27453 2009-07-20 11:59:41 -0700 Uninitialized variable in WebCore::CSSFunctionValue::parserValue 2009-07-21 12:20:36 -0700 1 1 1 Unclassified WebKit CSS 528+ (Nightly build) PC All RESOLVED FIXED P2 Normal --- 1 jhawkins levin hyatt levin oldest_to_newest 133186 0 jhawkins 2009-07-20 11:59:41 -0700 WebCore::CSSFunctionValue::parserValue creates a CSSParserValue for a function, but doesn't initialize isInt (which obviously should be false). I will attach a patch shortly. 133187 1 33097 jhawkins 2009-07-20 12:02:40 -0700 Created attachment 33097 Patch which initializes a variable 133194 2 33099 jhawkins 2009-07-20 12:16:03 -0700 Created attachment 33099 removed tabs from Changelog 133217 3 33099 hyatt 2009-07-20 13:53:49 -0700 Comment on attachment 33099 removed tabs from Changelog Test case? 133232 4 jhawkins 2009-07-20 14:31:39 -0700 Currently the only code that checks isInt will short-circuit on a check for CSSPrimitiveValue::CSS_NUMBER or (unitFlags & FInteger). CSSParser.cpp 419: if (!b && (unitflags & FInteger) && value->isInt) CSSParserValues.cpp 64: else if (unit == CSSPrimitiveValue::CSS_NUMBER && isInt) With that being said, I don't think I can write a test case that will fail before the change and succeed with the patch applied. Regardless, code added in the future could depend on the value of isInt alone, which could be set to garbage if left uninitialized. 133268 5 33099 hyatt 2009-07-20 15:30:09 -0700 Comment on attachment 33099 removed tabs from Changelog Ok, sounds fine. 133532 6 levin 2009-07-21 11:23:48 -0700 Assigned to levin for landing 133552 7 levin 2009-07-21 12:20:36 -0700 Committed as http://trac.webkit.org/changeset/46186 33097 2009-07-20 12:02:40 -0700 2009-07-20 12:16:26 -0700 Patch which initializes a variable initisint.diff text/plain 1119 jhawkins SW5kZXg6IFdlYkNvcmUvQ2hhbmdlTG9nCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIFdlYkNvcmUvQ2hhbmdlTG9n CShyZXZpc2lvbiA0NjEyNikKKysrIFdlYkNvcmUvQ2hhbmdlTG9nCSh3b3JraW5nIGNvcHkpCkBA IC0xLDMgKzEsMTUgQEAKKzIwMDktMDctMjAgIEphbWVzIEhhd2tpbnMgIDxqaGF3a2luc0Bnb29n bGUuY29tPgorCisgICAgICAgIFJldmlld2VkIGJ5IE5PQk9EWSAoT09QUyEpLgorCisJaHR0cHM6 Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcuY2dpP2lkPTI3NDUzCisJSW5pdGlhbGl6ZSBpc0lu dCB3aGVuIGNyZWF0aW5nIGEgQ1NTUGFyc2VyVmFsdWUgZm9yIGEgZnVuY3Rpb24uCisKKwlObyBj aGFuZ2UgaW4gYmVoYXZpb3IsIHNvIG5vIHRlc3RzLgorCisgICAgICAgICogY3NzL0NTU0Z1bmN0 aW9uVmFsdWUuY3BwOgorICAgICAgICAoV2ViQ29yZTo6Q1NTRnVuY3Rpb25WYWx1ZTo6cGFyc2Vy VmFsdWUpOgorCiAyMDA5LTA3LTIwICBEdW1pdHJ1IERhbmlsaXVjICA8ZHVtaUBjaHJvbWl1bS5v cmc+CiAKICAgICAgICAgUmV2aWV3ZWQgYnkgRGltaXRyaSBHbGF6a292LgpJbmRleDogV2ViQ29y ZS9jc3MvQ1NTRnVuY3Rpb25WYWx1ZS5jcHAKPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gV2ViQ29yZS9jc3MvQ1NT RnVuY3Rpb25WYWx1ZS5jcHAJKHJldmlzaW9uIDQ2MTI2KQorKysgV2ViQ29yZS9jc3MvQ1NTRnVu Y3Rpb25WYWx1ZS5jcHAJKHdvcmtpbmcgY29weSkKQEAgLTUzLDYgKzUzLDcgQEAgQ1NTUGFyc2Vy VmFsdWUgQ1NTRnVuY3Rpb25WYWx1ZTo6cGFyc2VyVgogewogICAgIENTU1BhcnNlclZhbHVlIHZh bDsKICAgICB2YWwuaWQgPSAwOworICAgIHZhbC5pc0ludCA9IGZhbHNlOwogICAgIHZhbC51bml0 ID0gQ1NTUGFyc2VyVmFsdWU6OkZ1bmN0aW9uOwogICAgIHZhbC5mdW5jdGlvbiA9IG5ldyBDU1NQ YXJzZXJGdW5jdGlvbjsKICAgICB2YWwuZnVuY3Rpb24tPm5hbWUuY2hhcmFjdGVycyA9IGNvbnN0 X2Nhc3Q8VUNoYXIqPihtX25hbWUuY2hhcmFjdGVycygpKTsK 33099 2009-07-20 12:16:03 -0700 2009-07-20 15:30:09 -0700 removed tabs from Changelog initisint.diff text/plain 1140 jhawkins SW5kZXg6IFdlYkNvcmUvQ2hhbmdlTG9nCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIFdlYkNvcmUvQ2hhbmdlTG9n CShyZXZpc2lvbiA0NjEyNikKKysrIFdlYkNvcmUvQ2hhbmdlTG9nCSh3b3JraW5nIGNvcHkpCkBA IC0xLDMgKzEsMTUgQEAKKzIwMDktMDctMjAgIEphbWVzIEhhd2tpbnMgIDxqaGF3a2luc0Bnb29n bGUuY29tPgorCisgICAgICAgIFJldmlld2VkIGJ5IE5PQk9EWSAoT09QUyEpLgorCisgICAgICAg IGh0dHBzOi8vYnVncy53ZWJraXQub3JnL3Nob3dfYnVnLmNnaT9pZD0yNzQ1MworICAgICAgICBJ bml0aWFsaXplIGlzSW50IHdoZW4gY3JlYXRpbmcgYSBDU1NQYXJzZXJWYWx1ZSBmb3IgYSBmdW5j dGlvbi4KKworICAgICAgICBObyBjaGFuZ2UgaW4gYmVoYXZpb3IsIHNvIG5vIHRlc3RzLgorCisg ICAgICAgICogY3NzL0NTU0Z1bmN0aW9uVmFsdWUuY3BwOgorICAgICAgICAoV2ViQ29yZTo6Q1NT RnVuY3Rpb25WYWx1ZTo6cGFyc2VyVmFsdWUpOgorCiAyMDA5LTA3LTIwICBEdW1pdHJ1IERhbmls aXVjICA8ZHVtaUBjaHJvbWl1bS5vcmc+CiAKICAgICAgICAgUmV2aWV3ZWQgYnkgRGltaXRyaSBH bGF6a292LgpJbmRleDogV2ViQ29yZS9jc3MvQ1NTRnVuY3Rpb25WYWx1ZS5jcHAKPT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PQotLS0gV2ViQ29yZS9jc3MvQ1NTRnVuY3Rpb25WYWx1ZS5jcHAJKHJldmlzaW9uIDQ2MTI2KQor KysgV2ViQ29yZS9jc3MvQ1NTRnVuY3Rpb25WYWx1ZS5jcHAJKHdvcmtpbmcgY29weSkKQEAgLTUz LDYgKzUzLDcgQEAgQ1NTUGFyc2VyVmFsdWUgQ1NTRnVuY3Rpb25WYWx1ZTo6cGFyc2VyVgogewog ICAgIENTU1BhcnNlclZhbHVlIHZhbDsKICAgICB2YWwuaWQgPSAwOworICAgIHZhbC5pc0ludCA9 IGZhbHNlOwogICAgIHZhbC51bml0ID0gQ1NTUGFyc2VyVmFsdWU6OkZ1bmN0aW9uOwogICAgIHZh bC5mdW5jdGlvbiA9IG5ldyBDU1NQYXJzZXJGdW5jdGlvbjsKICAgICB2YWwuZnVuY3Rpb24tPm5h bWUuY2hhcmFjdGVycyA9IGNvbnN0X2Nhc3Q8VUNoYXIqPihtX25hbWUuY2hhcmFjdGVycygpKTsK