Comment #7 on issue 5295 by macdome: Uninitialized memory reads in layout
test misc/acid3.html
http://code.google.com/p/chromium/issues/detail?id=5295
W] UMR: Uninitialized memory read in
WebCore::StringImpl::computeHash(wchar_t const *,unsigned int) {1
occurrence}
Reading 2 bytes from 0x0013d834 (2 bytes at 0x0013d834
uninitialized)
Address 0x0013d834 points into a thread's stack
Address 0x0013d834 is 4 bytes past the start of local
variable 'info' in
WebCore::V8SVGDynamicPODTypeWrapperCache<SVGLength::WebCore,SVGAnimatedTemplate<SVGLength::WebCore>::WebCor
e>::lookupOrCreateWrapper(SVGAnimatedTem
plate<SVGLength::WebCore>::WebCore
*,(SVGAnimatedTemplate<SVGLength::WebCore>::WebCore::*)(SVGLength::WebCore,void,...))
Thread ID: 0xfe8
Error location
WebCore::StringImpl::computeHash(wchar_t const *,unsigned int)
StringImpl's computeHash(UChar*, unsigned) function is the generic hash
function for WebCore. So whatever class is asking to
be hashed here likely has some unitialized memory, and it's being read for
the first time when the class's data is hashed for
storage in the DOM wrapper cache. That's a bad bug, because it will cause
some DOM objects to be wrapped more than once,
thus causing strange javascript side effects.
Certainly not a show-stopper. And should be easy to fix.
--
You received this message because you are listed in the owner
or CC fields of this issue, or because you starred this issue.
You may adjust your issue notification preferences at:
http://code.google.com/hosting/settings
--~--~---------~--~----~------------~-------~--~----~
Automated mail from issue updates at http://crbug.com/
Subscription options: http://groups.google.com/group/chromium-bugs
-~----------~----~----~----~------~----~------~--~---
