Bug 141352

Summary: ASan complains about plugins/snapshotting/snapshot-plugin-not-quite-blocked-by-image.html
Product: WebKit Reporter: Alexey Proskuryakov <ap>
Component: WebCore Misc.Assignee: Alexey Proskuryakov <ap>
Status: RESOLVED FIXED    
Severity: Normal CC: benjamin, bfulgham, commit-queue, esprehn+autocc, kangil.han, roger_fong
Priority: P2 Keywords: InRadar
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
proposed fix none

Alexey Proskuryakov
Reported 2015-02-06 23:25:43 PST
ASan complains about an out of bounds read on plugins/snapshotting/snapshot-plugin-not-quite-blocked-by-image.html rdar://problem/19717490
Attachments
proposed fix (1.38 KB, patch)
2015-02-06 23:31 PST, Alexey Proskuryakov 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Alexey Proskuryakov
Comment 1 2015-02-06 23:31:57 PST
Created attachment 246200 [details] proposed fix
Alexey Proskuryakov
Comment 2 2015-02-07 11:36:50 PST
I'm going to assume that the Windows EWS failure is a random flake. The actual error is not visible in the truncated log.
WebKit Commit Bot
Comment 3 2015-02-07 12:21:29 PST
Comment on attachment 246200 [details] proposed fix Clearing flags on attachment: 246200 Committed r179783: <http://trac.webkit.org/changeset/179783>
WebKit Commit Bot
Comment 4 2015-02-07 12:21:36 PST
All reviewed patches have been landed. Closing bug.
Darin Adler
Comment 5 2015-02-07 12:55:46 PST
Comment on attachment 246200 [details] proposed fix View in context: https://bugs.webkit.org/attachment.cgi?id=246200&action=review > Source/WebCore/dom/Document.cpp:6274 > + jsString = String(plugInsJavaScript, sizeof(plugInsJavaScript)); It would be more efficient to call StringImpl::createWithoutCopying here instead of the String constructor. No need to copy the file.
Darin Adler
Comment 6 2015-02-07 12:56:02 PST
Comment on attachment 246200 [details] proposed fix View in context: https://bugs.webkit.org/attachment.cgi?id=246200&action=review >> Source/WebCore/dom/Document.cpp:6274 >> + jsString = String(plugInsJavaScript, sizeof(plugInsJavaScript)); > > It would be more efficient to call StringImpl::createWithoutCopying here instead of the String constructor. No need to copy the file. Copy the characters, I mean.
Note You need to log in before you can comment on or make changes to this bug.