27467 – Uninitialized memory reference in PlatformContextSkia::currentPathInLocalCoordinates()

Bug 27467 - Uninitialized memory reference in PlatformContextSkia::currentPathInLocalCoordinates()

Summary: Uninitialized memory reference in PlatformContextSkia::currentPathInLocalCoor...

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	WebCore Misc. (show other bugs)
Version:	528+ (Nightly build)
Hardware:	PC All

Importance:	P2 Normal
Assignee:	Nobody

URL:
Keywords:

Depends on:
Blocks:

Reported:	2009-07-20 16:06 PDT by James Hawkins
Modified:	2009-07-21 02:56 PDT (History)
CC List:	2 users (show)

See Also:

Attachments
Return an empty path in PlatformContextSkia::currentPathInLocalCoordinates if matrix.invert() fails (1.51 KB, patch) 2009-07-20 16:12 PDT, James Hawkins	eric: review+	Details \| Formatted Diff \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description James Hawkins 2009-07-20 16:06:19 PDT

The following tests
LayoutTests/svg/dynamic-updates/SVGMarkerElement-dom-markerHeight-attr.html
LayoutTests/svg/dynamic-updates/SVGMarkerElement-dom-markerWidth-attr.html
LayoutTests/svg/dynamic-updates/SVGMarkerElement-svgdom-markerHeight-prop.html
LayoutTests/svg/dynamic-updates/SVGMarkerElement-svgdom-markerWidth-prop.html

show a valgrind error:

18:47:01 valgrind_analyze.py [ERROR] UninitCondition
Conditional jump or move depends on uninitialised value(s)
  SkMatrix::getType() const (skia/include/corecg/SkMatrix.h:48)
  SkPath::transform(SkMatrix const&, SkPath*) const (skia/sgl/SkPath.cpp:849)
  SkPath::transform(SkMatrix const&) (skia/include/SkPath.h:454)
  PlatformContextSkia::currentPathInLocalCoordinates() const
(third_party/WebKit/WebCore/platform/graphics/skia/PlatformContextSkia.cpp:470)
  WebCore::GraphicsContext::fillPath()
(third_party/WebKit/WebCore/platform/graphics/skia/GraphicsContextSkia.cpp:687)
  WebCore::SVGPaintServer::renderPath(WebCore::GraphicsContext*&,
WebCore::RenderObject const*, WebCore::SVGPaintTargetType) const
(third_party/WebKit/WebCore/svg/graphics/SVGPaintServer.cpp:180)
  WebCore::SVGPaintServer::draw(WebCore::GraphicsContext*&, WebCore::RenderObject
const*, WebCore::SVGPaintTargetType) const
(third_party/WebKit/WebCore/svg/graphics/SVGPaintServer.cpp:171)
  WebCore::fillAndStrokePath(WebCore::Path const&, WebCore::GraphicsContext*,
WebCore::RenderStyle*, WebCore::RenderPath*)
(third_party/WebKit/WebCore/rendering/RenderPath.cpp:211)
  WebCore::RenderPath::paint(WebCore::RenderObject::PaintInfo&, int, int)
(third_party/WebKit/WebCore/rendering/RenderPath.cpp:238)
  WebCore::RenderSVGContainer::paint(WebCore::RenderObject::PaintInfo&, int, int)
(third_party/WebKit/WebCore/rendering/RenderSVGContainer.cpp:199)

Uninitialised value was created by a stack allocation
  PlatformContextSkia::currentPathInLocalCoordinates() const
(third_party/WebKit/WebCore/platform/graphics/skia/PlatformContextSkia.cpp:464)

The call to matrix.invert fails, leaving inverseMatrix uninitialized.  My fix is to return an empty path.  I will upload a patch soon.

Comment 1 James Hawkins 2009-07-20 16:12:49 PDT

Created attachment 33119 [details]
Return an empty path in PlatformContextSkia::currentPathInLocalCoordinates if matrix.invert() fails

Comment 2 Eric Seidel (no email) 2009-07-20 16:29:10 PDT

Comment on attachment 33119 [details]
Return an empty path in PlatformContextSkia::currentPathInLocalCoordinates if matrix.invert() fails

LGTM.

Comment 3 David Levin 2009-07-21 02:56:57 PDT

Committed as http://trac.webkit.org/changeset/46158