[Webkit-unassigned] [Bug 27467] New: Use memory reference in PlatformContextSkia::currentPathInLocalCoordinates()

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Jul 20 16:06:20 PDT 2009 

https://bugs.webkit.org/show_bug.cgi?id=27467

           Summary: Use memory reference in
                    PlatformContextSkia::currentPathInLocalCoordinates()
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: PC
        OS/Version: All
            Status: UNCONFIRMED
          Severity: Normal
          Priority: P2
         Component: WebCore Misc.
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: jhawkins at google.com
                CC: fishd at chromium.org


The following tests
LayoutTests/svg/dynamic-updates/SVGMarkerElement-dom-markerHeight-attr.html
LayoutTests/svg/dynamic-updates/SVGMarkerElement-dom-markerWidth-attr.html
LayoutTests/svg/dynamic-updates/SVGMarkerElement-svgdom-markerHeight-prop.html
LayoutTests/svg/dynamic-updates/SVGMarkerElement-svgdom-markerWidth-prop.html

show a valgrind error:

18:47:01 valgrind_analyze.py [ERROR] UninitCondition
Conditional jump or move depends on uninitialised value(s)
  SkMatrix::getType() const (skia/include/corecg/SkMatrix.h:48)
  SkPath::transform(SkMatrix const&, SkPath*) const (skia/sgl/SkPath.cpp:849)
  SkPath::transform(SkMatrix const&) (skia/include/SkPath.h:454)
  PlatformContextSkia::currentPathInLocalCoordinates() const
(third_party/WebKit/WebCore/platform/graphics/skia/PlatformContextSkia.cpp:470)
  WebCore::GraphicsContext::fillPath()
(third_party/WebKit/WebCore/platform/graphics/skia/GraphicsContextSkia.cpp:687)
  WebCore::SVGPaintServer::renderPath(WebCore::GraphicsContext*&,
WebCore::RenderObject const*, WebCore::SVGPaintTargetType) const
(third_party/WebKit/WebCore/svg/graphics/SVGPaintServer.cpp:180)
  WebCore::SVGPaintServer::draw(WebCore::GraphicsContext*&,
WebCore::RenderObject
const*, WebCore::SVGPaintTargetType) const
(third_party/WebKit/WebCore/svg/graphics/SVGPaintServer.cpp:171)
  WebCore::fillAndStrokePath(WebCore::Path const&, WebCore::GraphicsContext*,
WebCore::RenderStyle*, WebCore::RenderPath*)
(third_party/WebKit/WebCore/rendering/RenderPath.cpp:211)
  WebCore::RenderPath::paint(WebCore::RenderObject::PaintInfo&, int, int)
(third_party/WebKit/WebCore/rendering/RenderPath.cpp:238)
  WebCore::RenderSVGContainer::paint(WebCore::RenderObject::PaintInfo&, int,
int)
(third_party/WebKit/WebCore/rendering/RenderSVGContainer.cpp:199)

Uninitialised value was created by a stack allocation
  PlatformContextSkia::currentPathInLocalCoordinates() const
(third_party/WebKit/WebCore/platform/graphics/skia/PlatformContextSkia.cpp:464)

The call to matrix.invert fails, leaving inverseMatrix uninitialized.  My fix
is to return an empty path.  I will upload a patch soon.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list