[Webkit-unassigned] [Bug 26449] New: UMR in WebCore::BitStack

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Jun 16 10:53:08 PDT 2009


https://bugs.webkit.org/show_bug.cgi?id=26449

           Summary: UMR in WebCore::BitStack
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: PC
        OS/Version: Mac OS X 10.5
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebCore Misc.
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: tony at chromium.org
                CC: darin at apple.com


WebCore::BitStack was added to TextIterator in r44674.  Purify is reporting a
UMR:
Uninitialized memory read in WebCore::BitStack::push(bool)
Error Location
  third_party/webkit/webcore/editing/textiterator.cpp
WebCore::BitStack::push(bool)
  third_party/webkit/webcore/editing/textiterator.cpp
WebCore::pushFullyClippedState
  third_party/webkit/webcore/editing/textiterator.cpp
WebCore::setUpFullyClippedStack
  third_party/webkit/webcore/editing/textiterator.cpp
WebCore::TextIterator::TextIterator(Range::WebCore const*,bool,bool)
  third_party/webkit/webcore/editing/textiterator.cpp
WebCore::plainTextToMallocAllocatedBuffer(class WebCore::Range const
*,unsigned int &,bool)
  third_party/webkit/webcore/editing/textiterator.cpp
WebCore::plainText(Range::WebCore const*)
  third_party/webkit/webcore/dom/element.cpp
WebCore::Element::innerText(void)const
  webkit/glue/webkit_glue.cc  webkit_glue::DumpDocumentText(class WebFrame
*)
  webkit/tools/test_shell/test_shell.cc  TestShell::GetDocumentText(void)
  webkit/glue/bookmarklet_unittest.cc
BookmarkletTest_DocumentWrite_Test::TestBody(void)
  testing/gtest/src/gtest.cc  testing::Test::Run(void)
  ^^^

--

It looks like when we grow |m_words|, we don't initialize the new memory which
we then use as |word| causing a UMR.  I guess we just need to assign 0 to the
new memory.

Patch coming soon, but feel free to check in before me.


-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.



More information about the webkit-unassigned mailing list