57656 2011-04-01 13:52:55 -0700 Valgrind error in _ZN7WebCore8Document11updateTitleERKNS_19StringWithDirectionE 2011-04-01 16:19:34 -0700 1 1 1 Unclassified WebKit DOM 528+ (Nightly build) All All RESOLVED FIXED P2 Normal --- 1 abarth webkit-unassigned commit-queue eric evan inferno tsepez oldest_to_newest 378047 0 abarth 2011-04-01 13:52:55 -0700 Suppression (error hash=#000000002B0B6257#): { <insert_a_suppression_name_here> Memcheck:Cond fun:_ZN7WebCore8Document11updateTitleERKNS_19StringWithDirectionE fun:_ZN7WebCore8Document15setTitleElementERKNS_19StringWithDirectionEPNS_7ElementE fun:_ZN7WebCore16HTMLTitleElement20insertedIntoDocumentEv fun:_ZN7WebCore13ContainerNode14parserAddChildEN3WTF10PassRefPtrINS_4NodeEEE fun:_ZN7WebCore20HTMLConstructionSite6attachINS_7ElementEEEN3WTF10PassRefPtrIT_EEPNS_13ContainerNodeES6_ fun:_ZN7WebCore20HTMLConstructionSite15attachToCurrentEN3WTF10PassRefPtrINS_7ElementEEE fun:_ZN7WebCore20HTMLConstructionSite17insertHTMLElementERNS_15AtomicHTMLTokenE fun:_ZN7WebCore15HTMLTreeBuilder28processGenericRCDATAStartTagERNS_15AtomicHTMLTokenE fun:_ZN7WebCore15HTMLTreeBuilder24processStartTagForInHeadERNS_15AtomicHTMLTokenE fun:_ZN7WebCore15HTMLTreeBuilder15processStartTagERNS_15AtomicHTMLTokenE fun:_ZN7WebCore15HTMLTreeBuilder12processTokenERNS_15AtomicHTMLTokenE fun:_ZN7WebCore15HTMLTreeBuilder28constructTreeFromAtomicTokenERNS_15AtomicHTMLTokenE fun:_ZN7WebCore15HTMLTreeBuilder22constructTreeFromTokenERNS_9HTMLTokenE fun:_ZN7WebCore18HTMLDocumentParser13pumpTokenizerENS0_15SynchronousModeE fun:_ZN7WebCore18HTMLDocumentParser23pumpTokenizerIfPossibleENS0_15SynchronousModeE fun:_ZN7WebCore18HTMLDocumentParser6appendERKNS_15SegmentedStringE fun:_ZN7WebCore25DecodedDataDocumentParser11appendBytesEPNS_14DocumentWriterEPKcib fun:_ZN7WebCore14DocumentWriter7addDataEPKcib fun:_ZN7WebCore14DocumentWriter27endIfNotLoadingMainResourceEv fun:_ZN7WebCore14DocumentWriter3endEv fun:_ZN7WebCore14DocumentLoader15finishedLoadingEv fun:_ZN7WebCore11FrameLoader15finishedLoadingEv } 378048 1 abarth 2011-04-01 13:54:14 -0700 The following WebKit roll is on the blamelist: WebKit DEPS: 82579 => 82603 378050 2 abarth 2011-04-01 13:55:06 -0700 More information from valgrind: UninitCondition Conditional jump or move depends on uninitialised value(s) WebCore::Document::updateTitle(WebCore::StringWithDirection const&) (third_party/WebKit/Source/WebCore/dom/Document.cpp:1327) WebCore::Document::setTitleElement(WebCore::StringWithDirection const&, WebCore::Element*) (third_party/WebKit/Source/WebCore/dom/Document.cpp:1370) WebCore::HTMLTitleElement::insertedIntoDocument() (third_party/WebKit/Source/WebCore/html/HTMLTitleElement.cpp:49) WebCore::ContainerNode::parserAddChild(WTF::PassRefPtr<WebCore::Node>) (third_party/WebKit/Source/WebCore/dom/ContainerNode.cpp:655) WTF::PassRefPtr<WebCore::Element> WebCore::HTMLConstructionSite::attach<WebCore::Element>(WebCore::ContainerNode*, WTF::PassRefPtr<WebCore::Element>) (third_party/WebKit/Source/WebCore/html/parser/HTMLConstructionSite.cpp:99) WebCore::HTMLConstructionSite::attachToCurrent(WTF::PassRefPtr<WebCore::Element>) (third_party/WebKit/Source/WebCore/html/parser/HTMLConstructionSite.cpp:264) WebCore::HTMLConstructionSite::insertHTMLElement(WebCore::AtomicHTMLToken&) (third_party/WebKit/Source/WebCore/html/parser/HTMLConstructionSite.cpp:294) WebCore::HTMLTreeBuilder::processGenericRCDATAStartTag(WebCore::AtomicHTMLToken&) (third_party/WebKit/Source/WebCore/html/parser/HTMLTreeBuilder.cpp:2764) WebCore::HTMLTreeBuilder::processStartTagForInHead(WebCore::AtomicHTMLToken&) (third_party/WebKit/Source/WebCore/html/parser/HTMLTreeBuilder.cpp:2732) WebCore::HTMLTreeBuilder::processStartTag(WebCore::AtomicHTMLToken&) (third_party/WebKit/Source/WebCore/html/parser/HTMLTreeBuilder.cpp:1165) WebCore::HTMLTreeBuilder::processToken(WebCore::AtomicHTMLToken&) (third_party/WebKit/Source/WebCore/html/parser/HTMLTreeBuilder.cpp:461) WebCore::HTMLTreeBuilder::constructTreeFromAtomicToken(WebCore::AtomicHTMLToken&) (third_party/WebKit/Source/WebCore/html/parser/HTMLTreeBuilder.cpp:442) WebCore::HTMLTreeBuilder::constructTreeFromToken(WebCore::HTMLToken&) (third_party/WebKit/Source/WebCore/html/parser/HTMLTreeBuilder.cpp:437) WebCore::HTMLDocumentParser::pumpTokenizer(WebCore::HTMLDocumentParser::SynchronousMode) (third_party/WebKit/Source/WebCore/html/parser/HTMLDocumentParser.cpp:277) WebCore::HTMLDocumentParser::pumpTokenizerIfPossible(WebCore::HTMLDocumentParser::SynchronousMode) (third_party/WebKit/Source/WebCore/html/parser/HTMLDocumentParser.cpp:176) WebCore::HTMLDocumentParser::append(WebCore::SegmentedString const&) (third_party/WebKit/Source/WebCore/html/parser/HTMLDocumentParser.cpp:350) WebCore::DecodedDataDocumentParser::appendBytes(WebCore::DocumentWriter*, char const*, int, bool) (third_party/WebKit/Source/WebCore/dom/DecodedDataDocumentParser.cpp:54) WebCore::DocumentWriter::addData(char const*, int, bool) (third_party/WebKit/Source/WebCore/loader/DocumentWriter.cpp:201) WebCore::DocumentWriter::endIfNotLoadingMainResource() (third_party/WebKit/Source/WebCore/loader/DocumentWriter.cpp:221) WebCore::DocumentWriter::end() (third_party/WebKit/Source/WebCore/loader/DocumentWriter.cpp:207) WebCore::DocumentLoader::finishedLoading() (third_party/WebKit/Source/WebCore/loader/DocumentLoader.cpp:288) WebCore::FrameLoader::finishedLoading() (third_party/WebKit/Source/WebCore/loader/FrameLoader.cpp:2230) WebCore::MainResourceLoader::didFinishLoading(double) (third_party/WebKit/Source/WebCore/loader/MainResourceLoader.cpp:467) WebCore::ResourceLoader::didFinishLoading(WebCore::ResourceHandle*, double) (third_party/WebKit/Source/WebCore/loader/ResourceLoader.cpp:436) WebCore::ResourceHandleInternal::didFinishLoading(WebKit::WebURLLoader*, double) (third_party/WebKit/Source/WebKit/chromium/src/ResourceHandle.cpp:197) webkit_glue::WebURLLoaderImpl::Context::OnCompletedRequest(net::URLRequestStatus const&, std::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, base::Time const&) (webkit/glue/weburlloader_impl.cc:653) (anonymous namespace)::RequestProxy::NotifyCompletedRequest(net::URLRequestStatus const&, std::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, base::Time const&) (webkit/tools/test_shell/simple_resource_loader_bridge.cc:326) void DispatchToMethod<(anonymous namespace)::RequestProxy, void ((anonymous namespace)::RequestProxy::*)(net::URLRequestStatus const&, std::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, base::Time const&), net::URLRequestStatus, std::basic_string<char, std::char_traits<char>, std::allocator<char> >, base::Time>((anonymous namespace)::RequestProxy*, void ((anonymous namespace)::RequestProxy::*)(net::URLRequestStatus const&, std::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, base::Time const&), Tuple3<net::URLRequestStatus, std::basic_string<char, std::char_traits<char>, std::allocator<char> >, base::Time> const&) (./base/tuple.h:564) RunnableMethod<(anonymous namespace)::RequestProxy, void ((anonymous namespace)::RequestProxy::*)(net::URLRequestStatus const&, std::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, base::Time const&), Tuple3<net::URLRequestStatus, std::basic_string<char, std::char_traits<char>, std::allocator<char> >, base::Time> >::Run() (./base/task.h:332) MessageLoop::RunTask(Task*) (base/message_loop.cc:370) 378063 3 abarth 2011-04-01 14:08:11 -0700 Seemly related changes in that range: http://trac.webkit.org/changeset/82596/ http://trac.webkit.org/changeset/82580/ My money is on Evan's change: "<title> should support dir attribute" because it's a larger change. 378073 4 abarth 2011-04-01 14:22:10 -0700 The bug is that the default constructor of StringWithDirection doesn't initialize m_direction. Patch shortly. 378081 5 87913 abarth 2011-04-01 14:27:03 -0700 Created attachment 87913 Patch 378082 6 abarth 2011-04-01 14:30:08 -0700 http://code.google.com/p/chromium/issues/detail?id=78197 378178 7 87913 commit-queue 2011-04-01 16:19:30 -0700 Comment on attachment 87913 Patch Clearing flags on attachment: 87913 Committed r82741: <http://trac.webkit.org/changeset/82741> 378179 8 commit-queue 2011-04-01 16:19:34 -0700 All reviewed patches have been landed. Closing bug. 87913 2011-04-01 14:27:03 -0700 2011-04-01 16:19:30 -0700 Patch bug-57656-20110401142702.patch text/plain 1527 abarth SW5kZXg6IFNvdXJjZS9XZWJDb3JlL0NoYW5nZUxvZwo9PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBTb3VyY2UvV2Vi Q29yZS9DaGFuZ2VMb2cJKHJldmlzaW9uIDgyNzE4KQorKysgU291cmNlL1dlYkNvcmUvQ2hhbmdl TG9nCSh3b3JraW5nIGNvcHkpCkBAIC0xLDMgKzEsMTUgQEAKKzIwMTEtMDQtMDEgIEFkYW0gQmFy dGggIDxhYmFydGhAd2Via2l0Lm9yZz4KKworICAgICAgICBSZXZpZXdlZCBieSBOT0JPRFkgKE9P UFMhKS4KKworICAgICAgICBWYWxncmluZCBlcnJvciBpbiBfWk43V2ViQ29yZThEb2N1bWVudDEx dXBkYXRlVGl0bGVFUktOU18xOVN0cmluZ1dpdGhEaXJlY3Rpb25FCisgICAgICAgIGh0dHBzOi8v YnVncy53ZWJraXQub3JnL3Nob3dfYnVnLmNnaT9pZD01NzY1NgorCisgICAgICAgIFdlIHNob3Vs ZCBpbml0aWFsaXplIG1lbW9yeSB3aGVuIGNvbnN0cnVjdGluZyBvYmplY3RzLgorCisgICAgICAg ICogcGxhdGZvcm0vdGV4dC9TdHJpbmdXaXRoRGlyZWN0aW9uLmg6CisgICAgICAgIChXZWJDb3Jl OjpTdHJpbmdXaXRoRGlyZWN0aW9uOjpTdHJpbmdXaXRoRGlyZWN0aW9uKToKKwogMjAxMS0wNC0w MSAgQWxleGV5IFByb3NrdXJ5YWtvdiAgPGFwQGFwcGxlLmNvbT4KIAogICAgICAgICBSZXZpZXdl ZCBieSBEYXJpbiBBZGxlci4KSW5kZXg6IFNvdXJjZS9XZWJDb3JlL3BsYXRmb3JtL3RleHQvU3Ry aW5nV2l0aERpcmVjdGlvbi5oCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIFNvdXJjZS9XZWJDb3JlL3BsYXRmb3Jt L3RleHQvU3RyaW5nV2l0aERpcmVjdGlvbi5oCShyZXZpc2lvbiA4MjcxNSkKKysrIFNvdXJjZS9X ZWJDb3JlL3BsYXRmb3JtL3RleHQvU3RyaW5nV2l0aERpcmVjdGlvbi5oCSh3b3JraW5nIGNvcHkp CkBAIC00Niw4ICs0NiwxNiBAQCBuYW1lc3BhY2UgV2ViQ29yZSB7CiAvLyB0byB0aGUgc3RyaW5n LgogY2xhc3MgU3RyaW5nV2l0aERpcmVjdGlvbiB7CiBwdWJsaWM6Ci0gICAgU3RyaW5nV2l0aERp cmVjdGlvbigpIHt9Ci0gICAgU3RyaW5nV2l0aERpcmVjdGlvbihjb25zdCBTdHJpbmcmIHN0cmlu ZywgVGV4dERpcmVjdGlvbiBkaXIpIDogbV9zdHJpbmcoc3RyaW5nKSwgbV9kaXJlY3Rpb24oZGly KSB7fQorICAgIFN0cmluZ1dpdGhEaXJlY3Rpb24oKQorICAgICAgICA6IG1fZGlyZWN0aW9uKExU UikKKyAgICB7CisgICAgfQorCisgICAgU3RyaW5nV2l0aERpcmVjdGlvbihjb25zdCBTdHJpbmcm IHN0cmluZywgVGV4dERpcmVjdGlvbiBkaXIpCisgICAgICAgIDogbV9zdHJpbmcoc3RyaW5nKQor ICAgICAgICAsIG1fZGlyZWN0aW9uKGRpcikKKyAgICB7CisgICAgfQogCiAgICAgY29uc3QgU3Ry aW5nJiBzdHJpbmcoKSBjb25zdCB7IHJldHVybiBtX3N0cmluZzsgfQogICAgIFRleHREaXJlY3Rp b24gZGlyZWN0aW9uKCkgY29uc3QgeyByZXR1cm4gbV9kaXJlY3Rpb247IH0K