94736 2012-08-22 11:31:37 -0700 [CSS Shaders] [ANGLE] RenameFunction::RenameFunction may store references to temporary string 2012-08-27 13:54:15 -0700 1 1 1 Unclassified WebKit CSS 528+ (Nightly build) Unspecified Unspecified RESOLVED FIXED P2 Normal --- 94728 0 jnetterfield mvujovic achicu mvujovic rwlbuis staikos webkit.review.bot oldest_to_newest 702102 0 jnetterfield 2012-08-22 11:31:37 -0700 http://code.google.com/p/angleproject/issues/detail?id=360 When RenameFunction::RenameFunction(const TString& oldFunctionName, const TString& newFunctionName) is called from TCompiler::rewriteCSSShader(TIntermNode*), references to the temporaries oldFunctionName and newFunctionName are stored as mOldFunctionName and mNewFunctionName. This results in undefined behaviour in visitAggregate. Possible fix in RenameFunction.h: private: - const TString& mOldFunctionName; + const TString mOldFunctionName; - const TString& mNewFunctionName; + const TString mNewFunctionName; 702293 1 mvujovic 2012-08-22 13:47:37 -0700 Good catch. Thanks Joshua. We'll fix this in ANGLE first. 703461 2 160263 jnetterfield 2012-08-23 15:30:06 -0700 Created attachment 160263 Patch 703476 3 mvujovic 2012-08-23 15:41:17 -0700 Thanks for the patch! FYI, you don't need to worry about the style bot when you're touching ANGLE code. We have bug 90909 to teach the style bot to ignore the ANGLE directory. 704096 4 staikos 2012-08-24 07:39:15 -0700 (In reply to comment #1) > Good catch. Thanks Joshua. We'll fix this in ANGLE first. Are you saying you would rather the patch not land here but instead in ANGLE first? 704098 5 jnetterfield 2012-08-24 07:42:28 -0700 The whole ANGLE directory gets replaced with the latest version from Google every once in a while. IMO, there's no point in updating all of ANGLE just for this. 704151 6 mvujovic 2012-08-24 09:26:02 -0700 (In reply to comment #4) > (In reply to comment #1) > > Good catch. Thanks Joshua. We'll fix this in ANGLE first. > > Are you saying you would rather the patch not land here but instead in ANGLE first? That's what I was saying, but I think it's fine to land this now, since we have a patch prepped for ANGLE already. (In reply to comment #5) > The whole ANGLE directory gets replaced with the latest version from Google every once in a while. IMO, there's no point in updating all of ANGLE just for this. I totally agree. 704421 7 160263 webkit.review.bot 2012-08-24 14:36:41 -0700 Comment on attachment 160263 Patch Clearing flags on attachment: 160263 Committed r126625: <http://trac.webkit.org/changeset/126625> 704422 8 webkit.review.bot 2012-08-24 14:36:45 -0700 All reviewed patches have been landed. Closing bug. 705635 9 mvujovic 2012-08-27 13:54:15 -0700 Fix has been upstreamed in ANGLE r1266: http://code.google.com/p/angleproject/source/detail?r=1266 160263 2012-08-23 15:30:06 -0700 2012-08-24 14:36:41 -0700 Patch bug-94736-20120823182823.patch text/plain 2295 jnetterfield U3VidmVyc2lvbiBSZXZpc2lvbjogMTI2NDgyCmRpZmYgLS1naXQgYS9Tb3VyY2UvVGhpcmRQYXJ0 eS9BTkdMRS9DaGFuZ2VMb2cgYi9Tb3VyY2UvVGhpcmRQYXJ0eS9BTkdMRS9DaGFuZ2VMb2cKaW5k ZXggOGU4MmM4NDc0NDkwMTBkYjk1MjViZTg2YjI5NDMwNjc5ZGMzYjE1Ny4uZDI5NmI4YzE3MmYw MTZmMDU5OGM5YmE5MzVmZjgxNGQ0Njg4M2Q0OCAxMDA2NDQKLS0tIGEvU291cmNlL1RoaXJkUGFy dHkvQU5HTEUvQ2hhbmdlTG9nCisrKyBiL1NvdXJjZS9UaGlyZFBhcnR5L0FOR0xFL0NoYW5nZUxv ZwpAQCAtMSwzICsxLDIzIEBACisyMDEyLTA4LTIzICBKb3NodWEgTmV0dGVyZmllbGQgIDxqbmV0 dGVyZmllbGRAcmltLmNvbT4KKworICAgICAgICBbQ1NTIFNoYWRlcnNdIFtBTkdMRV0gUmVuYW1l RnVuY3Rpb246OlJlbmFtZUZ1bmN0aW9uIG1heSBzdG9yZSByZWZlcmVuY2VzIHRvIHRlbXBvcmFy eSBzdHJpbmcKKyAgICAgICAgaHR0cHM6Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcuY2dpP2lk PTk0NzM2CisgICAgICAgIGh0dHA6Ly9jb2RlLmdvb2dsZS5jb20vcC9hbmdsZXByb2plY3QvaXNz dWVzL2RldGFpbD9pZD0zNjAKKworICAgICAgICBSZXZpZXdlZCBieSBOT0JPRFkgKE9PUFMhKS4K KworICAgICAgICBXaGVuIFJlbmFtZUZ1bmN0aW9uOjpSZW5hbWVGdW5jdGlvbihjb25zdCBUU3Ry aW5nJiBvbGRGdW5jdGlvbk5hbWUsIGNvbnN0IFRTdHJpbmcmCisgICAgICAgIG5ld0Z1bmN0aW9u TmFtZSkgaXMgY2FsbGVkIGZyb20gVENvbXBpbGVyOjpyZXdyaXRlQ1NTU2hhZGVyKFRJbnRlcm1O b2RlKiksIHJlZmVyZW5jZXMgdG8KKyAgICAgICAgdGhlIHRlbXBvcmFyaWVzIG9sZEZ1bmN0aW9u TmFtZSBhbmQgbmV3RnVuY3Rpb25OYW1lIGFyZSBzdG9yZWQgYXMgbU9sZEZ1bmN0aW9uTmFtZSBh bmQKKyAgICAgICAgbU5ld0Z1bmN0aW9uTmFtZS4gVGhpcyByZXN1bHRzIGluIHVuZGVmaW5lZCBi ZWhhdmlvdXIgaW4gdmlzaXRBZ2dyZWdhdGUuCisKKyAgICAgICAgVGhpcyBzYW1lIHBhdGNoIGlz IGJlaW5nIGFwcGxpZWQgaW4gdXBzdHJlYW0gQU5HTEUsIGFuZCBpcyBuZWVkZWQgZm9yIENTUyBT aGFkZXIKKyAgICAgICAgc2FuaXRpemF0aW9uLgorCisgICAgICAgICogc3JjL2NvbXBpbGVyL1Jl bmFtZUZ1bmN0aW9uLmg6CisgICAgICAgIChSZW5hbWVGdW5jdGlvbjo6dmlzaXRBZ2dyZWdhdGUp OgorICAgICAgICAoUmVuYW1lRnVuY3Rpb24pOgorCiAyMDEyLTA3LTE4ICBLcmlzdMOzZiBLb3N6 dHnDsyAgPGtrcmlzdG9mQGluZi51LXN6ZWdlZC5odT4KIAogICAgICAgICBbUXRdIEJ1aWxkZml4 IGFmdGVyIHIxMjI4NzAuCmRpZmYgLS1naXQgYS9Tb3VyY2UvVGhpcmRQYXJ0eS9BTkdMRS9zcmMv Y29tcGlsZXIvUmVuYW1lRnVuY3Rpb24uaCBiL1NvdXJjZS9UaGlyZFBhcnR5L0FOR0xFL3NyYy9j b21waWxlci9SZW5hbWVGdW5jdGlvbi5oCmluZGV4IGNmZGI0MGRhOTI4NTk2NTk3N2I4YzU3MzJj ZWI4YWFkNDRlMmY5ZGMuLjljZDZlNWU1M2VlZTdjYzUzM2VlNmYzYjFiNDAyMDJjMjkyZWY5OTQg MTAwNjQ0Ci0tLSBhL1NvdXJjZS9UaGlyZFBhcnR5L0FOR0xFL3NyYy9jb21waWxlci9SZW5hbWVG dW5jdGlvbi5oCisrKyBiL1NvdXJjZS9UaGlyZFBhcnR5L0FOR0xFL3NyYy9jb21waWxlci9SZW5h bWVGdW5jdGlvbi5oCkBAIC0yMCw3ICsyMCw3IEBAIHB1YmxpYzoKICAgICAsIG1PbGRGdW5jdGlv bk5hbWUob2xkRnVuY3Rpb25OYW1lKQogICAgICwgbU5ld0Z1bmN0aW9uTmFtZShuZXdGdW5jdGlv bk5hbWUpIHt9CiAKLSAgICB2aXJ0dWFsIGJvb2wgdmlzaXRBZ2dyZWdhdGUoVmlzaXQgdmlzaXQs IFRJbnRlcm1BZ2dyZWdhdGUqIG5vZGUpCisgICAgdmlydHVhbCBib29sIHZpc2l0QWdncmVnYXRl KFZpc2l0LCBUSW50ZXJtQWdncmVnYXRlKiBub2RlKQogICAgIHsKICAgICAgICAgVE9wZXJhdG9y IG9wID0gbm9kZS0+Z2V0T3AoKTsKICAgICAgICAgaWYgKChvcCA9PSBFT3BGdW5jdGlvbiB8fCBv cCA9PSBFT3BGdW5jdGlvbkNhbGwpICYmIG5vZGUtPmdldE5hbWUoKSA9PSBtT2xkRnVuY3Rpb25O YW1lKQpAQCAtMjksOCArMjksOCBAQCBwdWJsaWM6CiAgICAgfQogCiBwcml2YXRlOgotICAgIGNv bnN0IFRTdHJpbmcmIG1PbGRGdW5jdGlvbk5hbWU7Ci0gICAgY29uc3QgVFN0cmluZyYgbU5ld0Z1 bmN0aW9uTmFtZTsKKyAgICBjb25zdCBUU3RyaW5nIG1PbGRGdW5jdGlvbk5hbWU7CisgICAgY29u c3QgVFN0cmluZyBtTmV3RnVuY3Rpb25OYW1lOwogfTsKIAogI2VuZGlmICAvLyBDT01QSUxFUl9S RU5BTUVfRlVOQ1RJT04K