[Webkit-unassigned] [Bug 20194] New: Uninitalized variables in RenderText.cpp

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Jul 28 04:29:12 PDT 2008 

https://bugs.webkit.org/show_bug.cgi?id=20194

           Summary: Uninitalized variables in RenderText.cpp
           Product: WebKit
           Version: 526+ (Nightly build)
          Platform: All
        OS/Version: All
            Status: UNCONFIRMED
          Severity: Minor
          Priority: P3
         Component: Layout and Rendering
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: Kelemen.Balazs.3 at stud.u-szeged.hu


We analyzed WebKit (r35407, qt-linux) with Valgrind and found that there is an
execution path in RenderText.cpp
that use unitilazed variables.

If the "(!len || (stripFrontSpaces && m_text->containsOnlyWhitespace()))"
condition is true in RenderText::trimmedPrefWidths the function returns without
initalizing beginWS and endWS (thes are the names of
the formal parameters and the variables that are given to the function too).
After calling trimmedPrefWiths in
RenderBlock::calcInlinePrefWidths these variables are used to determine a
condition in line 3866.

Declaration and use of the potentially uninitalized variables:
    Webkit/WebCore/rendering/RenderBlock.cpp - lines: 3856-3871
    -------------------------
    bool hasBreakableChar, hasBreak;
    int beginMin, endMin;
    bool beginWS, endWS;
    int beginMax, endMax;
    t->trimmedPrefWidths(inlineMax, beginMin, beginWS, endMin, endWS,
                            hasBreakableChar, hasBreak, beginMax, endMax,
                            childMin, childMax, stripFrontSpaces);

    // This text object will not be rendered, but it may still provide a
breaking opportunity.
    if (!hasBreak && childMax == 0) {
        if (autoWrap && (beginWS || endWS)) {
            m_minPrefWidth = max(inlineMin, m_minPrefWidth);
            inlineMin = 0;
        }
        continue;
    }
    -------------

The called function:
    Webkit/WebCore/rendering/RenderText.cpp - lines: 399-423
    -------------
    void RenderText::trimmedPrefWidths(int leadWidth,
                                    int& beginMinW, bool& beginWS,
                                    int& endMinW, bool& endWS,
                                    bool& hasBreakableChar, bool& hasBreak,
                                    int& beginMaxW, int& endMaxW,
                                    int& minW, int& maxW, bool&
stripFrontSpaces)
    {
        bool collapseWhiteSpace = style()->collapseWhiteSpace();
        if (!collapseWhiteSpace)
            stripFrontSpaces = false;

        if (m_hasTab || prefWidthsDirty())
            calcPrefWidths(leadWidth);

        int len = textLength();
        if (!len || (stripFrontSpaces && m_text->containsOnlyWhitespace())) {
            beginMinW = 0;
            endMinW = 0;
            beginMaxW = 0;
            endMaxW = 0;
            minW = 0;
            maxW = 0;
            hasBreak = false;
            return;
        }
    ----------------


-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

More information about the webkit-unassigned mailing list