Context Navigation

← Previous Changeset
Next Changeset →

Changeset 94824 in webkit

Timestamp:

Sep 8, 2011 6:14:50 PM (13 years ago)

Author:

adamk@chromium.org

Message:

Always zero-out m_sortedTextBoxesPosition to avoid uninitialized read in TextIterator
https://bugs.webkit.org/show_bug.cgi?id=67810

Reviewed by Tony Chang.

Reported as a valgrind failure in http://crbug.com/84777.

No possible change in behavior, so no tests. The unitialized read
could never have an impact:

if (m_sortedTextBoxesPosition + 1 < m_sortedTextBoxes.size()) ...

Since m_sortedTextBoxes.size() will be zero here if
m_sortedTextBoxesPosition is uninitialized, and they're both unsigned,
so no possible value of m_sortedTextBoxesPosition could be < 0.

editing/TextIterator.cpp:

(WebCore::TextIterator::TextIterator):

Location:

trunk/Source/WebCore

Files:

: 2 edited

ChangeLog (modified) (1 diff)
editing/TextIterator.cpp (modified) (2 diffs)

Legend:

: Unmodified
: Added
: Removed

trunk/Source/WebCore/ChangeLog

-                      r94823
+                      r94824
+-09-08  Adam Klein  <adamk@chromium.org>
+        Always zero-out m_sortedTextBoxesPosition to avoid uninitialized read in TextIterator
+        https://bugs.webkit.org/show_bug.cgi?id=67810
+        Reviewed by Tony Chang.
+        Reported as a valgrind failure in http://crbug.com/84777.
+        No possible change in behavior, so no tests. The unitialized read
+        could never have an impact:
+           if (m_sortedTextBoxesPosition + 1 < m_sortedTextBoxes.size()) ...
+        Since m_sortedTextBoxes.size() will be zero here if
+        m_sortedTextBoxesPosition is uninitialized, and they're both unsigned,
+        so no possible value of m_sortedTextBoxesPosition could be < 0.
+        * editing/TextIterator.cpp:
+        (WebCore::TextIterator::TextIterator):
 -09-08  Tony Chang  <tony@chromium.org>

trunk/Source/WebCore/editing/TextIterator.cpp

-                      r93347
+                      r94824
     , m_firstLetterText(0)
     , m_lastCharacter(0)
+    , m_sortedTextBoxesPosition(0)
     , m_emitsCharactersBetweenAllVisiblePositions(false)
     , m_entersTextControls(false)
 …
     , m_remainingTextBox(0)
     , m_firstLetterText(0)
+    , m_sortedTextBoxesPosition(0)
     , m_emitsCharactersBetweenAllVisiblePositions(behavior & TextIteratorEmitsCharactersBetweenAllVisiblePositions)
     , m_entersTextControls(behavior & TextIteratorEntersTextControls)

Note: See TracChangeset for help on using the changeset viewer.

Context Navigation

Changeset 94824 in webkit

Legend:

trunk/Source/WebCore/ChangeLog

trunk/Source/WebCore/editing/TextIterator.cpp

Download in other formats: