22798 2008-12-10 14:33:48 -0800 Unitialized struct field in SVGFont.cpp 2008-12-12 17:22:00 -0800 1 1 1 Unclassified WebKit Text 528+ (Nightly build) PC OS X 10.5 RESOLVED FIXED P2 Normal --- 1 davemoore webkit-unassigned zimmermann oldest_to_newest 102149 0 davemoore 2008-12-10 14:33:48 -0800 In Font::drawTextUsingSVGFont() a variable of type SVGTextRunWalkerDrawTextData is created on the stack (called data). One of its fields, charsConsumed, is unitialized, leading to random values after calling walk() on the SVGTextRunWalker created with it. Patch will be attached 102156 1 25926 davemoore 2008-12-10 14:46:53 -0800 Created attachment 25926 Patch to fix This patch adds initialization of the charsConsumed field 102240 2 25952 davemoore 2008-12-11 09:48:35 -0800 Created attachment 25952 Patch to fix 102255 3 25952 eric 2008-12-11 11:36:04 -0800 Comment on attachment 25952 Patch to fix Just nits: 1 2008-12-11 davemoore <davemoore@google.com> Should be: 1 2008-12-11 David Moore <davemoore@google.com> (See my email on changelog entries sent to chrome-team last week.) WARNING: NO TEST CASES ADDED OR CHANGED can be removed and replaced when an explanation as to why it's untestable. 5 Fixed https://bugs.webkit.org/show_bug.cgi?id=22798 Looks like a tab (or maybe just bad indentation) Looks fine. We could also have fixed this by adding a constructor to SVGTextRunWalkerMeasuredLengthData (which would have possibly prevented future such UMRs. Marking r- for the nits. Post another copy and I'll be happy to review and land it for you. Thanks for the fix! 102259 4 25956 davemoore 2008-12-11 12:02:27 -0800 Created attachment 25956 Patch to fix Fixed review issues 102277 5 25956 eric 2008-12-11 14:09:32 -0800 Comment on attachment 25956 Patch to fix Looks fine. 102404 6 eric 2008-12-12 17:22:00 -0800 Only snag I hit was one tab in the ChangeLog (we have a pre-commit script which fails if tabs are in any file). Otherwise the patch was great! Committing to http://svn.webkit.org/repository/webkit/trunk ... M WebCore/ChangeLog M WebCore/svg/SVGFont.cpp Committed r39260 25926 2008-12-10 14:46:53 -0800 2008-12-11 09:48:35 -0800 Patch to fix webkit_22798.patch text/plain 484 davemoore SW5kZXg6IFNWR0ZvbnQuY3BwDQo9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09DQotLS0gU1ZHRm9udC5jcHAJKHJldmlzaW9u IDY1NzcpDQorKysgU1ZHRm9udC5jcHAJKHdvcmtpbmcgY29weSkNCkBAIC01MDYsNiArNTA2LDcg QEANCiAgICAgICAgIH0KIAogICAgICAgICBkYXRhLmV4dHJhQ2hhcnNBdmFpbGFibGUgPSAwOwor ICAgICAgICBkYXRhLmNoYXJzQ29uc3VtZWQgPSAwOwogCiAgICAgICAgIFNWR1RleHRSdW5XYWxr ZXI8U1ZHVGV4dFJ1bldhbGtlckRyYXdUZXh0RGF0YT4gcnVuV2Fsa2VyKGZvbnREYXRhLCBmb250 RWxlbWVudCwgZGF0YSwgZHJhd1RleHRVc2luZ1NWR0ZvbnRDYWxsYmFjaywgZHJhd1RleHRNaXNz aW5nR2x5cGhDYWxsYmFjayk7CiAgICAgICAgIHJ1bldhbGtlci53YWxrKHJ1biwgaXNWZXJ0aWNh bFRleHQsIGxhbmd1YWdlLCBmcm9tLCB0byk7Cg== 25952 2008-12-11 09:48:35 -0800 2008-12-11 12:02:27 -0800 Patch to fix webkit_22798.patch text/plain 1474 davemoore SW5kZXg6IFdlYkNvcmUvQ2hhbmdlTG9nCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIFdlYkNvcmUvQ2hhbmdlTG9n CShyZXZpc2lvbiAzOTIxMSkKKysrIFdlYkNvcmUvQ2hhbmdlTG9nCSh3b3JraW5nIGNvcHkpCkBA IC0xLDMgKzEsMjAgQEAKKzIwMDgtMTItMTEgIGRhdmVtb29yZSAgPGRhdmVtb29yZUBnb29nbGUu Y29tPgorCisgICAgICAgIFJldmlld2VkIGJ5IE5PQk9EWSAoT09QUyEpLgorCisJRml4ZWQgaHR0 cHM6Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcuY2dpP2lkPTIyNzk4CisJCisgICAgICAgIElu IEZvbnQ6OmRyYXdUZXh0VXNpbmdTVkdGb250KCkgYSB2YXJpYWJsZSBvZiB0eXBlIFNWR1RleHRS dW5XYWxrZXJEcmF3VGV4dERhdGEKKyAgICAgICAgaXMgY3JlYXRlZCBvbiB0aGUgc3RhY2sgKGNh bGxlZCBkYXRhKS4gT25lIG9mIGl0cyBmaWVsZHMsIGNoYXJzQ29uc3VtZWQsIGlzCisgICAgICAg IHVuaXRpYWxpemVkLCBsZWFkaW5nIHRvIHJhbmRvbSB2YWx1ZXMgYWZ0ZXIgY2FsbGluZyB3YWxr KCkgb24gdGhlCisgICAgICAgIFNWR1RleHRSdW5XYWxrZXIgY3JlYXRlZCB3aXRoIGl0LiBJIG5v dyBpbml0aWFsaXplIHRoZSB2YXJpYWJsZQorCQorICAgICAgICBXQVJOSU5HOiBOTyBURVNUIENB U0VTIEFEREVEIE9SIENIQU5HRUQKKyAgICAgICAgVGhpcyBidWcgd2FzIHJldmVhbGVkIGluIG91 ciBQdXJpZnkgcnVuLgorCisgICAgICAgICogc3ZnL1NWR0ZvbnQuY3BwOgorICAgICAgICAoV2Vi Q29yZTo6Rm9udDo6ZHJhd1RleHRVc2luZ1NWR0ZvbnQpOgorCiAyMDA4LTEyLTEwICBDaHJpcyBN YXJyaW4gIDxjbWFycmluQGFwcGxlLmNvbT4KIAogICAgICAgICBSZXZpZXdlZCBieSBEYXZlIEh5 YXR0LgpJbmRleDogV2ViQ29yZS9zdmcvU1ZHRm9udC5jcHAKPT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gV2ViQ29y ZS9zdmcvU1ZHRm9udC5jcHAJKHJldmlzaW9uIDM5MjExKQorKysgV2ViQ29yZS9zdmcvU1ZHRm9u dC5jcHAJKHdvcmtpbmcgY29weSkKQEAgLTUwNiw2ICs1MDYsNyBAQCB2b2lkIEZvbnQ6OmRyYXdU ZXh0VXNpbmdTVkdGb250KEdyYXBoaWNzCiAgICAgICAgIH0KIAogICAgICAgICBkYXRhLmV4dHJh Q2hhcnNBdmFpbGFibGUgPSAwOworICAgICAgICBkYXRhLmNoYXJzQ29uc3VtZWQgPSAwOwogCiAg ICAgICAgIFNWR1RleHRSdW5XYWxrZXI8U1ZHVGV4dFJ1bldhbGtlckRyYXdUZXh0RGF0YT4gcnVu V2Fsa2VyKGZvbnREYXRhLCBmb250RWxlbWVudCwgZGF0YSwgZHJhd1RleHRVc2luZ1NWR0ZvbnRD YWxsYmFjaywgZHJhd1RleHRNaXNzaW5nR2x5cGhDYWxsYmFjayk7CiAgICAgICAgIHJ1bldhbGtl ci53YWxrKHJ1biwgaXNWZXJ0aWNhbFRleHQsIGxhbmd1YWdlLCBmcm9tLCB0byk7Cg== 25956 2008-12-11 12:02:27 -0800 2008-12-11 14:09:32 -0800 Patch to fix webkit_22798.patch text/plain 1583 davemoore SW5kZXg6IFdlYkNvcmUvQ2hhbmdlTG9nCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIFdlYkNvcmUvQ2hhbmdlTG9n CShyZXZpc2lvbiAzOTIxMykKKysrIFdlYkNvcmUvQ2hhbmdlTG9nCSh3b3JraW5nIGNvcHkpCkBA IC0xLDMgKzEsMjEgQEAKKzIwMDgtMTItMTEgIERhdmUgTW9vcmUgIDxkYXZlbW9vcmVAZ29vZ2xl LmNvbT4KKworICAgICAgICBSZXZpZXdlZCBieSBOT0JPRFkgKE9PUFMhKS4KKworICAgICAgICBG aXhlZCBodHRwczovL2J1Z3Mud2Via2l0Lm9yZy9zaG93X2J1Zy5jZ2k/aWQ9MjI3OTgKKwkKKyAg ICAgICAgSW4gRm9udDo6ZHJhd1RleHRVc2luZ1NWR0ZvbnQoKSBhIHZhcmlhYmxlIG9mIHR5cGUg U1ZHVGV4dFJ1bldhbGtlckRyYXdUZXh0RGF0YQorICAgICAgICBpcyBjcmVhdGVkIG9uIHRoZSBz dGFjayAoY2FsbGVkIGRhdGEpLiBPbmUgb2YgaXRzIGZpZWxkcywgY2hhcnNDb25zdW1lZCwgaXMK KyAgICAgICAgdW5pdGlhbGl6ZWQsIGxlYWRpbmcgdG8gcmFuZG9tIHZhbHVlcyBhZnRlciBjYWxs aW5nIHdhbGsoKSBvbiB0aGUKKyAgICAgICAgU1ZHVGV4dFJ1bldhbGtlciBjcmVhdGVkIHdpdGgg aXQuIEkgbm93IGluaXRpYWxpemUgdGhlIHZhcmlhYmxlCisJCisgICAgICAgIFRoaXMgYnVnIHdh cyByZXZlYWxlZCBpbiBvdXIgUHVyaWZ5IHJ1bi4gSSBkb24ndCBrbm93IG9mIGFueSBzcGVjaWZp YyBpbmNvcnJlY3QKKyAgICAgICAgYmVoYXZpb3IgY2F1c2VkIGJ5IGl0IGJ1dCBpdCB3b3VsZCBs ZWFkIHRvIHRoZSBjaGFyc0NvbnN1bWVkIGZpZWxkIGhhdmluZyBhCisgICAgICAgIGEgd3Jvbmcg dmFsdWUuCisKKyAgICAgICAgKiBzdmcvU1ZHRm9udC5jcHA6CisgICAgICAgIChXZWJDb3JlOjpG b250OjpkcmF3VGV4dFVzaW5nU1ZHRm9udCk6CisKIDIwMDgtMTItMTEgIEJyZW50IEZ1bGdoYW0g IDxiZnVsZ2hhbUBnbWFpbC5jb20+CiAKICAgICAgICAgUmV2aWV3ZWQgYnkgQWRhbSBSb2Jlbi4K SW5kZXg6IFdlYkNvcmUvc3ZnL1NWR0ZvbnQuY3BwCj09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIFdlYkNvcmUvc3Zn L1NWR0ZvbnQuY3BwCShyZXZpc2lvbiAzOTIxMykKKysrIFdlYkNvcmUvc3ZnL1NWR0ZvbnQuY3Bw CSh3b3JraW5nIGNvcHkpCkBAIC01MDYsNiArNTA2LDcgQEAgdm9pZCBGb250OjpkcmF3VGV4dFVz aW5nU1ZHRm9udChHcmFwaGljcwogICAgICAgICB9CiAKICAgICAgICAgZGF0YS5leHRyYUNoYXJz QXZhaWxhYmxlID0gMDsKKyAgICAgICAgZGF0YS5jaGFyc0NvbnN1bWVkID0gMDsKIAogICAgICAg ICBTVkdUZXh0UnVuV2Fsa2VyPFNWR1RleHRSdW5XYWxrZXJEcmF3VGV4dERhdGE+IHJ1bldhbGtl cihmb250RGF0YSwgZm9udEVsZW1lbnQsIGRhdGEsIGRyYXdUZXh0VXNpbmdTVkdGb250Q2FsbGJh Y2ssIGRyYXdUZXh0TWlzc2luZ0dseXBoQ2FsbGJhY2spOwogICAgICAgICBydW5XYWxrZXIud2Fs ayhydW4sIGlzVmVydGljYWxUZXh0LCBsYW5ndWFnZSwgZnJvbSwgdG8pOwo=