Status: Untriaged Owner: [EMAIL PROTECTED] Labels: Type-Bug Pri-2 OS-All Area-Misc
New issue 5309 by [EMAIL PROTECTED]: uninitialized memory read in LayoutTests\svg\W3C-SVG-1.1\text-intro-05-t.svg http://code.google.com/p/chromium/issues/detail?id=5309 from a recent purify run: [W] UMR: Uninitialized memory read in WebCore::ContainsMissingGlyphs {2 occurrences} Reading 1 byte from 0x0013b650 (1 byte at 0x0013b650 uninitialized) Address 0x0013b650 points into a thread's stack Address 0x0013b650 is 248 bytes past the start of local variable 'state' in WebCore::Font::floatWidthForComplexText(TextRun::WebCore const&)const Thread ID: 0xf70 Error location WebCore::ContainsMissingGlyphs [c:\b\slave\pl\build\src\webkit\port\platform\graphics\uniscribehelper.cpp:37] WebCore::UniscribeHelper::Shape(wchar_t const *,int,int,struct tag_SCRIPT_ITEM &,struct WebCore::UniscribeHelper::Shaping &) [c:\b\slave\pl\build\src\webkit\port\platform\graphics\uniscribehelper.cpp:543] WebCore::UniscribeHelper::FillShapes(void) [c:\b\slave\pl\build\src\webkit\port\platform\graphics\uniscribehelper.cpp:668] WebCore::UniscribeHelper::InitWithOptionalLengthProtection(bool) [c:\b\slave\pl\build\src\webkit\port\platform\graphics\uniscribehelper.cpp:114] WebCore::UniscribeHelper::Init(void) [c:\b\slave\pl\build\src\webkit\port\platform\graphics\uniscribehelper.h:126] WebCore::UniscribeHelperTextRun::UniscribeHelperTextRun(TextRun::WebCore const&,Font::WebCore const&) [c:\b\slave\pl\build\src\webkit\port\platform\graphics\uniscribehelpertextrun.cpp:50] WebCore::Font::floatWidthForComplexText(TextRun::WebCore const&)const [c:\b\slave\pl\build\src\webkit\port\platform\graphics\fontwin.cpp:186] WebCore::Font::floatWidth(TextRun::WebCore const&,int,int&,String::WebCore&)const [c:\b\slave\pl\build\src\third_party\webkit\webcore\platform\graphics\font.cpp:518] WebCore::SVGInlineTextBox::calculateGlyphWidth(RenderStyle::WebCore *,int,int,int&,String::WebCore&)const [c:\b\slave\pl\build\src\third_party\webkit\webcore\rendering\svginlinetextbox.cpp:80] WebCore::SVGRootInlineBox::buildLayoutInformationForTextBox(SVGCharacterLayoutInfo::WebCore&,InlineTextBox::WebCore *,LastGlyphInfo::WebCore&) [c:\b\slave\pl\build\src\third_party\webkit\webcore\rendering\svgrootinlinebox.cpp:1134] WebCore::SVGRootInlineBox::buildLayoutInformation(InlineFlowBox::WebCore *,SVGCharacterLayoutInfo::WebCore&) [c:\b\slave\pl\build\src\third_party\webkit\webcore\rendering\svgrootinlinebox.cpp:913] WebCore::SVGRootInlineBox::computePerCharacterLayoutInformation(void) [c:\b\slave\pl\build\src\third_party\webkit\webcore\rendering\svgrootinlinebox.cpp:876] WebCore::RenderBlock::layoutInlineChildren(bool,int&,int&) [c:\b\slave\pl\build\src\third_party\webkit\webcore\rendering\bidi.cpp:1032] WebCore::RenderBlock::layoutBlock(bool) [c:\b\slave\pl\build\src\third_party\webkit\webcore\rendering\renderblock.cpp:655] WebCore::RenderBlock::layout(void) [c:\b\slave\pl\build\src\third_party\webkit\webcore\rendering\renderblock.cpp:568] WebCore::RenderSVGText::layout(void) [c:\b\slave\pl\build\src\third_party\webkit\webcore\rendering\rendersvgtext.cpp:103] WebCore::RenderObject::layoutIfNeeded(void) [c:\b\slave\pl\build\src\third_party\webkit\webcore\rendering\renderobject.h:512] WebCore::RenderSVGContainer::layout(void) [c:\b\slave\pl\build\src\third_party\webkit\webcore\rendering\rendersvgcontainer.cpp:253] WebCore::RenderObject::layoutIfNeeded(void) [c:\b\slave\pl\build\src\third_party\webkit\webcore\rendering\renderobject.h:512] WebCore::RenderSVGRoot::layout(void) [c:\b\slave\pl\build\src\third_party\webkit\webcore\rendering\rendersvgroot.cpp:112] WebCore::RenderBlock::layoutBlockChildren(bool,int&) [c:\b\slave\pl\build\src\third_party\webkit\webcore\rendering\renderblock.cpp:1330] WebCore::RenderBlock::layoutBlock(bool) [c:\b\slave\pl\build\src\third_party\webkit\webcore\rendering\renderblock.cpp:657] WebCore::RenderBlock::layout(void) [c:\b\slave\pl\build\src\third_party\webkit\webcore\rendering\renderblock.cpp:568] WebCore::RenderView::layout(void) [c:\b\slave\pl\build\src\third_party\webkit\webcore\rendering\renderview.cpp:118] WebCore::FrameView::layout(bool) [c:\b\slave\pl\build\src\third_party\webkit\webcore\page\frameview.cpp:529] WebCore::Document::implicitClose(void) [c:\b\slave\pl\build\src\third_party\webkit\webcore\dom\document.cpp:1711] WebCore::FrameLoader::checkCallImplicitClose(void) [c:\b\slave\pl\build\src\third_party\webkit\webcore\loader\frameloader.cpp:1371] WebCore::FrameLoader::checkCompleted(void) [c:\b\slave\pl\build\src\third_party\webkit\webcore\loader\frameloader.cpp:1323] WebCore::FrameLoader::finishedParsing(void) [c:\b\slave\pl\build\src\third_party\webkit\webcore\loader\frameloader.cpp:1273] WebCore::Document::finishedParsing(void) [c:\b\slave\pl\build\src\third_party\webkit\webcore\dom\document.cpp:3961] -- You received this message because you are listed in the owner or CC fields of this issue, or because you starred this issue. You may adjust your issue notification preferences at: http://code.google.com/hosting/settings --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Chromium-bugs" group. To post to this group, send email to chromium-bugs@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/chromium-bugs?hl=en -~----------~----~----~----~------~----~------~--~---
![[chromium-bugs] Issue 5309 in chromium: uninitialized memory read in LayoutTests\svg\W3C-SVG-1.1\text-intro-05-t.svg](/search?l=chromium-bugs@googlegroups.com&q=subject:%22%5C%5Bchromium%5C-bugs%5C%5D+Issue+5309+in+chromium%5C%3A+uninitialized+memory+read+in++LayoutTests%5C%5Csvg%5C%5CW3C%5C-SVG%5C-1.1%5C%5Ctext%5C-intro%5C-05%5C-t.svg%22&o=newest){kind=link}
