Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 0b5f6b72e35fdbeeaae6ac07283191659172e808
https://github.com/WebKit/WebKit/commit/0b5f6b72e35fdbeeaae6ac07283191659172e808
Author: Dan Blackwell <[email protected]>
Date: 2026-05-06 (Wed, 06 May 2026)
Changed paths:
M Source/ThirdParty/ANGLE/src/common/PoolAlloc.h
Log Message:
-----------
[TSan] ANGLE: bypass PoolAllocator under ThreadSanitizer
<https://bugs.webkit.org/show_bug.cgi?id=313441>
<rdar://176182322>
Reviewed by Kimmo Kinnunen.
ANGLE's translator `PoolAllocator` is a bump allocator that never
frees individual objects, so sanitizers cannot see per-object
allocation boundaries and may report false positives on recycled
pool memory (or miss real bugs in reused slots). Under
`ANGLE_WITH_ASAN` or `ANGLE_WITH_TSAN`, define the existing
`ANGLE_DISABLE_POOL_ALLOC` macro so that `PoolAllocator::allocate()`
routes through `allocateSingleObject()`, which uses `malloc`
per-allocation. All call sites (`POOL_ALLOCATOR_NEW_DELETE`,
`pool_allocator`, `AllocatePoolCharArray`) go through this single
entry point, so no per-file changes are needed.
Guard blocks (`ANGLE_POOL_ALLOC_GUARD_BLOCKS`) are redundant when a
sanitizer is active, since AddressSanitizer and ThreadSanitizer already
detect out-of-bounds and unsynchronized accesses, respectively.
Structure the macro choice as an `#if`/`#elif` chain so the sanitizer
branch and the debug-only guard-block branch are mutually exclusive.
Also move `kSegmentSize` outside the `ANGLE_DISABLE_POOL_ALLOC` guard
so profiling code in `PoolAlloc.cpp` that references it compiles in
both the pool-allocator and system-allocator modes.
* Source/ThirdParty/ANGLE/src/common/PoolAlloc.h:
Canonical link: https://commits.webkit.org/312740@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
