Title: [233405] trunk/Source/WebCore
- Revision
- 233405
- Author
- [email protected]
- Date
- 2018-06-30 18:49:50 -0700 (Sat, 30 Jun 2018)
Log Message
Asan false positive: stack use after scope under WebCore::ApplyPropertyBorderImageModifier in WebCore::Length::Length(WebCore::Length&&)
https://bugs.webkit.org/show_bug.cgi?id=186980
<rdar://problem/41409838>
Reviewed by Oliver Hunt.
We believe that we have found a bug in GCC's address sanitizer. It is blocking work on other
issues, so work around it by changing a temporary into a local variable.
* css/StyleBuilderCustom.h:
(WebCore::ApplyPropertyBorderImageModifier::applyInitialValue):
Modified Paths
Diff
Modified: trunk/Source/WebCore/ChangeLog (233404 => 233405)
--- trunk/Source/WebCore/ChangeLog 2018-07-01 01:15:38 UTC (rev 233404)
+++ trunk/Source/WebCore/ChangeLog 2018-07-01 01:49:50 UTC (rev 233405)
@@ -1,3 +1,17 @@
+2018-06-30 Michael Catanzaro <[email protected]>
+
+ Asan false positive: stack use after scope under WebCore::ApplyPropertyBorderImageModifier in WebCore::Length::Length(WebCore::Length&&)
+ https://bugs.webkit.org/show_bug.cgi?id=186980
+ <rdar://problem/41409838>
+
+ Reviewed by Oliver Hunt.
+
+ We believe that we have found a bug in GCC's address sanitizer. It is blocking work on other
+ issues, so work around it by changing a temporary into a local variable.
+
+ * css/StyleBuilderCustom.h:
+ (WebCore::ApplyPropertyBorderImageModifier::applyInitialValue):
+
2018-06-30 David Kilzer <[email protected]>
Fix clang static analyzer warnings: Garbage return value
Modified: trunk/Source/WebCore/css/StyleBuilderCustom.h (233404 => 233405)
--- trunk/Source/WebCore/css/StyleBuilderCustom.h 2018-07-01 01:15:38 UTC (rev 233404)
+++ trunk/Source/WebCore/css/StyleBuilderCustom.h 2018-07-01 01:49:50 UTC (rev 233405)
@@ -576,8 +576,12 @@
image.setFill(false);
break;
case Width:
+ // FIXME: This is a local variable to work around a bug in the GCC 8.1 Address Sanitizer.
+ // Might be slightly less efficient when the type is not BorderImage since this is unused in that case.
+ // Should be switched back to a temporary when possible. See https://webkit.org/b/186980
+ LengthBox lengthBox(Length(1, Relative), Length(1, Relative), Length(1, Relative), Length(1, Relative));
// Masks have a different initial value for widths. They use an 'auto' value rather than trying to fit to the border.
- image.setBorderSlices(type == BorderImage ? LengthBox(Length(1, Relative), Length(1, Relative), Length(1, Relative), Length(1, Relative)) : LengthBox());
+ image.setBorderSlices(type == BorderImage ? lengthBox : LengthBox());
break;
}
setValue(styleResolver.style(), image);
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
