Bug 31063

From http://crbug.com/26547, Dan Kegel (dank@chromium.org) wrote:

> LayoutTests/accessibility/aria-hidden.html
> (and lots of other tests in that directory)
> show the following valgrind warning:
> 
> Conditional jump or move depends on uninitialised value(s)
>    at WebCore::AccessibilityRenderObject::children()
> (AccessibilityRenderObject.cpp:2549)
>    by AccessibilityUIElement::GetChildAtIndex(unsigned int)
> (accessibility_ui_element.cc:285)
>    ...
>  Uninitialised value was created by a heap allocation
>    at malloc (vg_replace_malloc.c:195)
>    by WTF::fastMalloc(unsigned long) (FastMalloc.cpp:233)
>    by WTF::FastAllocBase::operator new(unsigned long) (FastAllocBase.h:96)
>    by WebCore::AccessibilityRenderObject::create(WebCore::RenderObject*)
> (AccessibilityRenderObject.cpp:101)
>    ...
> 
> Looks like somebody forgot to initialize m_childrenDirty to false
> in the constructor.  The following patch seems to make the
> problem go away:
> 
> --- accessibility/AccessibilityRenderObject.cpp (revision 50258)
> +++ accessibility/AccessibilityRenderObject.cpp (working copy)
> @@ -84,6 +84,7 @@
>      : AccessibilityObject()
>      , m_renderer(renderer)
>      , m_ariaRole(UnknownRole)
> +    , m_childrenDirty(false)
>  {
>      updateAccessibilityRole();
>  #ifndef NDEBUG