[Webkit-unassigned] [Bug 53285] CSS styles are shared based on uninitialized property values
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Feb 2 06:39:52 PST 2011
https://bugs.webkit.org/show_bug.cgi?id=53285
--- Comment #4 from Evgeniy Stepanov <eugenis at chromium.org> 2011-02-02 06:39:52 PST ---
I've got a bit more information. The uninitialized bytes belong to "RefPtr<CSSValue> m_value" field in CSSProperty, which is basically a pointer to a CSSValue. As can be seen from the following stack, we are comparing these pointers bit-by-bit with memcmp(). Does it work as intended?
==16849== at 0x402EED9: bcmp (mc_replace_strmem.c:567)
==16849== by 0x198EF0F: WTF::VectorComparer<true, WebCore::CSSProperty>::compare(WebCore::CSSProperty const*, WebCore::CSSProperty const*, unsigned long) (Vector.h:236)
==16849== by 0x198EF1F: WTF::VectorTypeOperations<WebCore::CSSProperty>::compare(WebCore::CSSProperty const*, WebCore::CSSProperty const*, unsigned long) (Vector.h:275)
==16849== by 0x198EF79: bool WTF::operator==<WebCore::CSSProperty, 4ul>(WTF::Vector<WebCore::CSSProperty, 4ul> const&, WTF::Vector<WebCore::CSSProperty, 4ul> const&) (Vector.h:1136)
==16849== by 0x198F0C7: WebCore::CSSMutableStyleDeclaration::propertiesEqual(WebCore::CSSMutableStyleDeclaration const*) const (CSSMutableStyleDeclaration.h:182)
==16849== by 0x198F18E: WebCore::NamedNodeMap::mappedMapsEquivalent(WebCore::NamedNodeMap const*) const (NamedNodeMap.cpp:365)
Just in case, this report came up for a CSSMutableStyleDeclaration with a single CSSProperty with id 1137, shorthandID 0, important 0, implicit 0, css text: "vertical-align: middle;".
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list