Bug 196664

Summary: Undefined Behavior: m_experimentalImageMenuEnabled isn't initialized in HTMLImageElement when SERVICE_CONTROLS is disabled
Product: WebKit Reporter: Christopher Reid <chris.reid>
Component: WebCore Misc.Assignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: achristensen, cdumez, commit-queue, don.olmstead, esprehn+autocc, ews-watchlist, gyuyoung.kim, Hironori.Fujii, ross.kirsling, webkit-bug-importer, ysuzuki
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Bug Depends on:    
Bug Blocks: 196533    
Attachments:
Description Flags
patch none

Description Christopher Reid 2019-04-05 16:21:14 PDT 
m_experimentalImageMenuEnabled is only initialized when SERVICE_CONTROLS is enabled but used regardless.
This doesn't seem to cause an observable bug.

SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ..\..\Source\WebCore\dom/Document.cpp:2630:23 in 
..\..\Source\WebCore\html\HTMLImageElement.h:112:45: runtime error: load of value 190, which is not a valid value for type 'bool'
    #0 0x7ffbfe807508 in WebCore::HTMLImageElement::hasShadowControls C:\git\neko\Source\WebCore\html\HTMLImageElement.h:112
    #1 0x7ffbfe7e82c4 in WebCore::RenderImage::RenderImage C:\git\neko\Source\WebCore\rendering\RenderImage.cpp:142
    #2 0x7ffbfcdf9358 in WebCore::createRenderer<WebCore::RenderImage,WebCore::HTMLImageElement &,WebCore::RenderStyle,nullptr_t,float &> C:\git\neko\Source\WebCore\rendering\RenderPtr.h:43
    #3 0x7ffbfcde6766 in WebCore::HTMLImageElement::createElementRenderer C:\git\neko\Source\WebCore\html\HTMLImageElement.cpp:282
    #4 0x7ffc02d68bb2 in WebCore::RenderTreeUpdater::createRenderer C:\git\neko\Source\WebCore\rendering\updating\RenderTreeUpdater.cpp:363
    #5 0x7ffc02d62ad0 in WebCore::RenderTreeUpdater::updateElementRenderer C:\git\neko\Source\WebCore\rendering\updating\RenderTreeUpdater.cpp:323
    #6 0x7ffc02d60085 in WebCore::RenderTreeUpdater::updateRenderTree C:\git\neko\Source\WebCore\rendering\updating\RenderTreeUpdater.cpp:187
    #7 0x7ffc02d5df06 in WebCore::RenderTreeUpdater::commit C:\git\neko\Source\WebCore\rendering\updating\RenderTreeUpdater.cpp:119
Comment 1 Christopher Reid 2019-04-05 16:24:01 PDT 
Created attachment 366856 [details]
patch
Comment 2 Ross Kirsling 2019-04-05 16:31:56 PDT 
Comment on attachment 366856 [details]
patch

Seems correct, given that the declaration isn't #if-ed.
Comment 3 WebKit Commit Bot 2019-04-08 10:27:40 PDT 
Comment on attachment 366856 [details]
patch

Clearing flags on attachment: 366856

Committed r244025: <https://trac.webkit.org/changeset/244025>
Comment 4 WebKit Commit Bot 2019-04-08 10:27:42 PDT 
All reviewed patches have been landed.  Closing bug.
Comment 5 Radar WebKit Bug Importer 2019-04-08 10:28:18 PDT 
<rdar://problem/49700740>