wpe-20170728: global-buffer-overflow @WTF::StringImpl::createFromLiteral()

[dwrobel]

• branch: wpe-20170728 (2371327)
• url: https://yt-dash-mse-test.commondatastorage.googleapis.com/unit-tests/2018.html?test_type=encryptedmedia-test&timestamp=1554377522685&tests=33,34&command=run
• compiled with: -fsanitize=address
• reproducibility 100%

==14940==ERROR: AddressSanitizer: global-buffer-overflow on address 0x7fb2a9f3e0ad at pc 0x7fb2aadd628d bp 0x7ffe06122270 sp 0x7ffe06121a18
READ of size 27118 at 0x7fb2a9f3e0ad thread T0
Polled memory pressure (critical)
    #0 0x7fb2aadd628c  (/lib64/libasan.so.5+0xad28c)
    #1 0x7fb2a95309b9 in WTF::StringImpl::createFromLiteral(char const*) (/home/dwrobel/projects/webkit/WebPlatformForEmbedded-2017/1/_install/usr/lib/libWPEWebKit.so.0+0x10ebe9b9)
    #2 0x7fb2a957ff4b in WTF::String::String(WTF::ASCIILiteral) (/home/dwrobel/projects/webkit/WebPlatformForEmbedded-2017/1/_install/usr/lib/libWPEWebKit.so.0+0x10f0df4b)
    #3 0x7fb2a4b25f20 in WebCore::RenderThemeWPE::mediaControlsStyleSheet() (/home/dwrobel/projects/webkit/WebPlatformForEmbedded-2017/1/_install/usr/lib/libWPEWebKit.so.0+0xc4b3f20)
    #4 0x7fb29ee0f11b in WebCore::CSSDefaultStyleSheets::ensureDefaultStyleSheetsForElement(WebCore::Element const&) (/home/dwrobel/projects/webkit/WebPlatformForEmbedded-2017/1/_install/usr/lib/libWPEWebKit.so.0+0x679d11b)
    #5 0x7fb29f0330c9 in WebCore::StyleResolver::styleForElement(WebCore::Element const&, WebCore::RenderStyle const*, WebCore::RenderStyle const*, WebCore::RuleMatchingBehavior, WebCore::SelectorFilter const*) (/home/dwrobel/projects/webkit/WebPlatformForEmbedded-2017/1/_install/usr/lib/libWPEWebKit.so.0+0x69c10c9)
    #6 0x7fb29e1a734d in WebCore::Style::TreeResolver::styleForElement(WebCore::Element&, WebCore::RenderStyle const&) (/home/dwrobel/projects/webkit/WebPlatformForEmbedded-2017/1/_install/usr/lib/libWPEWebKit.so.0+0x5b3534d)
    #7 0x7fb29e1a85e9 in WebCore::Style::TreeResolver::resolveElement(WebCore::Element&) (/home/dwrobel/projects/webkit/WebPlatformForEmbedded-2017/1/_install/usr/lib/libWPEWebKit.so.0+0x5b365e9)
    #8 0x7fb29e1b01a3 in WebCore::Style::TreeResolver::resolveComposedTree() (/home/dwrobel/projects/webkit/WebPlatformForEmbedded-2017/1/_install/usr/lib/libWPEWebKit.so.0+0x5b3e1a3)
    #9 0x7fb29e1b35e4 in WebCore::Style::TreeResolver::resolve() (/home/dwrobel/projects/webkit/WebPlatformForEmbedded-2017/1/_install/usr/lib/libWPEWebKit.so.0+0x5b415e4)
    #10 0x7fb29b3d60be in WebCore::Document::resolveStyle(WebCore::Document::ResolveStyleType) (/home/dwrobel/projects/webkit/WebPlatformForEmbedded-2017/1/_install/usr/lib/libWPEWebKit.so.0+0x2d640be)
    #11 0x7fb29b3d7aab in WebCore::Document::updateStyleIfNeeded() (/home/dwrobel/projects/webkit/WebPlatformForEmbedded-2017/1/_install/usr/lib/libWPEWebKit.so.0+0x2d65aab)
    #12 0x7fb29b40f6fd in WebCore::Document::finishedParsing() (/home/dwrobel/projects/webkit/WebPlatformForEmbedded-2017/1/_install/usr/lib/libWPEWebKit.so.0+0x2d9d6fd)
    #13 0x7fb29bf9e18b in WebCore::HTMLDocumentParser::prepareToStopParsing() (/home/dwrobel/projects/webkit/WebPlatformForEmbedded-2017/1/_install/usr/lib/libWPEWebKit.so.0+0x392c18b)
    #14 0x7fb29bfa46a0 in WebCore::HTMLDocumentParser::resumeParsingAfterScriptExecution() (/home/dwrobel/projects/webkit/WebPlatformForEmbedded-2017/1/_install/usr/lib/libWPEWebKit.so.0+0x39326a0)
    #15 0x7fb29bfa5077 in WebCore::HTMLDocumentParser::notifyFinished(WebCore::PendingScript&) (/home/dwrobel/projects/webkit/WebPlatformForEmbedded-2017/1/_install/usr/lib/libWPEWebKit.so.0+0x3933077)
    #16 0x7fb29f1e42e8 in WebCore::PendingScript::notifyClientFinished() (/home/dwrobel/projects/webkit/WebPlatformForEmbedded-2017/1/_install/usr/lib/libWPEWebKit.so.0+0x6b722e8)
    #17 0x7fb29b5c4742 in WebCore::LoadableScript::notifyClientFinished() (/home/dwrobel/projects/webkit/WebPlatformForEmbedded-2017/1/_install/usr/lib/libWPEWebKit.so.0+0x2f52742)
    #18 0x7fb29f1c53e0 in WebCore::LoadableClassicScript::notifyFinished(WebCore::CachedResource&) (/home/dwrobel/projects/webkit/WebPlatformForEmbedded-2017/1/_install/usr/lib/libWPEWebKit.so.0+0x6b533e0)
    #19 0x7fb29c6f2d21 in WebCore::CachedResource::checkNotify() (/home/dwrobel/projects/webkit/WebPlatformForEmbedded-2017/1/_install/usr/lib/libWPEWebKit.so.0+0x4080d21)
    #20 0x7fb29c784617 in WebCore::CachedScript::finishLoading(WebCore::SharedBuffer*) (/home/dwrobel/projects/webkit/WebPlatformForEmbedded-2017/1/_install/usr/lib/libWPEWebKit.so.0+0x4112617)
    #21 0x7fb29c59ddef in WebCore::SubresourceLoader::didFinishLoading(WebCore::NetworkLoadMetrics const&) (/home/dwrobel/projects/webkit/WebPlatformForEmbedded-2017/1/_install/usr/lib/libWPEWebKit.so.0+0x3f2bdef)
    #22 0x7fb299f8c9f6 in WebKit::WebResourceLoader::didFinishResourceLoad(WebCore::NetworkLoadMetrics const&) (/home/dwrobel/projects/webkit/WebPlatformForEmbedded-2017/1/_install/usr/lib/libWPEWebKit.so.0+0x191a9f6)
    #23 0x7fb29a88c4dd in void IPC::handleMessage<Messages::WebResourceLoader::DidFinishResourceLoad, WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics const&)>(IPC::Decoder&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics const&)) (/home/dwrobel/projects/webkit/WebPlatformForEmbedded-2017/1/_install/usr/lib/libWPEWebKit.so.0+0x221a4dd)
    #24 0x7fb29a891618 in WebKit::WebResourceLoader::didReceiveWebResourceLoaderMessage(IPC::Connection&, IPC::Decoder&) (/home/dwrobel/projects/webkit/WebPlatformForEmbedded-2017/1/_install/usr/lib/libWPEWebKit.so.0+0x221f618)
    #25 0x7fb299f43a16 in WebKit::NetworkProcessConnection::didReceiveMessage(IPC::Connection&, IPC::Decoder&) (/home/dwrobel/projects/webkit/WebPlatformForEmbedded-2017/1/_install/usr/lib/libWPEWebKit.so.0+0x18d1a16)
    #26 0x7fb29952b40f in IPC::Connection::dispatchMessage(std::unique_ptr<IPC::Decoder, std::default_delete<IPC::Decoder> >) (/home/dwrobel/projects/webkit/WebPlatformForEmbedded-2017/1/_install/usr/lib/libWPEWebKit.so.0+0xeb940f)
    #27 0x7fb29952f461 in IPC::Connection::dispatchOneMessage() (/home/dwrobel/projects/webkit/WebPlatformForEmbedded-2017/1/_install/usr/lib/libWPEWebKit.so.0+0xebd461)
    #28 0x7fb2a94b7f05 in WTF::RunLoop::performWork() (/home/dwrobel/projects/webkit/WebPlatformForEmbedded-2017/1/_install/usr/lib/libWPEWebKit.so.0+0x10e45f05)
    #29 0x7fb2a95b0a4b in WTF::RunLoop::RunLoop()::{lambda(void*)#1}::_FUN(void*) (/home/dwrobel/projects/webkit/WebPlatformForEmbedded-2017/1/_install/usr/lib/libWPEWebKit.so.0+0x10f3ea4b)
    #30 0x7fb2956cd06c in g_main_dispatch gmain.c:3182
    #31 0x7fb2956cd437 in g_main_context_iterate gmain.c:3920
    #32 0x7fb2956cd761 in g_main_loop_run (/lib64/libglib-2.0.so.0+0x4f761)
    #33 0x7fb2a95b4046 in WTF::RunLoop::run() (/home/dwrobel/projects/webkit/WebPlatformForEmbedded-2017/1/_install/usr/lib/libWPEWebKit.so.0+0x10f42046)
    #34 0x7fb29a5fc48e in int WebKit::ChildProcessMain<WebKit::WebProcess, WebKit::WebProcessMain>(int, char**) (/home/dwrobel/projects/webkit/WebPlatformForEmbedded-2017/1/_install/usr/lib/libWPEWebKit.so.0+0x1f8a48e)
    #35 0x7fb2951a3412 in __libc_start_main ../csu/libc-start.c:308
    #36 0x400d8d in _start (/home/dwrobel/projects/webkit/WebPlatformForEmbedded-2017/1/_install/usr/bin/WPEWebProcess+0x400d8d)

0x7fb2a9f3e0ad is located 51 bytes to the left of global variable 'meterElementShadowUserAgentStyleSheet' defined in 'DerivedSources/WebCore/UserAgentStyleSheetsData.cpp:2325:19' (0x7fb2a9f3e0e0) of size 977
0x7fb2a9f3e0ad is located 0 bytes to the right of global variable 'mediaControlsBaseUserAgentStyleSheet' defined in 'DerivedSources/WebCore/UserAgentStyleSheetsData.cpp:2389:19' (0x7fb2a9f376c0) of size 27117
SUMMARY: AddressSanitizer: global-buffer-overflow (/lib64/libasan.so.5+0xad28c) 
Shadow bytes around the buggy address:
  0x0ff6d53dfbc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0ff6d53dfbd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0ff6d53dfbe0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0ff6d53dfbf0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0ff6d53dfc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0ff6d53dfc10: 00 00 00 00 00[05]f9 f9 f9 f9 f9 f9 00 00 00 00
  0x0ff6d53dfc20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0ff6d53dfc30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0ff6d53dfc40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0ff6d53dfc50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0ff6d53dfc60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==14940==ABORTING

GDB callstack:

(gdb) bt
#0  0x00007fb2aae415d0 in __sanitizer::Die() () at ../../../../libsanitizer/sanitizer_common/sanitizer_termination.cc:49
#1  0x00007fb2aae23ce5 in __asan::ScopedInErrorReport::~ScopedInErrorReport() (this=<optimized out>, __in_chrg=<optimized out>) at ../../../../libsanitizer/asan/asan_report.cc:181
#2  0x00007fb2aae23ce5 in __asan::ReportGenericError(unsigned long, unsigned long, unsigned long, unsigned long, bool, unsigned long, unsigned int, bool) (pc=<optimized out>, bp=bp@entry=140729000272496, sp=sp@entry=140729000270360, addr=addr@entry=140405332238509, is_write=is_write@entry=false, access_size=access_size@entry=27118, exp=0, fatal=false) at ../../../../libsanitizer/asan/asan_report.cc:397
#3  0x00007fb2aadd62ac in __interceptor_strlen(char const*) (s=<optimized out>) at ../../../../libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:301
#4  0x00007fb2a95309ba in WTF::StringImpl::createFromLiteral(char const*) (characters=0x7fb2a9f376c0 <WebCore::mediaControlsBaseUserAgentStyleSheet> "audio { width: 200px; height: 25px; } body:-webkit-full-page-media { background-color: rgb(38, 38, 38); } video:-webkit-full-page-media { margin: auto; position: absolute; top: 0; right: 0; bottom: 0;"...) at ../Source/WTF/wtf/text/StringImpl.cpp:158
#5  0x00007fb2a957ff4c in WTF::String::String(WTF::ASCIILiteral) (this=0x7ffe061225d0, characters=...) at ../Source/WTF/wtf/text/WTFString.h:734
#6  0x00007fb2a4b25f21 in WebCore::RenderThemeWPE::mediaControlsStyleSheet() (this=<optimized out>) at ../Source/WTF/wtf/text/WTFString.h:733
#7  0x00007fb29ee0f11c in WebCore::CSSDefaultStyleSheets::ensureDefaultStyleSheetsForElement(WebCore::Element const&) (element=...) at ../Source/WTF/wtf/text/StringImpl.h:568
#8  0x00007fb29f0330ca in WebCore::StyleResolver::styleForElement(WebCore::Element const&, WebCore::RenderStyle const*, WebCore::RenderStyle const*, WebCore::RuleMatchingBehavior, WebCore::SelectorFilter const*) (this=0x6190000fe180, element=..., parentStyle=parentStyle@entry=0x611000180cc0, parentBoxStyle=<optimized out>, matchingBehavior=matchingBehavior@entry=WebCore::MatchAllRules, selectorFilter=<optimized out>) at ../Source/WebCore/css/StyleResolver.cpp:370
#9  0x00007fb29e1a734e in WebCore::Style::TreeResolver::styleForElement(WebCore::Element&, WebCore::RenderStyle const&) (this=this@entry=0x7ffe06127140, element=..., inheritedStyle=...) at ../Source/WebCore/style/StyleTreeResolver.h:84
#10 0x00007fb29e1a85ea in WebCore::Style::TreeResolver::resolveElement(WebCore::Element&) (this=this@entry=0x7ffe06127140, element=...) at ../Source/WebCore/style/StyleTreeResolver.cpp:181
#11 0x00007fb29e1b01a4 in WebCore::Style::TreeResolver::resolveComposedTree() (this=this@entry=0x7ffe06127140) at ../Source/WebCore/style/StyleTreeResolver.cpp:411
#12 0x00007fb29e1b35e5 in WebCore::Style::TreeResolver::resolve() (this=this@entry=0x7ffe06127140) at ../Source/WebCore/style/StyleTreeResolver.cpp:473
#13 0x00007fb29b3d60bf in WebCore::Document::resolveStyle(WebCore::Document::ResolveStyleType) (this=this@entry=0x61e000008480, type=type@entry=WebCore::Document::ResolveStyleType::Normal) at ../Source/WebCore/dom/Document.cpp:1807
#14 0x00007fb29b3d7aac in WebCore::Document::updateStyleIfNeeded() (this=0x61e000008480) at ../Source/WebCore/dom/Document.cpp:1910
#15 0x00007fb29b3d7aac in WebCore::Document::updateStyleIfNeeded() (this=0x61e000008480) at ../Source/WebCore/dom/Document.cpp:1897
#16 0x00007fb29b40f6fe in WebCore::Document::finishedParsing() (this=0x61e000008480) at ../Source/WebCore/dom/Document.cpp:5247
#17 0x00007fb29f3e2a08 in WebCore::HTMLConstructionSite::finishedParsing() (this=<optimized out>) at ../Source/WebCore/html/parser/HTMLConstructionSite.cpp:421
#18 0x00007fb29c03cb4e in WebCore::HTMLTreeBuilder::finished() (this=<optimized out>) at ../Source/WebCore/html/parser/HTMLTreeBuilder.cpp:2843
#19 0x00007fb29bf9df1f in WebCore::HTMLDocumentParser::end() (this=0x61f00001ce80) at /usr/include/c++/8/bits/unique_ptr.h:342
#20 0x00007fb29bf9df1f in WebCore::HTMLDocumentParser::attemptToRunDeferredScriptsAndEnd() (this=this@entry=0x7ffe061276d0) at ../Source/WebCore/html/parser/HTMLDocumentParser.cpp:415
#21 0x00007fb29bf9e18c in WebCore::HTMLDocumentParser::prepareToStopParsing() (this=0x7ffe061276d0, this@entry=0x61f00001ce80) at ../Source/WebCore/html/parser/HTMLDocumentParser.cpp:138
#22 0x00007fb29bf9ea87 in WebCore::HTMLDocumentParser::endIfDelayed() (this=this@entry=0x61f00001ce80) at ../Source/WebCore/html/parser/HTMLDocumentParser.cpp:440
#23 0x00007fb29bfa46a1 in WebCore::HTMLDocumentParser::resumeParsingAfterScriptExecution() (this=this@entry=0x61f00001ce80) at ../Source/WebCore/html/parser/HTMLDocumentParser.cpp:501
#24 0x00007fb29bfa5078 in WebCore::HTMLDocumentParser::notifyFinished(WebCore::PendingScript&) (this=0x61f00001ce80, pendingScript=...) at ../Source/WebCore/html/parser/HTMLDocumentParser.cpp:544
#25 0x00007fb29f1e42e9 in WebCore::PendingScript::notifyClientFinished() (this=<optimized out>) at ../Source/WebCore/dom/PendingScript.cpp:69
#26 0x00007fb29b5c4743 in WebCore::LoadableScript::notifyClientFinished() (this=this@entry=0x60d0000405b0) at ../Source/WebCore/dom/LoadableScript.cpp:60
#27 0x00007fb29f1c53e1 in WebCore::LoadableClassicScript::notifyFinished(WebCore::CachedResource&) (this=0x60d0000405b0, resource=...) at ../Source/WebCore/dom/LoadableClassicScript.cpp:105
#28 0x00007fb29c6f2d22 in WebCore::CachedResource::checkNotify() (this=<optimized out>) at ../Source/WebCore/loader/cache/CachedResource.cpp:331
#29 0x00007fb29c6f2d22 in WebCore::CachedResource::checkNotify() (this=<optimized out>) at ../Source/WebCore/loader/cache/CachedResource.cpp:324
#30 0x00007fb29c784618 in WebCore::CachedScript::finishLoading(WebCore::SharedBuffer*) (this=0x61b000037280, data=<optimized out>) at ../Source/WebCore/loader/cache/CachedScript.cpp:105
#31 0x00007fb29c59ddf0 in WebCore::SubresourceLoader::didFinishLoading(WebCore::NetworkLoadMetrics const&) (this=<optimized out>, networkLoadMetrics=...) at ../Source/WebCore/loader/ResourceLoader.h:96
#32 0x00007fb299f8c9f7 in WebKit::WebResourceLoader::didFinishResourceLoad(WebCore::NetworkLoadMetrics const&) (this=0x606000045f20, networkLoadMetrics=...) at ../Source/WTF/wtf/RefPtr.h:79
#33 0x00007fb29a88c4de in IPC::callMemberFunctionImpl<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics const&), std::tuple<WebCore::NetworkLoadMetrics>, 0ul>(WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics const&), std::tuple<WebCore::NetworkLoadMetrics>&&, std::integer_sequence<unsigned long, 0ul>) (args=..., function=<optimized out>, object=<optimized out>) at ../Source/WebKit/Platform/IPC/HandleMessage.h:38
#34 0x00007fb29a88c4de in IPC::callMemberFunction<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics const&), std::tuple<WebCore::NetworkLoadMetrics>, std::integer_sequence<unsigned long, 0ul> >(std::tuple<WebCore::NetworkLoadMetrics>&&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics const&)) (function=<optimized out>, object=<optimized out>, args=...) at ../Source/WebKit/Platform/IPC/HandleMessage.h:46
#35 0x00007fb29a88c4de in IPC::handleMessage<Messages::WebResourceLoader::DidFinishResourceLoad, WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics const&)>(IPC::Decoder&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics const&)) (decoder=..., object=object@entry=0x606000045f20, function=<optimized out>) at ../Source/WebKit/Platform/IPC/HandleMessage.h:126
#36 0x00007fb29a891619 in WebKit::WebResourceLoader::didReceiveWebResourceLoaderMessage(IPC::Connection&, IPC::Decoder&) (this=<optimized out>, connection=..., decoder=...) at DerivedSources/WebKit/WebResourceLoaderMessageReceiver.cpp:65
#37 0x00007fb299f43a17 in WebKit::NetworkProcessConnection::didReceiveMessage(IPC::Connection&, IPC::Decoder&) (this=<optimized out>, connection=..., decoder=...) at ../Source/WebKit/WebProcess/Network/NetworkProcessConnection.cpp:68
#38 0x00007fb29952b410 in IPC::Connection::dispatchMessage(IPC::Decoder&) (decoder=..., this=0x614000002440) at ../Source/WebKit/Platform/IPC/Connection.cpp:901
#39 0x00007fb29952b410 in IPC::Connection::dispatchMessage(std::unique_ptr<IPC::Decoder, std::default_delete<IPC::Decoder> >) (this=0x614000002440, message=std::unique_ptr<IPC::Decoder> = {...}) at ../Source/WebKit/Platform/IPC/Connection.cpp:928
#40 0x00007fb29952f462 in IPC::Connection::dispatchOneMessage() (this=<optimized out>) at /usr/include/c++/8/bits/move.h:74
#41 0x00007fb2a94b7f06 in WTF::Function<void ()>::operator()() const (this=0x7ffe0612a200) at /usr/include/c++/8/bits/unique_ptr.h:342
#42 0x00007fb2a94b7f06 in WTF::RunLoop::performWork() (this=0x60c000000700) at ../Source/WTF/wtf/RunLoop.cpp:123
#43 0x00007fb2a95b0a4c in WTF::RunLoop::<lambda(gpointer)>::operator() (__closure=0x0, userData=<optimized out>) at ../Source/WTF/wtf/glib/RunLoopGLib.cpp:68
#44 0x00007fb2a95b0a4c in WTF::RunLoop::<lambda(gpointer)>::_FUN(gpointer) () at ../Source/WTF/wtf/glib/RunLoopGLib.cpp:70
#45 0x00007fb2956cd06d in g_main_dispatch (context=0x60f0000009a0) at gmain.c:3182
#46 0x00007fb2956cd06d in g_main_context_dispatch (context=context@entry=0x60f0000009a0) at gmain.c:3847
#47 0x00007fb2956cd438 in g_main_context_iterate (context=0x60f0000009a0, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at gmain.c:3920
#48 0x00007fb2956cd762 in g_main_loop_run (loop=0x602000001090) at gmain.c:4116
#49 0x00007fb2a95b4047 in WTF::RunLoop::run() () at ../Source/WTF/wtf/glib/RunLoopGLib.cpp:96
#50 0x00007fb29a5fc48f in WebKit::ChildProcessMain<WebKit::WebProcess, WebKit::WebProcessMain>(int, char**) (argc=<optimized out>, argv=<optimized out>) at ../Source/WebKit/Shared/unix/ChildProcessMain.h:41
#51 0x00007fb2951a3413 in __libc_start_main (main=0x400c80 <main(int, char**)>, argc=3, argv=0x7ffe0612a7a8, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7ffe0612a798) at ../csu/libc-start.c:308
#52 0x0000000000400d8e in _start ()
(gdb) fr 4
#4  0x00007fb2a95309ba in WTF::StringImpl::createFromLiteral (characters=0x7fb2a9f376c0 <WebCore::mediaControlsBaseUserAgentStyleSheet> "audio { width: 200px; height: 25px; } body:-webkit-full-page-media { background-color: rgb(38, 38, 38); } video:-webkit-full-page-media { margin: auto; position: absolute; top: 0; right: 0; bottom: 0;"...) at ../Source/WTF/wtf/text/StringImpl.cpp:158
158	    return createFromLiteral(characters, strlen(characters));
(gdb) l
153	    return adoptRef(*new StringImpl(reinterpret_cast<const LChar*>(characters), length, ConstructWithoutCopying));
154	}
155	
156	Ref<StringImpl> StringImpl::createFromLiteral(const char* characters)
157	{
158	    return createFromLiteral(characters, strlen(characters));
159	}
160	
161	Ref<StringImpl> StringImpl::createWithoutCopying(const UChar* characters, unsigned length)
162	{
(gdb) p characters
$1 = 0x7fb2a9f376c0 <WebCore::mediaControlsBaseUserAgentStyleSheet> "audio { width: 200px; height: 25px; } body:-webkit-full-page-media { background-color: rgb(38, 38, 38); } video:-webkit-full-page-media { margin: auto; position: absolute; top: 0; right: 0; bottom: 0;"...
(gdb) p strlen(characters)
[Thread 0x7fb2487d0700 (LWP 15378) exited]
$2 = 27117
(gdb)

[dwrobel]

If I'm not mistaken the problem seems to be how mediaControlsBaseUserAgentStyleSheet is being constructed and more precisely by lack of \0 in the end of it. It's needed if you're invoking strlen() on them: https://github.com/WebPlatformForEmbedded/WPEWebKit/blob/wpe-20170728/Source/WTF/wtf/text/StringImpl.cpp#L158 (see frame 4 above).

[modeveci]

Inactive ticket for long time!

Closing the ticket; if you think it is still relevant and/or valid for the latest version/s. Please do not hesitate to re-open!