Commit 2c63b57a authored by adamk@chromium.org's avatar adamk@chromium.org

Always zero-out m_sortedTextBoxesPosition to avoid uninitialized read in TextIterator

https://bugs.webkit.org/show_bug.cgi?id=67810

Reviewed by Tony Chang.

Reported as a valgrind failure in http://crbug.com/84777.

No possible change in behavior, so no tests. The unitialized read
could never have an impact:

   if (m_sortedTextBoxesPosition + 1 < m_sortedTextBoxes.size()) ...

Since m_sortedTextBoxes.size() will be zero here if
m_sortedTextBoxesPosition is uninitialized, and they're both unsigned,
so no possible value of m_sortedTextBoxesPosition could be < 0.

* editing/TextIterator.cpp:
(WebCore::TextIterator::TextIterator):


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@94824 268f45cc-cd09-0410-ab3c-d52691b4dbfc
parent 7a8a9709
2011-09-08 Adam Klein <adamk@chromium.org>
Always zero-out m_sortedTextBoxesPosition to avoid uninitialized read in TextIterator
https://bugs.webkit.org/show_bug.cgi?id=67810
Reviewed by Tony Chang.
Reported as a valgrind failure in http://crbug.com/84777.
No possible change in behavior, so no tests. The unitialized read
could never have an impact:
if (m_sortedTextBoxesPosition + 1 < m_sortedTextBoxes.size()) ...
Since m_sortedTextBoxes.size() will be zero here if
m_sortedTextBoxesPosition is uninitialized, and they're both unsigned,
so no possible value of m_sortedTextBoxesPosition could be < 0.
* editing/TextIterator.cpp:
(WebCore::TextIterator::TextIterator):
2011-09-08 Tony Chang <tony@chromium.org>
Cleanup of switch statements with default cases
......@@ -253,6 +253,7 @@ TextIterator::TextIterator()
, m_remainingTextBox(0)
, m_firstLetterText(0)
, m_lastCharacter(0)
, m_sortedTextBoxesPosition(0)
, m_emitsCharactersBetweenAllVisiblePositions(false)
, m_entersTextControls(false)
, m_emitsTextWithoutTranscoding(false)
......@@ -272,6 +273,7 @@ TextIterator::TextIterator(const Range* r, TextIteratorBehavior behavior)
, m_textLength(0)
, m_remainingTextBox(0)
, m_firstLetterText(0)
, m_sortedTextBoxesPosition(0)
, m_emitsCharactersBetweenAllVisiblePositions(behavior & TextIteratorEmitsCharactersBetweenAllVisiblePositions)
, m_entersTextControls(behavior & TextIteratorEntersTextControls)
, m_emitsTextWithoutTranscoding(behavior & TextIteratorEmitsTextsWithoutTranscoding)
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment