Bug 22798

Summary: Unitialized struct field in SVGFont.cpp
Product: WebKit Reporter: Dave Moore <davemoore>
Component: TextAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: zimmermann
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: PC   
OS: OS X 10.5   
Attachments:
Description Flags
Patch to fix
none
Patch to fix
eric: review+
Patch to fix eric: review+

Dave Moore
Reported 2008-12-10 14:33:48 PST
In Font::drawTextUsingSVGFont() a variable of type SVGTextRunWalkerDrawTextData is created on the stack (called data). One of its fields, charsConsumed, is unitialized, leading to random values after calling walk() on the SVGTextRunWalker created with it. Patch will be attached
Attachments
Patch to fix (484 bytes, text/plain)
2008-12-10 14:46 PST, Dave Moore 		no flags
Details
Patch to fix (1.44 KB, patch)
2008-12-11 09:48 PST, Dave Moore 		eric: review+
DetailsFormatted DiffDiff
Patch to fix (1.55 KB, patch)
2008-12-11 12:02 PST, Dave Moore 		eric: review+
DetailsFormatted DiffDiff
Show Obsolete (2) View All Add attachment proposed patch, testcase, etc.
Dave Moore
Comment 1 2008-12-10 14:46:53 PST
Created attachment 25926 [details] Patch to fix This patch adds initialization of the charsConsumed field
Dave Moore
Comment 2 2008-12-11 09:48:35 PST
Created attachment 25952 [details] Patch to fix
Eric Seidel (no email)
Comment 3 2008-12-11 11:36:04 PST
Comment on attachment 25952 [details] Patch to fix Just nits: 1 2008-12-11 davemoore <davemoore@google.com> Should be: 1 2008-12-11 David Moore <davemoore@google.com> (See my email on changelog entries sent to chrome-team last week.) WARNING: NO TEST CASES ADDED OR CHANGED can be removed and replaced when an explanation as to why it's untestable. 5 Fixed https://bugs.webkit.org/show_bug.cgi?id=22798 Looks like a tab (or maybe just bad indentation) Looks fine. We could also have fixed this by adding a constructor to SVGTextRunWalkerMeasuredLengthData (which would have possibly prevented future such UMRs. Marking r- for the nits. Post another copy and I'll be happy to review and land it for you. Thanks for the fix!
Dave Moore
Comment 4 2008-12-11 12:02:27 PST
Created attachment 25956 [details] Patch to fix Fixed review issues
Eric Seidel (no email)
Comment 5 2008-12-11 14:09:32 PST
Comment on attachment 25956 [details] Patch to fix Looks fine.
Eric Seidel (no email)
Comment 6 2008-12-12 17:22:00 PST
Only snag I hit was one tab in the ChangeLog (we have a pre-commit script which fails if tabs are in any file). Otherwise the patch was great! Committing to http://svn.webkit.org/repository/webkit/trunk ... M WebCore/ChangeLog M WebCore/svg/SVGFont.cpp Committed r39260
Note You need to log in before you can comment on or make changes to this bug.