Bug 82411

Summary: [Chromium] Uninitialized access in SimpleFontDataSkia::platformInit()
Product: WebKit Reporter: Kenichi Ishibashi <bashi>
Component: PlatformAssignee: Kenichi Ishibashi <bashi>
Status: RESOLVED FIXED    
Severity: Normal CC: tkent, webkit.review.bot
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
URL: http://crbug.com/76378
Attachments:
Description Flags
Patch
none
Patch for landing none

Kenichi Ishibashi
Reported 2012-03-27 18:43:09 PDT
From http://crbug.com/76378 Conditional jump or move depends on uninitialised value(s) at 0x16AEFEF: WebCore::SimpleFontData::platformInit() (third_party/WebKit/Source/WebCore/platform/graphics/SimpleFontData.h:312) by 0x169AC95: WebCore::SimpleFontData::SimpleFontData(WebCore::FontPlatformData const&, bool, bool, bool) (third_party/WebKit/Source/WebCore/platform/graphics/SimpleFontData.cpp:61) This implies that platformInit() calls widthForGlyph(), in which we compared the argument with m_zeroWidthSpaceGlyph, which isn't initialized yet.
Attachments
Patch (2.18 KB, patch)
2012-03-27 18:44 PDT, Kenichi Ishibashi 		no flags
DetailsFormatted DiffDiff
Patch for landing (2.17 KB, patch)
2012-03-27 19:06 PDT, Kenichi Ishibashi 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Kenichi Ishibashi
Comment 1 2012-03-27 18:44:58 PDT
Created attachment 134194 [details] Patch
Kenichi Ishibashi
Comment 2 2012-03-27 18:45:52 PDT
Kent-san, could you take a look?
Kent Tamura
Comment 3 2012-03-27 19:04:48 PDT
Comment on attachment 134194 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=134194&action=review > Source/WebCore/ChangeLog:12 > + [Chromium] Uninitialized access in SimpleFontDataSkia::platformInit > + https://bugs.webkit.org/show_bug.cgi?id=82411 > + > + SimpleFontDataSkia::platformInit() could call widthForGlyph(), which > + accesses m_zeroWidthSpaceGlyph. This causes a valgrind memcheck error > + because m_zeroWidthSpaceGlyph isn't initialized at this point. > + Initialize m_zeroWidthSpaceGlyph with zero so that widthForGlyph() can > + return appropriate value(The value zero here means "unknown glyph"). > + > + Reviewed by NOBODY (OOPS!). Usual order is: <summary> <bug URL> Reviewd by ... <Detail>
Kenichi Ishibashi
Comment 4 2012-03-27 19:06:38 PDT
Created attachment 134200 [details] Patch for landing
Kenichi Ishibashi
Comment 5 2012-03-27 19:07:52 PDT
Comment on attachment 134194 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=134194&action=review Thanks! >> Source/WebCore/ChangeLog:12 >> + Reviewed by NOBODY (OOPS!). > > Usual order is: > > <summary> > <bug URL> > > Reviewd by ... > > <Detail> Done.
WebKit Review Bot
Comment 6 2012-03-27 19:42:23 PDT
Comment on attachment 134200 [details] Patch for landing Clearing flags on attachment: 134200 Committed r112357: <http://trac.webkit.org/changeset/112357>
WebKit Review Bot
Comment 7 2012-03-27 19:42:27 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.