57656 – Valgrind error in _ZN7WebCore8Document11updateTitleERKNS_19StringWithDirectionE

RESOLVED FIXED 57656

Valgrind error in _ZN7WebCore8Document11updateTitleERKNS_19StringWithDirectionE

https://bugs.webkit.org/show_bug.cgi?id=57656

Summary Valgrind error in _ZN7WebCore8Document11updateTitleERKNS_19StringWithDirectionE

Adam Barth

Reported 2011-04-01 13:52:55 PDT

Suppression (error hash=#000000002B0B6257#): { <insert_a_suppression_name_here> Memcheck:Cond fun:_ZN7WebCore8Document11updateTitleERKNS_19StringWithDirectionE fun:_ZN7WebCore8Document15setTitleElementERKNS_19StringWithDirectionEPNS_7ElementE fun:_ZN7WebCore16HTMLTitleElement20insertedIntoDocumentEv fun:_ZN7WebCore13ContainerNode14parserAddChildEN3WTF10PassRefPtrINS_4NodeEEE fun:_ZN7WebCore20HTMLConstructionSite6attachINS_7ElementEEEN3WTF10PassRefPtrIT_EEPNS_13ContainerNodeES6_ fun:_ZN7WebCore20HTMLConstructionSite15attachToCurrentEN3WTF10PassRefPtrINS_7ElementEEE fun:_ZN7WebCore20HTMLConstructionSite17insertHTMLElementERNS_15AtomicHTMLTokenE fun:_ZN7WebCore15HTMLTreeBuilder28processGenericRCDATAStartTagERNS_15AtomicHTMLTokenE fun:_ZN7WebCore15HTMLTreeBuilder24processStartTagForInHeadERNS_15AtomicHTMLTokenE fun:_ZN7WebCore15HTMLTreeBuilder15processStartTagERNS_15AtomicHTMLTokenE fun:_ZN7WebCore15HTMLTreeBuilder12processTokenERNS_15AtomicHTMLTokenE fun:_ZN7WebCore15HTMLTreeBuilder28constructTreeFromAtomicTokenERNS_15AtomicHTMLTokenE fun:_ZN7WebCore15HTMLTreeBuilder22constructTreeFromTokenERNS_9HTMLTokenE fun:_ZN7WebCore18HTMLDocumentParser13pumpTokenizerENS0_15SynchronousModeE fun:_ZN7WebCore18HTMLDocumentParser23pumpTokenizerIfPossibleENS0_15SynchronousModeE fun:_ZN7WebCore18HTMLDocumentParser6appendERKNS_15SegmentedStringE fun:_ZN7WebCore25DecodedDataDocumentParser11appendBytesEPNS_14DocumentWriterEPKcib fun:_ZN7WebCore14DocumentWriter7addDataEPKcib fun:_ZN7WebCore14DocumentWriter27endIfNotLoadingMainResourceEv fun:_ZN7WebCore14DocumentWriter3endEv fun:_ZN7WebCore14DocumentLoader15finishedLoadingEv fun:_ZN7WebCore11FrameLoader15finishedLoadingEv }

Attachments
Patch (1.49 KB, patch) 2011-04-01 14:27 PDT, Adam Barth	no flags	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Adam Barth

Comment 1 2011-04-01 13:54:14 PDT

The following WebKit roll is on the blamelist: WebKit DEPS: 82579 => 82603

Adam Barth

Comment 2 2011-04-01 13:55:06 PDT

More information from valgrind: UninitCondition Conditional jump or move depends on uninitialised value(s) WebCore::Document::updateTitle(WebCore::StringWithDirection const&) (third_party/WebKit/Source/WebCore/dom/Document.cpp:1327) WebCore::Document::setTitleElement(WebCore::StringWithDirection const&, WebCore::Element*) (third_party/WebKit/Source/WebCore/dom/Document.cpp:1370) WebCore::HTMLTitleElement::insertedIntoDocument() (third_party/WebKit/Source/WebCore/html/HTMLTitleElement.cpp:49) WebCore::ContainerNode::parserAddChild(WTF::PassRefPtr<WebCore::Node>) (third_party/WebKit/Source/WebCore/dom/ContainerNode.cpp:655) WTF::PassRefPtr<WebCore::Element> WebCore::HTMLConstructionSite::attach<WebCore::Element>(WebCore::ContainerNode*, WTF::PassRefPtr<WebCore::Element>) (third_party/WebKit/Source/WebCore/html/parser/HTMLConstructionSite.cpp:99) WebCore::HTMLConstructionSite::attachToCurrent(WTF::PassRefPtr<WebCore::Element>) (third_party/WebKit/Source/WebCore/html/parser/HTMLConstructionSite.cpp:264) WebCore::HTMLConstructionSite::insertHTMLElement(WebCore::AtomicHTMLToken&) (third_party/WebKit/Source/WebCore/html/parser/HTMLConstructionSite.cpp:294) WebCore::HTMLTreeBuilder::processGenericRCDATAStartTag(WebCore::AtomicHTMLToken&) (third_party/WebKit/Source/WebCore/html/parser/HTMLTreeBuilder.cpp:2764) WebCore::HTMLTreeBuilder::processStartTagForInHead(WebCore::AtomicHTMLToken&) (third_party/WebKit/Source/WebCore/html/parser/HTMLTreeBuilder.cpp:2732) WebCore::HTMLTreeBuilder::processStartTag(WebCore::AtomicHTMLToken&) (third_party/WebKit/Source/WebCore/html/parser/HTMLTreeBuilder.cpp:1165) WebCore::HTMLTreeBuilder::processToken(WebCore::AtomicHTMLToken&) (third_party/WebKit/Source/WebCore/html/parser/HTMLTreeBuilder.cpp:461) WebCore::HTMLTreeBuilder::constructTreeFromAtomicToken(WebCore::AtomicHTMLToken&) (third_party/WebKit/Source/WebCore/html/parser/HTMLTreeBuilder.cpp:442) WebCore::HTMLTreeBuilder::constructTreeFromToken(WebCore::HTMLToken&) (third_party/WebKit/Source/WebCore/html/parser/HTMLTreeBuilder.cpp:437) WebCore::HTMLDocumentParser::pumpTokenizer(WebCore::HTMLDocumentParser::SynchronousMode) (third_party/WebKit/Source/WebCore/html/parser/HTMLDocumentParser.cpp:277) WebCore::HTMLDocumentParser::pumpTokenizerIfPossible(WebCore::HTMLDocumentParser::SynchronousMode) (third_party/WebKit/Source/WebCore/html/parser/HTMLDocumentParser.cpp:176) WebCore::HTMLDocumentParser::append(WebCore::SegmentedString const&) (third_party/WebKit/Source/WebCore/html/parser/HTMLDocumentParser.cpp:350) WebCore::DecodedDataDocumentParser::appendBytes(WebCore::DocumentWriter*, char const*, int, bool) (third_party/WebKit/Source/WebCore/dom/DecodedDataDocumentParser.cpp:54) WebCore::DocumentWriter::addData(char const*, int, bool) (third_party/WebKit/Source/WebCore/loader/DocumentWriter.cpp:201) WebCore::DocumentWriter::endIfNotLoadingMainResource() (third_party/WebKit/Source/WebCore/loader/DocumentWriter.cpp:221) WebCore::DocumentWriter::end() (third_party/WebKit/Source/WebCore/loader/DocumentWriter.cpp:207) WebCore::DocumentLoader::finishedLoading() (third_party/WebKit/Source/WebCore/loader/DocumentLoader.cpp:288) WebCore::FrameLoader::finishedLoading() (third_party/WebKit/Source/WebCore/loader/FrameLoader.cpp:2230) WebCore::MainResourceLoader::didFinishLoading(double) (third_party/WebKit/Source/WebCore/loader/MainResourceLoader.cpp:467) WebCore::ResourceLoader::didFinishLoading(WebCore::ResourceHandle*, double) (third_party/WebKit/Source/WebCore/loader/ResourceLoader.cpp:436) WebCore::ResourceHandleInternal::didFinishLoading(WebKit::WebURLLoader*, double) (third_party/WebKit/Source/WebKit/chromium/src/ResourceHandle.cpp:197) webkit_glue::WebURLLoaderImpl::Context::OnCompletedRequest(net::URLRequestStatus const&, std::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, base::Time const&) (webkit/glue/weburlloader_impl.cc:653) (anonymous namespace)::RequestProxy::NotifyCompletedRequest(net::URLRequestStatus const&, std::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, base::Time const&) (webkit/tools/test_shell/simple_resource_loader_bridge.cc:326) void DispatchToMethod<(anonymous namespace)::RequestProxy, void ((anonymous namespace)::RequestProxy::*)(net::URLRequestStatus const&, std::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, base::Time const&), net::URLRequestStatus, std::basic_string<char, std::char_traits<char>, std::allocator<char> >, base::Time>((anonymous namespace)::RequestProxy*, void ((anonymous namespace)::RequestProxy::*)(net::URLRequestStatus const&, std::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, base::Time const&), Tuple3<net::URLRequestStatus, std::basic_string<char, std::char_traits<char>, std::allocator<char> >, base::Time> const&) (./base/tuple.h:564) RunnableMethod<(anonymous namespace)::RequestProxy, void ((anonymous namespace)::RequestProxy::*)(net::URLRequestStatus const&, std::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, base::Time const&), Tuple3<net::URLRequestStatus, std::basic_string<char, std::char_traits<char>, std::allocator<char> >, base::Time> >::Run() (./base/task.h:332) MessageLoop::RunTask(Task*) (base/message_loop.cc:370)

Adam Barth

Comment 3 2011-04-01 14:08:11 PDT

Seemly related changes in that range: http://trac.webkit.org/changeset/82596/ http://trac.webkit.org/changeset/82580/ My money is on Evan's change: "<title> should support dir attribute" because it's a larger change.

Adam Barth

Comment 4 2011-04-01 14:22:10 PDT

The bug is that the default constructor of StringWithDirection doesn't initialize m_direction. Patch shortly.

Adam Barth

Comment 5 2011-04-01 14:27:03 PDT

Created attachment 87913 [details] Patch

Adam Barth

Comment 6 2011-04-01 14:30:08 PDT

http://code.google.com/p/chromium/issues/detail?id=78197

WebKit Commit Bot

Comment 7 2011-04-01 16:19:30 PDT

Comment on attachment 87913 [details] Patch Clearing flags on attachment: 87913 Committed r82741: <http://trac.webkit.org/changeset/82741>

WebKit Commit Bot

Comment 8 2011-04-01 16:19:34 PDT

All reviewed patches have been landed. Closing bug.

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version 528+ (Nightly build)

Hardware All

OS All

Product WebKit

Component DOM

Assignee

Nobody

Reported

2011-04-01 13:52 PDT

Modified

2011-04-01 16:19 PDT History

CC List

5 users Show

URL

Keywords

Depends on

Blocks