196664 – Undefined Behavior: m_experimentalImageMenuEnabled isn't initialized in HTMLImageElement when SERVICE_CONTROLS is disabled

RESOLVED FIXED 196664

Undefined Behavior: m_experimentalImageMenuEnabled isn't initialized in HTMLImageElement when SERVICE_CONTROLS is disabled

https://bugs.webkit.org/show_bug.cgi?id=196664

Summary Undefined Behavior: m_experimentalImageMenuEnabled isn't initialized in HTMLI...

Christopher Reid

Reported 2019-04-05 16:21:14 PDT

m_experimentalImageMenuEnabled is only initialized when SERVICE_CONTROLS is enabled but used regardless. This doesn't seem to cause an observable bug. SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ..\..\Source\WebCore\dom/Document.cpp:2630:23 in ..\..\Source\WebCore\html\HTMLImageElement.h:112:45: runtime error: load of value 190, which is not a valid value for type 'bool' #0 0x7ffbfe807508 in WebCore::HTMLImageElement::hasShadowControls C:\git\neko\Source\WebCore\html\HTMLImageElement.h:112 #1 0x7ffbfe7e82c4 in WebCore::RenderImage::RenderImage C:\git\neko\Source\WebCore\rendering\RenderImage.cpp:142 #2 0x7ffbfcdf9358 in WebCore::createRenderer<WebCore::RenderImage,WebCore::HTMLImageElement &,WebCore::RenderStyle,nullptr_t,float &> C:\git\neko\Source\WebCore\rendering\RenderPtr.h:43 #3 0x7ffbfcde6766 in WebCore::HTMLImageElement::createElementRenderer C:\git\neko\Source\WebCore\html\HTMLImageElement.cpp:282 #4 0x7ffc02d68bb2 in WebCore::RenderTreeUpdater::createRenderer C:\git\neko\Source\WebCore\rendering\updating\RenderTreeUpdater.cpp:363 #5 0x7ffc02d62ad0 in WebCore::RenderTreeUpdater::updateElementRenderer C:\git\neko\Source\WebCore\rendering\updating\RenderTreeUpdater.cpp:323 #6 0x7ffc02d60085 in WebCore::RenderTreeUpdater::updateRenderTree C:\git\neko\Source\WebCore\rendering\updating\RenderTreeUpdater.cpp:187 #7 0x7ffc02d5df06 in WebCore::RenderTreeUpdater::commit C:\git\neko\Source\WebCore\rendering\updating\RenderTreeUpdater.cpp:119

Attachments
patch (1.35 KB, patch) 2019-04-05 16:24 PDT, Christopher Reid	no flags	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Christopher Reid

Comment 1 2019-04-05 16:24:01 PDT

Created attachment 366856 [details] patch

Ross Kirsling

Comment 2 2019-04-05 16:31:56 PDT

Comment on attachment 366856 [details] patch Seems correct, given that the declaration isn't #if-ed.

WebKit Commit Bot

Comment 3 2019-04-08 10:27:40 PDT

Comment on attachment 366856 [details] patch Clearing flags on attachment: 366856 Committed r244025: <https://trac.webkit.org/changeset/244025>

WebKit Commit Bot

Comment 4 2019-04-08 10:27:42 PDT

All reviewed patches have been landed. Closing bug.

Radar WebKit Bug Importer

Comment 5 2019-04-08 10:28:18 PDT

<rdar://problem/49700740>

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version WebKit Nightly Build

Hardware Unspecified

OS Unspecified

Product WebKit

Component WebCore Misc.

Assignee

Nobody

Reported

2019-04-05 16:21 PDT

Modified

2019-04-08 10:28 PDT History

CC List

11 users Show

URL

Keywords InRadar

Depends on

Blocks

196533

Dependencies

tree graph