27467 2009-07-20 16:06:19 -0700 Uninitialized memory reference in PlatformContextSkia::currentPathInLocalCoordinates() 2009-07-21 02:56:57 -0700 1 1 1 Unclassified WebKit WebCore Misc. 528+ (Nightly build) PC All RESOLVED FIXED P2 Normal --- 0 jhawkins webkit-unassigned fishd levin oldest_to_newest 133283 0 jhawkins 2009-07-20 16:06:19 -0700 The following tests LayoutTests/svg/dynamic-updates/SVGMarkerElement-dom-markerHeight-attr.html LayoutTests/svg/dynamic-updates/SVGMarkerElement-dom-markerWidth-attr.html LayoutTests/svg/dynamic-updates/SVGMarkerElement-svgdom-markerHeight-prop.html LayoutTests/svg/dynamic-updates/SVGMarkerElement-svgdom-markerWidth-prop.html show a valgrind error: 18:47:01 valgrind_analyze.py [ERROR] UninitCondition Conditional jump or move depends on uninitialised value(s) SkMatrix::getType() const (skia/include/corecg/SkMatrix.h:48) SkPath::transform(SkMatrix const&, SkPath*) const (skia/sgl/SkPath.cpp:849) SkPath::transform(SkMatrix const&) (skia/include/SkPath.h:454) PlatformContextSkia::currentPathInLocalCoordinates() const (third_party/WebKit/WebCore/platform/graphics/skia/PlatformContextSkia.cpp:470) WebCore::GraphicsContext::fillPath() (third_party/WebKit/WebCore/platform/graphics/skia/GraphicsContextSkia.cpp:687) WebCore::SVGPaintServer::renderPath(WebCore::GraphicsContext*&, WebCore::RenderObject const*, WebCore::SVGPaintTargetType) const (third_party/WebKit/WebCore/svg/graphics/SVGPaintServer.cpp:180) WebCore::SVGPaintServer::draw(WebCore::GraphicsContext*&, WebCore::RenderObject const*, WebCore::SVGPaintTargetType) const (third_party/WebKit/WebCore/svg/graphics/SVGPaintServer.cpp:171) WebCore::fillAndStrokePath(WebCore::Path const&, WebCore::GraphicsContext*, WebCore::RenderStyle*, WebCore::RenderPath*) (third_party/WebKit/WebCore/rendering/RenderPath.cpp:211) WebCore::RenderPath::paint(WebCore::RenderObject::PaintInfo&, int, int) (third_party/WebKit/WebCore/rendering/RenderPath.cpp:238) WebCore::RenderSVGContainer::paint(WebCore::RenderObject::PaintInfo&, int, int) (third_party/WebKit/WebCore/rendering/RenderSVGContainer.cpp:199) Uninitialised value was created by a stack allocation PlatformContextSkia::currentPathInLocalCoordinates() const (third_party/WebKit/WebCore/platform/graphics/skia/PlatformContextSkia.cpp:464) The call to matrix.invert fails, leaving inverseMatrix uninitialized. My fix is to return an empty path. I will upload a patch soon. 133284 1 33119 jhawkins 2009-07-20 16:12:49 -0700 Created attachment 33119 Return an empty path in PlatformContextSkia::currentPathInLocalCoordinates if matrix.invert() fails 133289 2 33119 eric 2009-07-20 16:29:10 -0700 Comment on attachment 33119 Return an empty path in PlatformContextSkia::currentPathInLocalCoordinates if matrix.invert() fails LGTM. 133426 3 levin 2009-07-21 02:56:57 -0700 Committed as http://trac.webkit.org/changeset/46158 33119 2009-07-20 16:12:49 -0700 2009-07-20 16:29:10 -0700 Return an empty path in PlatformContextSkia::currentPathInLocalCoordinates if matrix.invert() fails handlebadinvert.diff text/plain 1544 jhawkins SW5kZXg6IFdlYkNvcmUvQ2hhbmdlTG9nCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIFdlYkNvcmUvQ2hhbmdlTG9n CShyZXZpc2lvbiA0NjEzNSkKKysrIFdlYkNvcmUvQ2hhbmdlTG9nCSh3b3JraW5nIGNvcHkpCkBA IC0xLDMgKzEsMTkgQEAKKzIwMDktMDctMjAgIEphbWVzIEhhd2tpbnMgIDxqaGF3a2luc0Bnb29n bGUuY29tPgorCisgICAgICAgIFJldmlld2VkIGJ5IE5PQk9EWSAoT09QUyEpLgorCisgICAgICAg IGh0dHBzOi8vYnVncy53ZWJraXQub3JnL3Nob3dfYnVnLmNnaT9pZD0yNzQ2NworICAgICAgICBS ZXR1cm4gYW4gZW1wdHkgcGF0aCBpbiBQbGF0Zm9ybUNvbnRleHRTa2lhOjpjdXJyZW50UGF0aElu TG9jYWxDb29yZGluYXRlcworICAgICAgICBpZiBtYXRyaXguaW52ZXJ0KCkgZmFpbHMuICBUaGlz IHByZXZlbnRzIHRoZSB1c2Ugb2YgYW4gdW5pbml0aWFsaXplZAorICAgICAgICB2YWx1ZSBpbiBp bnZlcnNlTWF0cml4LgorCisgICAgICAgIE5vIG5ldyB0ZXN0cyBhZGRlZC4gIFJ1bgorICAgICAg ICBMYXlvdXRUZXN0cy9zdmcvZHluYW1pYy11cGRhdGVzL1NWR01hcmtlckVsZW1lbnQtZG9tLW1h cmtlckhlaWdodC1hdHRyLmh0bWwKKyAgICAgICAgdW5kZXIgdmFsZ3JpbmQgYW5kIG5vdGljZSB0 aGVyZSBhcmUgbm8gZXJyb3JzLgorCisgICAgICAgICogcGxhdGZvcm0vZ3JhcGhpY3Mvc2tpYS9Q bGF0Zm9ybUNvbnRleHRTa2lhLmNwcDoKKyAgICAgICAgKFBsYXRmb3JtQ29udGV4dFNraWE6OmN1 cnJlbnRQYXRoSW5Mb2NhbENvb3JkaW5hdGVzKToKKwogMjAwOS0wNy0yMCAgQ2hyaXMgTWFycmlu ICA8Y21hcnJpbkBhcHBsZS5jb20+CiAKICAgICAgICAgUmV2aWV3ZWQgYnkgU2ltb24gRnJhc2Vy LgpJbmRleDogV2ViQ29yZS9wbGF0Zm9ybS9ncmFwaGljcy9za2lhL1BsYXRmb3JtQ29udGV4dFNr aWEuY3BwCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT0KLS0tIFdlYkNvcmUvcGxhdGZvcm0vZ3JhcGhpY3Mvc2tpYS9QbGF0 Zm9ybUNvbnRleHRTa2lhLmNwcAkocmV2aXNpb24gNDYxMjYpCisrKyBXZWJDb3JlL3BsYXRmb3Jt L2dyYXBoaWNzL3NraWEvUGxhdGZvcm1Db250ZXh0U2tpYS5jcHAJKHdvcmtpbmcgY29weSkKQEAg LTQ4Miw3ICs0ODIsOCBAQCBTa1BhdGggUGxhdGZvcm1Db250ZXh0U2tpYTo6Y3VycmVudFBhdGhJ CiAgICAgU2tQYXRoIGxvY2FsUGF0aCA9IG1fcGF0aDsKICAgICBjb25zdCBTa01hdHJpeCYgbWF0 cml4ID0gbV9jYW52YXMtPmdldFRvdGFsTWF0cml4KCk7CiAgICAgU2tNYXRyaXggaW52ZXJzZU1h dHJpeDsKLSAgICBtYXRyaXguaW52ZXJ0KCZpbnZlcnNlTWF0cml4KTsKKyAgICBpZiAoIW1hdHJp eC5pbnZlcnQoJmludmVyc2VNYXRyaXgpKQorICAgICAgICByZXR1cm4gU2tQYXRoKCk7CiAgICAg bG9jYWxQYXRoLnRyYW5zZm9ybShpbnZlcnNlTWF0cml4KTsKICAgICByZXR1cm4gbG9jYWxQYXRo OwogfQo=