Bug 196664

Summary: Undefined Behavior: m_experimentalImageMenuEnabled isn't initialized in HTMLImageElement when SERVICE_CONTROLS is disabled
Product: WebKit Reporter: Christopher Reid <chris.reid>
Component: WebCore Misc.Assignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: achristensen, cdumez, commit-queue, don.olmstead, esprehn+autocc, ews-watchlist, fujii.hironori, gyuyoung.kim, ross.kirsling, webkit-bug-importer, ysuzuki
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Bug Depends on:    
Bug Blocks: 196533    
Attachments:
Description Flags
patch none

Christopher Reid
Reported 2019-04-05 16:21:14 PDT
m_experimentalImageMenuEnabled is only initialized when SERVICE_CONTROLS is enabled but used regardless. This doesn't seem to cause an observable bug. SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ..\..\Source\WebCore\dom/Document.cpp:2630:23 in ..\..\Source\WebCore\html\HTMLImageElement.h:112:45: runtime error: load of value 190, which is not a valid value for type 'bool' #0 0x7ffbfe807508 in WebCore::HTMLImageElement::hasShadowControls C:\git\neko\Source\WebCore\html\HTMLImageElement.h:112 #1 0x7ffbfe7e82c4 in WebCore::RenderImage::RenderImage C:\git\neko\Source\WebCore\rendering\RenderImage.cpp:142 #2 0x7ffbfcdf9358 in WebCore::createRenderer<WebCore::RenderImage,WebCore::HTMLImageElement &,WebCore::RenderStyle,nullptr_t,float &> C:\git\neko\Source\WebCore\rendering\RenderPtr.h:43 #3 0x7ffbfcde6766 in WebCore::HTMLImageElement::createElementRenderer C:\git\neko\Source\WebCore\html\HTMLImageElement.cpp:282 #4 0x7ffc02d68bb2 in WebCore::RenderTreeUpdater::createRenderer C:\git\neko\Source\WebCore\rendering\updating\RenderTreeUpdater.cpp:363 #5 0x7ffc02d62ad0 in WebCore::RenderTreeUpdater::updateElementRenderer C:\git\neko\Source\WebCore\rendering\updating\RenderTreeUpdater.cpp:323 #6 0x7ffc02d60085 in WebCore::RenderTreeUpdater::updateRenderTree C:\git\neko\Source\WebCore\rendering\updating\RenderTreeUpdater.cpp:187 #7 0x7ffc02d5df06 in WebCore::RenderTreeUpdater::commit C:\git\neko\Source\WebCore\rendering\updating\RenderTreeUpdater.cpp:119
Attachments
patch (1.35 KB, patch)
2019-04-05 16:24 PDT, Christopher Reid 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Christopher Reid
Comment 1 2019-04-05 16:24:01 PDT
Created attachment 366856 [details] patch
Ross Kirsling
Comment 2 2019-04-05 16:31:56 PDT
Comment on attachment 366856 [details] patch Seems correct, given that the declaration isn't #if-ed.
WebKit Commit Bot
Comment 3 2019-04-08 10:27:40 PDT
Comment on attachment 366856 [details] patch Clearing flags on attachment: 366856 Committed r244025: <https://trac.webkit.org/changeset/244025>
WebKit Commit Bot
Comment 4 2019-04-08 10:27:42 PDT
All reviewed patches have been landed. Closing bug.
Radar WebKit Bug Importer
Comment 5 2019-04-08 10:28:18 PDT
<rdar://problem/49700740>
Note You need to log in before you can comment on or make changes to this bug.