31063 2009-11-03 08:59:04 -0800 UMR in WebCore::AccessibilityRenderObject::children(); m_childrenDirty uninitialized in constructor 2009-11-03 09:27:24 -0800 1 1 1 Unclassified WebKit Accessibility 528+ (Nightly build) All All RESOLVED FIXED P2 Normal --- 1 fishd fishd oldest_to_newest 160076 0 fishd 2009-11-03 08:59:04 -0800 From http://crbug.com/26547, Dan Kegel (dank@chromium.org) wrote: > LayoutTests/accessibility/aria-hidden.html > (and lots of other tests in that directory) > show the following valgrind warning: > > Conditional jump or move depends on uninitialised value(s) > at WebCore::AccessibilityRenderObject::children() > (AccessibilityRenderObject.cpp:2549) > by AccessibilityUIElement::GetChildAtIndex(unsigned int) > (accessibility_ui_element.cc:285) > ... > Uninitialised value was created by a heap allocation > at malloc (vg_replace_malloc.c:195) > by WTF::fastMalloc(unsigned long) (FastMalloc.cpp:233) > by WTF::FastAllocBase::operator new(unsigned long) (FastAllocBase.h:96) > by WebCore::AccessibilityRenderObject::create(WebCore::RenderObject*) > (AccessibilityRenderObject.cpp:101) > ... > > Looks like somebody forgot to initialize m_childrenDirty to false > in the constructor. The following patch seems to make the > problem go away: > > --- accessibility/AccessibilityRenderObject.cpp (revision 50258) > +++ accessibility/AccessibilityRenderObject.cpp (working copy) > @@ -84,6 +84,7 @@ > : AccessibilityObject() > , m_renderer(renderer) > , m_ariaRole(UnknownRole) > + , m_childrenDirty(false) > { > updateAccessibilityRole(); > #ifndef NDEBUG 160082 1 42388 fishd 2009-11-03 09:16:13 -0800 Created attachment 42388 v1 patch 160086 2 42388 dglazkov 2009-11-03 09:25:21 -0800 Comment on attachment 42388 v1 patch r=me. 160087 3 fishd 2009-11-03 09:27:24 -0800 Landed as: http://trac.webkit.org/changeset/50173 42388 2009-11-03 09:16:13 -0800 2009-11-03 09:25:20 -0800 v1 patch dk_1.txt text/plain 1164 fishd SW5kZXg6IFdlYkNvcmUvQ2hhbmdlTG9nDQo9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09DQotLS0gV2ViQ29yZS9DaGFuZ2VM b2cJKHJldmlzaW9uIDUwNDU3KQorKysgV2ViQ29yZS9DaGFuZ2VMb2cJKHdvcmtpbmcgY29weSkK QEAgLTEsMyArMSwxMyBAQAorMjAwOS0xMS0wMyAgRGFuIEtlZ2VsICA8ZGFua0BjaHJvbWl1bS5v cmc+CisKKyAgICAgICAgUmV2aWV3ZWQgYnkgTk9CT0RZIChPT1BTISkuCisKKyAgICAgICAgVU1S IGluIFdlYkNvcmU6OkFjY2Vzc2liaWxpdHlSZW5kZXJPYmplY3Q6OmNoaWxkcmVuKCk7IG1fY2hp bGRyZW5EaXJ0eSB1bmluaXRpYWxpemVkIGluIGNvbnN0cnVjdG9yCisgICAgICAgIGh0dHBzOi8v YnVncy53ZWJraXQub3JnL3Nob3dfYnVnLmNnaT9pZD0zMTA2MworCisgICAgICAgICogYWNjZXNz aWJpbGl0eS9BY2Nlc3NpYmlsaXR5UmVuZGVyT2JqZWN0LmNwcDoKKyAgICAgICAgKFdlYkNvcmU6 OkFjY2Vzc2liaWxpdHlSZW5kZXJPYmplY3Q6OkFjY2Vzc2liaWxpdHlSZW5kZXJPYmplY3QpOgor CiAyMDA5LTExLTAzICBTaW1vbiBIYXVzbWFubiAgPGhhdXNtYW5uQHdlYmtpdC5vcmc+CiAKICAg ICAgICAgUmV2aWV3ZWQgYnkgVG9yIEFybmUgVmVzdGLDuC4KSW5kZXg6IFdlYkNvcmUvYWNjZXNz aWJpbGl0eS9BY2Nlc3NpYmlsaXR5UmVuZGVyT2JqZWN0LmNwcA0KPT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQ0KLS0tIFdl YkNvcmUvYWNjZXNzaWJpbGl0eS9BY2Nlc3NpYmlsaXR5UmVuZGVyT2JqZWN0LmNwcAkocmV2aXNp b24gNTA0NTcpCisrKyBXZWJDb3JlL2FjY2Vzc2liaWxpdHkvQWNjZXNzaWJpbGl0eVJlbmRlck9i amVjdC5jcHAJKHdvcmtpbmcgY29weSkKQEAgLTg0LDYgKzg0LDcgQEAgQWNjZXNzaWJpbGl0eVJl bmRlck9iamVjdDo6QWNjZXNzaWJpbGl0eQogICAgIDogQWNjZXNzaWJpbGl0eU9iamVjdCgpCiAg ICAgLCBtX3JlbmRlcmVyKHJlbmRlcmVyKQogICAgICwgbV9hcmlhUm9sZShVbmtub3duUm9sZSkK KyAgICAsIG1fY2hpbGRyZW5EaXJ0eShmYWxzZSkKIHsKICAgICB1cGRhdGVBY2Nlc3NpYmlsaXR5 Um9sZSgpOwogI2lmbmRlZiBOREVCVUcK