From http://crbug.com/76378 Conditional jump or move depends on uninitialised value(s) at 0x16AEFEF: WebCore::SimpleFontData::platformInit() (third_party/WebKit/Source/WebCore/platform/graphics/SimpleFontData.h:312) by 0x169AC95: WebCore::SimpleFontData::SimpleFontData(WebCore::FontPlatformData const&, bool, bool, bool) (third_party/WebKit/Source/WebCore/platform/graphics/SimpleFontData.cpp:61) This implies that platformInit() calls widthForGlyph(), in which we compared the argument with m_zeroWidthSpaceGlyph, which isn't initialized yet.
Created attachment 134194 [details] Patch
Kent-san, could you take a look?
Comment on attachment 134194 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=134194&action=review > Source/WebCore/ChangeLog:12 > + [Chromium] Uninitialized access in SimpleFontDataSkia::platformInit > + https://bugs.webkit.org/show_bug.cgi?id=82411 > + > + SimpleFontDataSkia::platformInit() could call widthForGlyph(), which > + accesses m_zeroWidthSpaceGlyph. This causes a valgrind memcheck error > + because m_zeroWidthSpaceGlyph isn't initialized at this point. > + Initialize m_zeroWidthSpaceGlyph with zero so that widthForGlyph() can > + return appropriate value(The value zero here means "unknown glyph"). > + > + Reviewed by NOBODY (OOPS!). Usual order is: <summary> <bug URL> Reviewd by ... <Detail>
Created attachment 134200 [details] Patch for landing
Comment on attachment 134194 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=134194&action=review Thanks! >> Source/WebCore/ChangeLog:12 >> + Reviewed by NOBODY (OOPS!). > > Usual order is: > > <summary> > <bug URL> > > Reviewd by ... > > <Detail> Done.
Comment on attachment 134200 [details] Patch for landing Clearing flags on attachment: 134200 Committed r112357: <http://trac.webkit.org/changeset/112357>
All reviewed patches have been landed. Closing bug.