[Webkit-unassigned] [Bug 50277] New: key member variable in NumericStrings CacheData is never initialized
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Nov 30 15:06:52 PST 2010
https://bugs.webkit.org/show_bug.cgi?id=50277
Summary: key member variable in NumericStrings CacheData is
never initialized
Product: WebKit
Version: 528+ (Nightly build)
Platform: PC
OS/Version: Mac OS X 10.5
Status: NEW
Severity: Normal
Priority: P2
Component: JavaScriptCore
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: xan.lopez at gmail.com
Gives warnings like the following, where the key will be garbage before an element is introduced.
==13821== 4 errors in context 6 of 917:
==13821== Conditional jump or move depends on uninitialised value(s)
==13821== at 0x43B57C9: JSC::NumericStrings::add(int) (NumericStrings.h:52)
==13821== by 0x43B67BE: JSC::JSValue::toString(JSC::ExecState*) const (JSString.h:595)
==13821== by 0x51578C8: JSC::jsAddSlowCase(JSC::ExecState*, JSC::JSValue, JSC::JSValue) (Operations.cpp:56)
==13821== by 0x50B1482: cti_op_add (JITStubs.cpp:1342)
==13821== by 0x50B0B4F: JSC::JITThunks::tryCacheGetByID(JSC::ExecState*, JSC::CodeBlock*, JSC::ReturnAddressPtr, JSC::JSValue, JSC::Identifier const&, JS$
==13821== by 0x5080B09: JSC::JITCode::execute(JSC::RegisterFile*, JSC::ExecState*, JSC::JSGlobalData*) (JITCode.h:77)
==13821== by 0x507D8DE: JSC::Interpreter::execute(JSC::ProgramExecutable*, JSC::ExecState*, JSC::ScopeChainNode*, JSC::JSObject*) (Interpreter.cpp:778)
==13821== by 0x5113D96: JSC::evaluate(JSC::ExecState*, JSC::ScopeChain&, JSC::SourceCode const&, JSC::JSValue) (Completion.cpp:62)
==13821== by 0x43FDE84: WebCore::JSMainThreadExecState::evaluate(JSC::ExecState*, JSC::ScopeChain&, JSC::SourceCode const&, JSC::JSValue) (JSMainThreadEx$
==13821== by 0x441C67C: WebCore::ScriptController::evaluateInWorld(WebCore::ScriptSourceCode const&, WebCore::DOMWrapperWorld*, WebCore::ShouldAllowXSS) $
==13821== by 0x441C816: WebCore::ScriptController::evaluate(WebCore::ScriptSourceCode const&, WebCore::ShouldAllowXSS) (ScriptController.cpp:171)
==13821== by 0x44459EB: WebCore::ScriptController::executeScript(WebCore::ScriptSourceCode const&, WebCore::ShouldAllowXSS) (ScriptControllerBase.cpp:60)
==13821== Uninitialised value was created by a heap allocation
==13821== at 0x4025BDC: malloc (vg_replace_malloc.c:195)
==13821== by 0x517F063: WTF::fastMalloc(unsigned int) (FastMalloc.cpp:250)
==13821== by 0x4378915: WTF::FastAllocBase::operator new(unsigned int) (FastAllocBase.h:121)
==13821== by 0x5135C1F: JSC::JSGlobalData::create(JSC::ThreadStackType) (JSGlobalData.cpp:237)
==13821== by 0x5135C8C: JSC::JSGlobalData::createLeaked(JSC::ThreadStackType) (JSGlobalData.cpp:243)
==13821== by 0x43DFA15: WebCore::JSDOMWindowBase::commonJSGlobalData() (JSDOMWindowBase.cpp:185)
==13821== by 0x441C888: WebCore::ScriptController::getAllWorlds(WTF::Vector<WebCore::DOMWrapperWorld*, 0u>&) (ScriptController.cpp:181)
==13821== by 0x4824691: WebCore::FrameLoader::dispatchDidClearWindowObjectsInAllWorlds() (FrameLoader.cpp:3350)
==13821== by 0x481933E: WebCore::FrameLoader::receivedFirstData() (FrameLoader.cpp:618)
==13821== by 0x481B21F: WebCore::FrameLoader::willSetEncoding() (FrameLoader.cpp:1090)
==13821== by 0x4814BC4: WebCore::DocumentWriter::setEncoding(WTF::String const&, bool) (DocumentWriter.cpp:236)
==13821== by 0x480B35A: WebCore::DocumentLoader::commitData(char const*, int) (DocumentLoader.cpp:306)
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list