[chromium-bugs] Issue 17128 in chromium: [ABW] Array bounds write in sk_memset32_portable(UINT * const,UINT,int) in ResourceDispatcherTest.CrossSiteNavigationNonBuffered

Fri, 17 Jul 2009 18:57:25 -0700 

Status: Untriaged
Owner: [email protected]
Labels: Type-Bug Pri-2 OS-All Area-Misc Size-Medium Fixit purify

New issue 17128 by [email protected]: [ABW] Array bounds write in  
sk_memset32_portable(UINT * const,UINT,int) in  
ResourceDispatcherTest.CrossSiteNavigationNonBuffered
http://code.google.com/p/chromium/issues/detail?id=17128

Reproducible with:
        ResourceDispatcherTest.CrossSiteNavigationNonBuffered

Sample error details:
=====================
Array Bounds Write: Array bounds write in sk_memset32_portable(UINT *
const,UINT,int)

Error Location
    third_party/skia/src/core/skutils.cpp:113  sk_memset32_portable(UINT *
const,UINT,int)
    third_party/skia/src/core/skblitter_argb32.cpp:264
SkARGB32_Blitter::blitRect(int,int,int,int)
    third_party/skia/src/core/skscan_antihair.cpp:563  antifillrect
    third_party/skia/src/core/skscan_antihair.cpp:623  antifillrect
    third_party/skia/src/core/skscan_antihair.cpp:644
SkScan::AntiFillRect(SkRect const&,SkRegion const*,SkBlitter *)
    third_party/skia/src/core/skdraw.cpp:705  SkDraw::drawRect(SkRect
const&,SkPaint const&)const
    third_party/skia/src/core/skdevice.cpp:59  SkDevice::drawRect(SkDraw
const&,SkRect const&,SkPaint const&)
    third_party/skia/src/core/skcanvas.cpp:1042  SkCanvas::drawRect(SkRect
const&,SkPaint const&)

third_party/webkit/webcore/platform/graphics/skia/graphicscontextskia.cpp:7
50  WebCore::GraphicsContext::fillRect(FloatRect::WebCore
const&,Color::WebCore const&)
    third_party/webkit/webcore/rendering/renderboxmodelobject.cpp:428
WebCore::RenderBoxModelObject::paintFillLayerExtended(PaintInfo::RenderObje
ct::WebCore const&,Color::WebCore const&,FillLayer::WebCore
const*,int,int,int,int,InlineFlowBox::WebCore *,CompositeOperator::WebCore)
    third_party/webkit/webcore/rendering/renderbox.cpp:713
WebCore::RenderBox::paintFillLayer(PaintInfo::RenderObject::WebCore
const&,Color::WebCore const&,FillLayer::WebCore
const*,int,int,int,int,CompositeOperator::WebCore)
    third_party/webkit/webcore/rendering/renderbox.cpp:708
WebCore::RenderBox::paintFillLayers(PaintInfo::RenderObject::WebCore
const&,Color::WebCore const&,FillLayer::WebCore
const*,int,int,int,int,CompositeOperator::WebCore)
    third_party/webkit/webcore/rendering/renderbox.cpp:585
WebCore::RenderBox::paintRootBoxDecorations(PaintInfo::RenderObject::WebCor
e&,int,int)
    third_party/webkit/webcore/rendering/renderbox.cpp:597
WebCore::RenderBox::paintBoxDecorations(PaintInfo::RenderObject::WebCore&,i
nt,int)
    third_party/webkit/webcore/rendering/renderblock.cpp:1776
WebCore::RenderBlock::paintObject(PaintInfo::RenderObject::WebCore&,int,int
)
    third_party/webkit/webcore/rendering/renderblock.cpp:1605
WebCore::RenderBlock::paint(PaintInfo::RenderObject::WebCore&,int,int)
    third_party/webkit/webcore/rendering/renderlayer.cpp:2141
WebCore::RenderLayer::paintLayer(RenderLayer::WebCore
*,GraphicsContext::WebCore *,IntRect::WebCore
const&,PaintRestriction::WebCore,RenderObject::WebCore *,HashMap::WTF
*,UINT)
    third_party/webkit/webcore/rendering/renderlayer.cpp:2194
WebCore::RenderLayer::paintLayer(RenderLayer::WebCore
*,GraphicsContext::WebCore *,IntRect::WebCore
const&,PaintRestriction::WebCore,RenderObject::WebCore *,HashMap::WTF
*,UINT)
    third_party/webkit/webcore/rendering/renderlayer.cpp:1971
WebCore::RenderLayer::paint(GraphicsContext::WebCore *,IntRect::WebCore
const&,PaintRestriction::WebCore,RenderObject::WebCore *)
    third_party/webkit/webcore/page/frameview.cpp:1454
WebCore::FrameView::paintContents(GraphicsContext::WebCore
*,IntRect::WebCore const&)
    third_party/webkit/webcore/platform/scrollview.cpp:755
WebCore::ScrollView::paint(GraphicsContext::WebCore *,IntRect::WebCore
const&)
    webkit/glue/webframe_impl.cc:1498
WebFrameImpl::Paint(PlatformCanvas::skia *,WebRect::WebKit const&)
    webkit/glue/webview_impl.cc:989  WebViewImpl::paint(PlatformCanvas::skia
*,WebRect::WebKit const&)
    chrome/renderer/render_view.cc:577  RenderView::CaptureThumbnail(WebView
*,int,int,SkBitmap *,ThumbnailScore *)
    chrome/renderer/render_view.cc:445  RenderView::SendThumbnail(void)
    chrome/renderer/render_view.cc:519
RenderView::CapturePageInfo(int,bool)
    base/tuple.h:429  ?
dispatchtomet...@vrenderview@@p...@aexh_n@ZH_N@@YAXPAVRenderView@@p...@aexh_n
@zabu?$tup...@h_n@@@Z
    ^^^

--
You received this message because you are listed in the owner
or CC fields of this issue, or because you starred this issue.
You may adjust your issue notification preferences at:
http://code.google.com/hosting/settings

--~--~---------~--~----~------------~-------~--~----~
Automated mail from issue updates at http://crbug.com/
Subscription options: http://groups.google.com/group/chromium-bugs
-~----------~----~----~----~------~----~------~--~---

Reply via email to