Status: Untriaged Owner: [EMAIL PROTECTED] Labels: Type-Bug Pri-1 OS-All Area-Misc
New issue 5291 by [EMAIL PROTECTED]: array bounds read in LayoutTests\svg\W3C-SVG-1.1\coords-units-01-b.svg http://code.google.com/p/chromium/issues/detail?id=5291 From a recent purify run: [E] ABR: Array bounds read in S32_opaque_D32_nofilter_DX {28 occurrences} Reading 4 bytes from 0x097555f4 (4 bytes at 0x097555f4 illegal) Address 0x097555f4 is 1 byte past the end of a 1500 byte block at 0x09755018 Address 0x097555f4 points to a malloc'd block in heap 0x069a0000 Thread ID: 0xa24 Error location S32_opaque_D32_nofilter_DX [c:\b\slave\pl\build\src\skia\sgl\skbitmapprocstate_sample.h:80] SkBitmapProcShader::shadeSpan(int,int,UINT * const,int) [c:\b\slave\pl\build\src\skia\sgl\skbitmapprocshader.cpp:142] SkARGB32_Shader_Blitter::blitAntiH(int,int,BYTE const* const,short const* const) [c:\b\slave\pl\build\src\skia\sgl\skblitter_argb32.cpp:463] SuperBlitter::flush(void) [c:\b\slave\pl\build\src\skia\sgl\skscan_antipath.cpp:108] SuperBlitter::blitH(int,int,int) [c:\b\slave\pl\build\src\skia\sgl\skscan_antipath.cpp:146] walk_edges [c:\b\slave\pl\build\src\skia\sgl\skscan_path.cpp:161] sk_fill_path(SkPath const&,SkIRect const*,SkBlitter *,int,int,SkRegion const&) [c:\b\slave\pl\build\src\skia\sgl\skscan_path.cpp:502] SkScan::AntiFillPath(SkPath const&,SkRegion const&,SkBlitter *) [c:\b\slave\pl\build\src\skia\sgl\skscan_antipath.cpp:404] SkDraw::drawPath(SkPath const&,SkPaint const&,SkMatrix const*,bool)const [c:\b\slave\pl\build\src\skia\sgl\skdraw.cpp:815] SkDraw::drawPath(SkPath const&,SkPaint const&)const [c:\b\slave\pl\build\src\skia\include\skdraw.h:65] SkDevice::drawPath(SkDraw const&,SkPath const&,SkPaint const&) [c:\b\slave\pl\build\src\skia\sgl\skdevice.cpp:64] SkCanvas::drawPath(SkPath const&,SkPaint const&) [c:\b\slave\pl\build\src\skia\sgl\skcanvas.cpp:1010] WebCore::GraphicsContext::fillPath(void) [c:\b\slave\pl\build\src\webkit\port\platform\graphics\graphicscontextskia.cpp:692] WebCore::SVGPaintServer::renderPath(GraphicsContext::WebCore *&,RenderObject::WebCore const*,SVGPaintTargetType::WebCore)const [c:\b\slave\pl\build\src\webkit\port\platform\graphics\svg\svgpaintserverskia.cpp:67] WebCore::SVGPaintServer::draw(GraphicsContext::WebCore *&,RenderObject::WebCore const*,SVGPaintTargetType::WebCore)const [c:\b\slave\pl\build\src\webkit\port\platform\graphics\svg\svgpaintserverskia.cpp:47] WebCore::fillAndStrokePath [c:\b\slave\pl\build\src\third_party\webkit\webcore\rendering\renderpath.cpp:190] WebCore::RenderPath::paint(PaintInfo::RenderObject::WebCore&,int,int) [c:\b\slave\pl\build\src\third_party\webkit\webcore\rendering\renderpath.cpp:217] WebCore::RenderSVGContainer::paint(PaintInfo::RenderObject::WebCore&,int,int) [c:\b\slave\pl\build\src\third_party\webkit\webcore\rendering\rendersvgcontainer.cpp:350] WebCore::RenderSVGContainer::paint(PaintInfo::RenderObject::WebCore&,int,int) [c:\b\slave\pl\build\src\third_party\webkit\webcore\rendering\rendersvgcontainer.cpp:350] WebCore::RenderBox::paint(PaintInfo::RenderObject::WebCore&,int,int) [c:\b\slave\pl\build\src\third_party\webkit\webcore\rendering\renderbox.cpp:341] WebCore::RenderSVGRoot::paint(PaintInfo::RenderObject::WebCore&,int,int) [c:\b\slave\pl\build\src\third_party\webkit\webcore\rendering\rendersvgroot.cpp:192] WebCore::RenderLayer::paintLayer(RenderLayer::WebCore *,GraphicsContext::WebCore *,IntRect::WebCore const&,bool,PaintRestriction::WebCore,RenderObject::WebCore *,bool) [c:\b\slave\pl\build\src\third_party\webkit\webcore\rendering\renderlayer.cpp:1776] WebCore::RenderLayer::paintLayer(RenderLayer::WebCore *,GraphicsContext::WebCore *,IntRect::WebCore const&,bool,PaintRestriction::WebCore,RenderObject::WebCore *,bool) [c:\b\slave\pl\build\src\third_party\webkit\webcore\rendering\renderlayer.cpp:1801] WebCore::RenderLayer::paint(GraphicsContext::WebCore *,IntRect::WebCore const&,PaintRestriction::WebCore,RenderObject::WebCore *) [c:\b\slave\pl\build\src\third_party\webkit\webcore\rendering\renderlayer.cpp:1618] WebCore::FrameView::paintContents(GraphicsContext::WebCore *,IntRect::WebCore const&) [c:\b\slave\pl\build\src\third_party\webkit\webcore\page\frameview.cpp:1190] WebCore::ScrollView::paint(GraphicsContext::WebCore *,IntRect::WebCore const&) [c:\b\slave\pl\build\src\third_party\webkit\webcore\platform\scrollview.cpp:633] WebFrameImpl::CaptureImage(scoped_ptr<BitmapPlatformDeviceWin::gfx> *,bool) [c:\b\slave\pl\build\src\webkit\glue\webframe_impl.cc:1470] TestShell::DumpImage(class WebFrame *,class std::basic_string<wchar_t,struct std::char_traits<wchar_t>,class std::allocator<wchar_t> > const &) [c:\b\slave\pl\build\src\webkit\tools\test_shell\test_shell.cc:173] TestShell::RunFileTest(char const*,TestParams::TestShell const&) [c:\b\slave\pl\build\src\webkit\tools\test_shell\test_shell_win.cc:306] main [c:\b\slave\pl\build\src\webkit\tools\test_shell\test_shell_main.cc:378] Allocation location malloc [f:\sp\vctools\crt_bld\self_x86\crt\src\malloc.c:155] sk_malloc_flags(UINT,UINT) [c:\b\slave\pl\build\src\skia\corecg\skmemory_stdlib.cpp:260] SkBitmap::HeapAllocator::allocPixelRef(SkBitmap *,SkColorTable *) [c:\b\slave\pl\build\src\skia\sgl\skbitmap.cpp:431] SkBitmap::allocPixels(Allocator::SkBitmap *,SkColorTable *) [c:\b\slave\pl\build\src\skia\sgl\skbitmap.cpp:296] SkBitmap::copyTo(SkBitmap *,Config::SkBitmap,Allocator::SkBitmap *)const [c:\b\slave\pl\build\src\skia\sgl\skbitmap.cpp:721] WebCore::BitmapImageSingleFrameSkia::create(SkBitmap const&) [c:\b\slave\pl\build\src\webkit\port\platform\graphics\imageskia.cpp:451] WebCore::ImageBuffer::image(void)const [c:\b\slave\pl\build\src\webkit\port\platform\graphics\imagebufferskia.cpp:94] WebCore::SVGPaintServerPattern::setup(GraphicsContext::WebCore *&,RenderObject::WebCore const*,SVGPaintTargetType::WebCore,bool)const [c:\b\slave\pl\build\src\webkit\port\platform\graphics\svg\svgpaintserverpatternskia.cpp:66] WebCore::SVGPaintServer::draw(GraphicsContext::WebCore *&,RenderObject::WebCore const*,SVGPaintTargetType::WebCore)const [c:\b\slave\pl\build\src\webkit\port\platform\graphics\svg\svgpaintserverskia.cpp:44] WebCore::fillAndStrokePath [c:\b\slave\pl\build\src\third_party\webkit\webcore\rendering\renderpath.cpp:190] WebCore::RenderPath::paint(PaintInfo::RenderObject::WebCore&,int,int) [c:\b\slave\pl\build\src\third_party\webkit\webcore\rendering\renderpath.cpp:217] WebCore::RenderSVGContainer::paint(PaintInfo::RenderObject::WebCore&,int,int) [c:\b\slave\pl\build\src\third_party\webkit\webcore\rendering\rendersvgcontainer.cpp:350] WebCore::RenderSVGContainer::paint(PaintInfo::RenderObject::WebCore&,int,int) [c:\b\slave\pl\build\src\third_party\webkit\webcore\rendering\rendersvgcontainer.cpp:350] WebCore::RenderBox::paint(PaintInfo::RenderObject::WebCore&,int,int) [c:\b\slave\pl\build\src\third_party\webkit\webcore\rendering\renderbox.cpp:341] WebCore::RenderSVGRoot::paint(PaintInfo::RenderObject::WebCore&,int,int) [c:\b\slave\pl\build\src\third_party\webkit\webcore\rendering\rendersvgroot.cpp:192] WebCore::RenderLayer::paintLayer(RenderLayer::WebCore *,GraphicsContext::WebCore *,IntRect::WebCore const&,bool,PaintRestriction::WebCore,RenderObject::WebCore *,bool) [c:\b\slave\pl\build\src\third_party\webkit\webcore\rendering\renderlayer.cpp:1776] WebCore::RenderLayer::paintLayer(RenderLayer::WebCore *,GraphicsContext::WebCore *,IntRect::WebCore const&,bool,PaintRestriction::WebCore,RenderObject::WebCore *,bool) [c:\b\slave\pl\build\src\third_party\webkit\webcore\rendering\renderlayer.cpp:1801] WebCore::RenderLayer::paint(GraphicsContext::WebCore *,IntRect::WebCore const&,PaintRestriction::WebCore,RenderObject::WebCore *) [c:\b\slave\pl\build\src\third_party\webkit\webcore\rendering\renderlayer.cpp:1618] WebCore::FrameView::paintContents(GraphicsContext::WebCore *,IntRect::WebCore const&) [c:\b\slave\pl\build\src\third_party\webkit\webcore\page\frameview.cpp:1190] WebCore::ScrollView::paint(GraphicsContext::WebCore *,IntRect::WebCore const&) [c:\b\slave\pl\build\src\third_party\webkit\webcore\platform\scrollview.cpp:633] WebFrameImpl::CaptureImage(scoped_ptr<BitmapPlatformDeviceWin::gfx> *,bool) [c:\b\slave\pl\build\src\webkit\glue\webframe_impl.cc:1470] TestShell::DumpImage(class WebFrame *,class std::basic_string<wchar_t,struct std::char_traits<wchar_t>,class std::allocator<wchar_t> > const &) [c:\b\slave\pl\build\src\webkit\tools\test_shell\test_shell.cc:173] TestShell::RunFileTest(char const*,TestParams::TestShell const&) [c:\b\slave\pl\build\src\webkit\tools\test_shell\test_shell_win.cc:306] main [c:\b\slave\pl\build\src\webkit\tools\test_shell\test_shell_main.cc:378] _tmainCRTStartup [f:\sp\vctools\crt_bld\self_x86\crt\src\crt0.c:327] -- You received this message because you are listed in the owner or CC fields of this issue, or because you starred this issue. You may adjust your issue notification preferences at: http://code.google.com/hosting/settings --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Chromium-bugs" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/chromium-bugs?hl=en -~----------~----~----~----~------~----~------~--~---
![[chromium-bugs] Issue 5291 in chromium: array bounds read in LayoutTests\svg\W3C-SVG-1.1\coords-units-01-b.svg](/search?l=chromium-bugs@googlegroups.com&q=subject:%22%5C%5Bchromium%5C-bugs%5C%5D+Issue+5291+in+chromium%5C%3A+array+bounds+read+in+LayoutTests%5C%5Csvg%5C%5CW3C%5C-SVG%5C-1.1%5C%5Ccoords%5C-units%5C-01%5C-b.svg%22&o=newest){kind=link}
