Status: Untriaged Owner: [EMAIL PROTECTED] Labels: Type-Bug Pri-2 OS-All Area-Misc
New issue 5306 by [EMAIL PROTECTED]: Uninitialized memory read in LayoutTests\svg\W3C-SVG-1.1\struct-dom-01-b.svg http://code.google.com/p/chromium/issues/detail?id=5306 [W] UMR: Uninitialized memory read in WebCore::StringImpl::computeHash(wchar_t const *,unsigned int) {6 occurrences} Reading 2 bytes from 0x0013d2d0 (2 bytes at 0x0013d2d0 uninitialized) Address 0x0013d2d0 points into a thread's stack Address 0x0013d2d0 is 4 bytes past the start of local variable 'info' in WebCore::V8SVGDynamicPODTypeWrapperCache<SVGLength::WebCore,SVGAnimatedTemplate<SVGLength::WebCore>::WebCore>::lookupOrCreateWrapper(SVGAnim atedTemplate<SVGLength::WebCore>::WebCore *,(SVGAnimatedTemplate<SVGLength::WebCore>::WebCore::*)(SVGLength::WebCore,void,...)) Thread ID: 0xac8 Error location WebCore::StringImpl::computeHash(wchar_t const *,unsigned int) [c:\b\slave\pl\build\src\third_party\webkit\webcore\platform\text\stringimpl.h:194] WebCore::PODTypeWrapperCacheInfoHash<SVGLength::WebCore,SVGAnimatedTemplate<SVGLength::WebCore>::WebCore>::hash(PODTypeWrapperCacheInfo<SVGL ength::WebCore,SVGAnimatedTemplate<SVGLength::WebCore>::WebCore>::WebCore const&) [c:\b\slave\pl\build\src\webkit\port\bindings\v8\v8svgpodtypewrapper.h:263] WTF::HashMapTranslator<pair<PODTypeWrapperCacheInfo<SVGLength::WebCore,SVGAnimatedTemplate<SVGLength::WebCore>::WebCore>::WebCore,V8SVGDynam icPODTypeWrapper<SVGLength::WebCore,SVGAnimatedTemplate<SVGLength::WebCore>::WebCore>::WebCore *>::std,PairHashTraits<PODTypeWrapperCacheInfoTraits<SVGLength::WebCore,SVGAnimatedTemplate<SVGLength::WebCore>::WebCore>::WebCore,HashTrait s<V8SVGDynamicPODTypeWrapper<SVGLength::WebCore,SVGAnimatedTemplate<SVGLength::WebCore>::WebCore>::WebCore *>::WTF>::WTF,PODTypeWrapperCacheInfoHash<SVGLength::WebCore,SVGAnimatedTemplate<SVGLength::WebCore>::WebCore>::WebCore>::hash(PODTypeWrappe rCacheInfo<SVGLength::WebCore,SVGAnimatedTemplate<SVGLength::WebCore>::WebCore>::WebCore const&) [c:\b\slave\pl\build\src\third_party\webkit\javascriptcore\wtf\hashmap.h:101] ??? [c:\b\slave\pl\build\src\third_party\webkit\javascriptcore\wtf\hashtable.h:634 ip=0x0173D4E2] WTF::HashMap<struct WebCore::PODTypeWrapperCacheInfo<class WebCore::SVGLength,class WebCore::SVGAnimatedTemplate<class WebCore::SVGLength> >,class WebCore::V8SVGDynamicPODTypeWrapper<class WebCore::SVGLength,class WebCore::SVGAnimatedTemplate<class WebCore::SVGLength> > *,struct WebCore::PODTypeWrapperCacheInfoHash<class WebCore::SVGLength,class WebCore::SVGAnimatedTemplate<class WebCore::SVGLength> >,struct WebCore::PODTypeWrapperCacheInfoTraits<class WebCore::SVGLength,class WebCore::SVGAnimatedTemplate<class WebCore::SVGLength> >,struct WTF::HashTraits<class WebCore::V8SVGDynamicPODTypeWrapper<class WebCore::SVGLength,class WebCore::SVGAnimatedTemplate<class WebCore::SVGLength> > *> >::inlineAdd( ?? ) throw( ?? ) [c:\b\slave\pl\build\src\third_party\webkit\javascriptcore\wtf\hashmap.h:181] WTF::HashMap<struct WebCore::PODTypeWrapperCacheInfo<class WebCore::SVGLength,class WebCore::SVGAnimatedTemplate<class WebCore::SVGLength> >,class WebCore::V8SVGDynamicPODTypeWrapper<class WebCore::SVGLength,class WebCore::SVGAnimatedTemplate<class WebCore::SVGLength> > *,struct WebCore::PODTypeWrapperCacheInfoHash<class WebCore::SVGLength,class WebCore::SVGAnimatedTemplate<class WebCore::SVGLength> >,struct WebCore::PODTypeWrapperCacheInfoTraits<class WebCore::SVGLength,class WebCore::SVGAnimatedTemplate<class WebCore::SVGLength> >,struct WTF::HashTraits<class WebCore::V8SVGDynamicPODTypeWrapper<class WebCore::SVGLength,class WebCore::SVGAnimatedTemplate<class WebCore::SVGLength> > *> >::set( ?? ) throw( ?? ) [c:\b\slave\pl\build\src\third_party\webkit\javascriptcore\wtf\hashmap.h:188] WebCore::V8SVGDynamicPODTypeWrapperCache<SVGLength::WebCore,SVGAnimatedTemplate<SVGLength::WebCore>::WebCore>::lookupOrCreateWrapper(SVGAnim atedTemplate<SVGLength::WebCore>::WebCore *,(SVGAnimatedTemplate<SVGLength::WebCore>::WebCore::*)(SVGLength::WebCore,void,...)) [c:\b\slave\pl\build\src\webkit\port\bindings\v8\v8svgpodtypewrapper.h:332] WebCore::SVGAnimatedLengthInternal::baseValAttrGetter [c:\b\slave\pl\build\src\webkit\release\obj\v8bindings\derivedsources\v8svganimatedlength.cpp:42] v8::internal::Object::GetPropertyWithCallback(Object::internal::v8 *,Object::internal::v8 *,String::internal::v8 *,Object::internal::v8 *) [c:\b\slave\pl\build\src\v8\src\objects.cc:187] v8::internal::Object::GetProperty(Object::internal::v8 *,LookupResult::internal::v8 *,String::internal::v8 *,PropertyAttributes *) [c:\b\slave\pl\build\src\v8\src\objects.cc:443] v8::internal::LoadIC::Load(InlineCacheState::internal::v8,Handle<Object::internal::v8>::internal::v8,Handle<String::internal::v8>::internal: :v8) [c:\b\slave\pl\build\src\v8\src\ic.cc:543] v8::internal::LoadIC_Miss(Arguments::internal::v8) [c:\b\slave\pl\build\src\v8\src\ic.cc:1085] v8::internal::Invoke [c:\b\slave\pl\build\src\v8\src\execution.cc:87] v8::internal::Execution::Call(Handle<JSFunction::internal::v8>::internal::v8,Handle<Object::internal::v8>::internal::v8,int,Object::internal ::v8 * * *,bool *) [c:\b\slave\pl\build\src\v8\src\execution.cc:117] v8::Function::Call(Handle<Object::v8>::v8,int,Handle<Value::v8>::v8 * const) [c:\b\slave\pl\build\src\v8\src\api.cc:1959] WebCore::V8Proxy::CallFunction(Handle<Function::v8>::v8,Handle<Object::v8>::v8,int,Handle<Value::v8>::v8 * const) [c:\b\slave\pl\build\src\webkit\port\bindings\v8\v8_proxy.cpp:1351] WebCore::V8LazyEventListener::CallListenerFunction(Handle<Value::v8>::v8,Event::WebCore *,bool) [c:\b\slave\pl\build\src\webkit\port\bindings\v8\v8_events.cpp:419] WebCore::V8AbstractEventListener::handleEvent(Event::WebCore *,bool) [c:\b\slave\pl\build\src\webkit\port\bindings\v8\v8_events.cpp:107] WebCore::EventTargetNode::handleLocalEvents(Event::WebCore *,bool) [c:\b\slave\pl\build\src\third_party\webkit\webcore\dom\eventtargetnode.cpp:203] WebCore::EventTargetNode::dispatchGenericEvent(PassRefPtr<Event::WebCore>::WTF,int&) [c:\b\slave\pl\build\src\third_party\webkit\webcore\dom\eventtargetnode.cpp:324] WebCore::SVGElement::sendSVGLoadEventIfPossible(bool) [c:\b\slave\pl\build\src\third_party\webkit\webcore\svg\svgelement.cpp:208] WebCore::SVGElement::finishParsingChildren(void) [c:\b\slave\pl\build\src\third_party\webkit\webcore\svg\svgelement.cpp:220] WebCore::XMLTokenizer::endElementNs(void) [c:\b\slave\pl\build\src\third_party\webkit\webcore\dom\xmltokenizerlibxml2.cpp:786] WebCore::endElementNsHandler [c:\b\slave\pl\build\src\third_party\webkit\webcore\dom\xmltokenizerlibxml2.cpp:999] xmlParseEndTag2 [c:\b\slave\pl\build\src\third_party\libxml\parser.c:8642] xmlParseTryOrFinish [c:\b\slave\pl\build\src\third_party\libxml\parser.c:10390] xmlParseChunk [c:\b\slave\pl\build\src\third_party\libxml\parser.c:10938] WebCore::XMLTokenizer::doWrite(String::WebCore const&) [c:\b\slave\pl\build\src\third_party\webkit\webcore\dom\xmltokenizerlibxml2.cpp:632] WebCore::XMLTokenizer::write(SegmentedString::WebCore const&,bool) [c:\b\slave\pl\build\src\third_party\webkit\webcore\dom\xmltokenizer.cpp:131] WebCore::FrameLoader::write(char const*,int,bool) [c:\b\slave\pl\build\src\third_party\webkit\webcore\loader\frameloader.cpp:1058] -- You received this message because you are listed in the owner or CC fields of this issue, or because you starred this issue. You may adjust your issue notification preferences at: http://code.google.com/hosting/settings --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Chromium-bugs" group. To post to this group, send email to chromium-bugs@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/chromium-bugs?hl=en -~----------~----~----~----~------~----~------~--~---
![[chromium-bugs] Issue 5306 in chromium: Uninitialized memory read in LayoutTests\svg\W3C-SVG-1.1\struct-dom-01-b.svg](/search?l=chromium-bugs@googlegroups.com&q=subject:%22%5C%5Bchromium%5C-bugs%5C%5D+Issue+5306+in+chromium%5C%3A+Uninitialized+memory+read+in++LayoutTests%5C%5Csvg%5C%5CW3C%5C-SVG%5C-1.1%5C%5Cstruct%5C-dom%5C-01%5C-b.svg%22&o=newest){kind=link}
