTracePrinter { { stack, static_cast<size_t>(size) }, prefix });
+    out.print(StackTracePrinter { { stack, static_cast<size_t>(std::max(0, size)) }, prefix });
 }
 
 void WTFPrintBacktrace(void** stack, int size)