[Webkit-unassigned] [Bug 196664] New: Undefined Behavior: m_experimentalImageMenuEnabled isn't initialized in HTMLImageElement when SERVICE_CONTROLS is disabled
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Apr 5 16:21:14 PDT 2019
https://bugs.webkit.org/show_bug.cgi?id=196664
Bug ID: 196664
Summary: Undefined Behavior: m_experimentalImageMenuEnabled
isn't initialized in HTMLImageElement when
SERVICE_CONTROLS is disabled
Product: WebKit
Version: WebKit Nightly Build
Hardware: Unspecified
OS: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: WebCore Misc.
Assignee: webkit-unassigned at lists.webkit.org
Reporter: chris.reid at sony.com
m_experimentalImageMenuEnabled is only initialized when SERVICE_CONTROLS is enabled but used regardless.
This doesn't seem to cause an observable bug.
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ..\..\Source\WebCore\dom/Document.cpp:2630:23 in
..\..\Source\WebCore\html\HTMLImageElement.h:112:45: runtime error: load of value 190, which is not a valid value for type 'bool'
#0 0x7ffbfe807508 in WebCore::HTMLImageElement::hasShadowControls C:\git\neko\Source\WebCore\html\HTMLImageElement.h:112
#1 0x7ffbfe7e82c4 in WebCore::RenderImage::RenderImage C:\git\neko\Source\WebCore\rendering\RenderImage.cpp:142
#2 0x7ffbfcdf9358 in WebCore::createRenderer<WebCore::RenderImage,WebCore::HTMLImageElement &,WebCore::RenderStyle,nullptr_t,float &> C:\git\neko\Source\WebCore\rendering\RenderPtr.h:43
#3 0x7ffbfcde6766 in WebCore::HTMLImageElement::createElementRenderer C:\git\neko\Source\WebCore\html\HTMLImageElement.cpp:282
#4 0x7ffc02d68bb2 in WebCore::RenderTreeUpdater::createRenderer C:\git\neko\Source\WebCore\rendering\updating\RenderTreeUpdater.cpp:363
#5 0x7ffc02d62ad0 in WebCore::RenderTreeUpdater::updateElementRenderer C:\git\neko\Source\WebCore\rendering\updating\RenderTreeUpdater.cpp:323
#6 0x7ffc02d60085 in WebCore::RenderTreeUpdater::updateRenderTree C:\git\neko\Source\WebCore\rendering\updating\RenderTreeUpdater.cpp:187
#7 0x7ffc02d5df06 in WebCore::RenderTreeUpdater::commit C:\git\neko\Source\WebCore\rendering\updating\RenderTreeUpdater.cpp:119
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20190405/69c82443/attachment.html>
More information about the webkit-unassigned
mailing list