Updates:
Cc: [email protected]
Comment #10 on issue 5309 by [email protected]: uninitialized memory read
in LayoutTests\svg\W3C-SVG-1.1\text-intro-05-t.svg
http://code.google.com/p/chromium/issues/detail?id=5309
The buffer which Purify complains UMR on was populated by the windows
function ScriptShape().
When given the input of U+063A, ScriptShape() writes the value 0x03cd into
the glyph
buffer.
I guess Purify isn't able to track the assignment made by ScriptShape(), so
it falls
back to considering any 0xCD byte as being un-initialized.
Hence any time the byte 0xCD is read from the buffer, it is considered a
UMR.
I checked that ScriptShape does in fact initialize this value, so it should
be safe
to mask this by calling MarkAsInitialized() on the buffer.
Here is the instrumented code I ran to confirm:
...
#define ASSERT_DISABLED 0
...
// Problem only happens when the input is the single arabic
// letter "Ghain:" (U+063A)
bool problemCall = (itemLength == 1 && input[0] == 0x063A);
if (problemCall) {
// Give the problem entry an initial value of 0xBEBE
shaping.m_glyphs[0] = 0xBEBE;
ASSERT(shaping.m_glyphs.size() > 1);
}
// Will write |generatedGlyphs| into buffer |shaping.m_glyphs|.
hr = ScriptShape(tempDC, scriptCache, input, itemLength,
numGlyphs, &run.a,
&shaping.m_glyphs[0], &shaping.m_logs[0],
&shaping.m_visattr[0], &generatedGlyphs);
if (problemCall) {
ASSERT(generatedGlyphs == 1);
fprintf(stderr, "glyph index: %04x\n", shaping.m_glyphs[0]);
// Make sure that both bytes of the WORD got changed.
BYTE* bytes = reinterpret_cast<BYTE*>(&shaping.m_glyphs[0]);
ASSERT(bytes[0] != 0xBE);
ASSERT(bytes[1] != 0xBE);
}
...
---------------------------------
OUTPUT:
glyph index: 0199
glyph index: 0199
glyph index: 03cd
glyph index: 03cd
glyph index: 03cd
glyph index: 03cd
---------------------------------
The output shows that there were 4 times when 0x03CD was written into the
buffer.
This matches the error from Purify, which says that there were 4
occurrences of a 1
byte UMR.
--
You received this message because you are listed in the owner
or CC fields of this issue, or because you starred this issue.
You may adjust your issue notification preferences at:
http://code.google.com/hosting/settings
--~--~---------~--~----~------------~-------~--~----~
Automated mail from issue updates at http://crbug.com/
Subscription options: http://groups.google.com/group/chromium-bugs
-~----------~----~----~----~------~----~------~--~---
![[chromium-bugs] Issue 5309 in chromium: uninitialized memory read in LayoutTests\svg\W3C-SVG-1.1\text-intro-05-t.svg](/search?l=chromium-bugs@googlegroups.com&q=subject:%22%5C%5Bchromium%5C-bugs%5C%5D+Issue+5309+in+chromium%5C%3A+uninitialized+memory+read+in++LayoutTests%5C%5Csvg%5C%5CW3C%5C-SVG%5C-1.1%5C%5Ctext%5C-intro%5C-05%5C-t.svg%22&o=newest){kind=link}
