RESOLVED FIXED 31063
UMR in WebCore::AccessibilityRenderObject::children(); m_childrenDirty uninitialized in constructor 
https://bugs.webkit.org/show_bug.cgi?id=31063
Summary UMR in WebCore::AccessibilityRenderObject::children(); m_childrenDirty uninit...
Darin Fisher (:fishd, Google)
Reported 2009-11-03 08:59:04 PST
From http://crbug.com/26547, Dan Kegel (dank@chromium.org) wrote: > LayoutTests/accessibility/aria-hidden.html > (and lots of other tests in that directory) > show the following valgrind warning: > > Conditional jump or move depends on uninitialised value(s) > at WebCore::AccessibilityRenderObject::children() > (AccessibilityRenderObject.cpp:2549) > by AccessibilityUIElement::GetChildAtIndex(unsigned int) > (accessibility_ui_element.cc:285) > ... > Uninitialised value was created by a heap allocation > at malloc (vg_replace_malloc.c:195) > by WTF::fastMalloc(unsigned long) (FastMalloc.cpp:233) > by WTF::FastAllocBase::operator new(unsigned long) (FastAllocBase.h:96) > by WebCore::AccessibilityRenderObject::create(WebCore::RenderObject*) > (AccessibilityRenderObject.cpp:101) > ... > > Looks like somebody forgot to initialize m_childrenDirty to false > in the constructor. The following patch seems to make the > problem go away: > > --- accessibility/AccessibilityRenderObject.cpp (revision 50258) > +++ accessibility/AccessibilityRenderObject.cpp (working copy) > @@ -84,6 +84,7 @@ > : AccessibilityObject() > , m_renderer(renderer) > , m_ariaRole(UnknownRole) > + , m_childrenDirty(false) > { > updateAccessibilityRole(); > #ifndef NDEBUG
Attachments
v1 patch (1.14 KB, patch)
2009-11-03 09:16 PST, Darin Fisher (:fishd, Google) 		dglazkov: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Darin Fisher (:fishd, Google)
Comment 1 2009-11-03 09:16:13 PST
Created attachment 42388 [details] v1 patch
Dimitri Glazkov (Google)
Comment 2 2009-11-03 09:25:21 PST
Comment on attachment 42388 [details] v1 patch r=me.
Darin Fisher (:fishd, Google)
Comment 3 2009-11-03 09:27:24 PST
Landed as: http://trac.webkit.org/changeset/50173
Note You need to log in before you can comment on or make changes to this bug.