Issue 4529074: Fix uninitialized memory in Sk2DPathEffect

Keyboard Shortcuts

	File
u :	up to issue
m :	publish + mail comments
M :	edit review message
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line
<Enter> :	respond to / edit current comment
d :	mark current comment as done

	Issue
u :	up to list of issues
m :	publish + mail comments
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue
# :	close issue

	Comment/message editing
<Ctrl> + s or <Ctrl> + Enter :	save comment
<Esc> :	cancel edit

Issue 4529074: Fix uninitialized memory in Sk2DPathEffect (Closed)

Can't Edit
Can't Publish+Mail
Start Review

Created:
13 years, 5 months ago by Stephen White

Modified:
13 years, 5 months ago

Reviewers:
reed, bsalomon, reed1

Base URL:
http://skia.googlecode.com/svn/trunk/

Visibility:
Public.

Description

The SkDescriptor checksum calculation for Sk2DPathEffect currently evaluates all the bytes in the embedded SkMatrix. This includes the type mask, which contains some uninitialized padding. Changing it to use SkMatrix::flatten() and SkMatrix::unflatten() (as SkGroupShape was doing) avoids the uninitialized data errors. To test, run SampleApp under valgrind and look for the absence of: ==5490== Conditional jump or move depends on uninitialised value(s) ==5490== at 0x402ABC9: bcmp (mc_replace_strmem.c:567) ==5490== by 0x47C55C: SkPaint::descriptorProc(SkMatrix const*, void (*)(SkDescriptor const*, void*), void*, bool) const (SkPaint.cpp:1440) ==5490== by 0x47C73B: SkPaint::detachCache(SkMatrix const*) const (SkPaint.cpp:1450) ==5490== by 0x4662A0: SkAutoGlyphCache::SkAutoGlyphCache(SkPaint const&, SkMatrix const*) (SkGlyphCache.h:287) ==5490== by 0x4628C7: SkDraw::drawText(char const*, unsigned long, float, float, SkPaint const&) const (SkDraw.cpp:1584) ==5490== by 0x45D2C1: SkDevice::drawText(SkDraw const&, void const*, unsigned long, float, float, SkPaint const&) (SkDevice.cpp:197) ==5490== by 0x451CA6: SkCanvas::drawText(void const*, unsigned long, float, float, SkPaint const&) (SkCanvas.cpp:1393) ==5490== by 0x40DB6F: ClockFaceView::onDraw(SkCanvas*) (ClockFaceView.cpp:230)

Patch Set 1 #

Total comments: 1

Created: 13 years, 5 months ago

Download [raw] [tar.bz2]

		Unified diffs	Side-by-side diffs	Delta from patch set	Stats (+8 lines, -2 lines)			Patch
		src/effects/Sk2DPathEffect.cpp	View		1 chunk	+8 lines, -2 lines	1 comment	Download

Messages

Total messages: 4

Expand All Messages | Collapse All Messages

reed1

I had just made a similar fix in the pipe code. Good catch. LGTM

13 years, 5 months ago (2011-05-20 18:58:39 UTC) #2

reed1

http://codereview.appspot.com/4529074/diff/1/src/effects/Sk2DPathEffect.cpp File src/effects/Sk2DPathEffect.cpp (right): http://codereview.appspot.com/4529074/diff/1/src/effects/Sk2DPathEffect.cpp#newcode94 src/effects/Sk2DPathEffect.cpp:94: uint32_t size = buffer.readS32(); maybe add this? SkASSERT(size <= ...

13 years, 5 months ago (2011-05-20 18:59:46 UTC) #3

Stephen White

13 years, 5 months ago (2011-05-20 19:19:23 UTC) #4

On 2011/05/20 18:59:46, reed1 wrote:
> http://codereview.appspot.com/4529074/diff/1/src/effects/Sk2DPathEffect.cpp
> File src/effects/Sk2DPathEffect.cpp (right):
> 
>
http://codereview.appspot.com/4529074/diff/1/src/effects/Sk2DPathEffect.cpp#n...
> src/effects/Sk2DPathEffect.cpp:94: uint32_t size = buffer.readS32();
> maybe add this?
> 
> SkASSERT(size <= sizeof(storage));

Done.  Landed as r1395.  Closing.

Expand All Messages | Collapse All Messages