[Webkit-unassigned] [Bug 30347] New: Uninitialized conditional in WebCore::CSSParser::validUnit with "width: %" style

Tue Oct 13 16:20:08 PDT 2009

https://bugs.webkit.org/show_bug.cgi?id=30347

           Summary: Uninitialized conditional in
                    WebCore::CSSParser::validUnit with "width: %" style
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: PC
        OS/Version: Linux
            Status: UNCONFIRMED
          Severity: Normal
          Priority: P2
         Component: CSS
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: mattm at chromium.org

LayoutTests/fast/css/invalid-percentage-property.html causes a valgrind
"Conditional jump or move depends on uninitialised value(s)" error.

validUnit is called with the FNonNeg flag, which checks the fValue before
checking anything else, but the "width: %" grammar does not set any fValue.

This does not seem to cause any misbehavior in this case since validUnit will
always return false regardless if the FNonNeg check fails or the value->unit
tests falls through.  However, it does create valgrind noise which is nice to
avoid.

Very similar to bug 22772.

Will attach a patch which addresses this particular case be initializing fValue
in the grammar, though I don't know if this is the best way to go about it. 
validUnit could be refactored so the check is only done for units where it
makes sense, though that might introduce a slight runtime or code size cost.

Chromium bug:
http://code.google.com/p/chromium/issues/detail?id=20939

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.