[Webkit-unassigned] [Bug 23501] New: Overlapping memcpy in TestDecoder::reset
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Jan 23 05:26:02 PST 2009
https://bugs.webkit.org/show_bug.cgi?id=23501
Summary: Overlapping memcpy in TestDecoder::reset
Product: WebKit
Version: 528+ (Nightly build)
Platform: PC
OS/Version: Mac OS X 10.5
Status: UNCONFIRMED
Severity: Normal
Priority: P2
Component: WebCore Misc.
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: deanm at chromium.org
WebCore/platform/text/TextDecoder.cpp:
void TextDecoder::reset(const TextEncoding& encoding)
{
m_encoding = encoding;
m_encoding is a TextEncoding, which has a default assignment operator which
will be implemented by gcc as a memcpy. The following patch:
commit 58f7c694c743381477042501d9069b2cda497751
Author: antti at apple.com <antti at apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Sun Nov 9 04:11:26 2008 +0000
WebCore:
2008-11-08 Antti Koivisto <antti at apple.com>
Reviewed by Sam Weinig.
Fix https://bugs.webkit.org/show_bug.cgi?id=22141
REGRESSION: Safari error page is not fully styled when loaded from
cache
Reset text decoder on flush so it does not pass through the BOM
when it is reused.
Test: fast/encoding/css-cached-bom.html
* loader/TextResourceDecoder.cpp:
(WebCore::TextResourceDecoder::flush):
LayoutTests:
2008-11-08 Antti Koivisto <antti at apple.com>
Reviewed by Sam Weinig.
Test for https://bugs.webkit.org/show_bug.cgi?id=22141
REGRESSION: Safari error page is not fully styled when loaded from
cache
* fast/encoding/css-cached-bom.html: Added.
* fast/encoding/css-cached-bom-expected.txt: Added.
* fast/encoding/resources/css-cached-bom-frame.html: Added.
* fast/encoding/resources/utf-16-little-endian.css: Added.
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@38240
268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/WebCore/loader/TextResourceDecoder.cpp
b/WebCore/loader/TextResourceDecoder.cpp
index 4a0caa0..2064393 100644
--- a/WebCore/loader/TextResourceDecoder.cpp
+++ b/WebCore/loader/TextResourceDecoder.cpp
@@ -793,6 +793,7 @@ String TextResourceDecoder::flush()
{
String result = m_decoder.decode(m_buffer.data(), m_buffer.size(), true,
m_contentType == XML, m_sawError);
m_buffer.clear();
+ m_decoder.reset(m_decoder.encoding());
return result;
}
Added a call to m_decoder.reset(m_decoder.encoding());
which means that m_encoding = encoding; is assignment to itself, which is the
equivalent of memcpy'ing with the same buffer as the source and destination,
which is invalid.
I think the solution here would either be to identity check the assignment:
if (&m_encoding != &encoding)
...
Or to to offer some flavor or reset() which does not reset the encoding.
Valgrind:
==29911== Source and destination overlap in memcpy(0xC9D7F34, 0xC9D7F34, 6)
==29911== at 0x79A2F22: memcpy (mc_replace_strmem.c:402)
==29911== by 0x8806E6F: WebCore::TextDecoder::reset(WebCore::TextEncoding
const&) (TextDecoder.cpp:44)
==29911== by 0x84AEE0B: WebCore::TextResourceDecoder::flush()
(TextResourceDecoder.cpp:896)
==29911== by 0x85B2FCA: WebCore::FrameLoader::write(char const*, int, bool)
(FrameLoader.cpp:1039)
==29911== by 0x85B8163: WebCore::FrameLoader::endIfNotLoadingMainResource()
(FrameLoader.cpp:1093)
==29911== by 0x85B81AE: WebCore::FrameLoader::end() (FrameLoader.cpp:1078)
==29911== by 0x85BA257: WebCore::FrameLoader::init() (FrameLoader.cpp:293)
==29911== by 0x83DAA49: WebCore::Frame::init() (Frame.cpp:216)
==29911== by 0x805D581: WebFrameImpl::InitMainFrame(WebViewImpl*)
(webframe_impl.cc:319)
==29911== by 0x8084DBD: WebView::Create(WebViewDelegate*, WebPreferences
const&) (webview_impl.cc:268)
==29911== by 0x8A3E54C: WebViewHost::Create(_GtkWidget*, WebViewDelegate*,
WebPreferences const&) (webview_host_gtk.cc:25)
==29911== by 0x8A410D0: TestShell::Initialize(std::basic_string<wchar_t,
std::char_traits<wchar_t>, std::allocator<wchar_t> > const&)
(test_shell_gtk.cc:349)
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the webkit-unassigned
mailing list