New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.
Starred by 4 users
Status: Fixed
Owner:
User never visited
Closed: Sep 2011
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: All
Pri: 2
Type: Bug-Security

Restricted
  • Only users with EditIssue permission may comment.



Sign in to add a comment
Valgrind reports issues in icu_46::RegexMatcher
Reported by dhollowa@chromium.org, May 6 2011 Back to list
What steps will reproduce the problem?
1. Run Valgrind bot
2. Notice issue in icu_46::RegexMatcher

What is the expected output?
  No issues.

What do you see instead?

http://build.chromium.org/p/chromium.memory/builders/Chromium%20Mac%20%28valgrind%29/builds/3205/steps/memory%20test%3A%20unit_1/logs/stdio

17:04:02 memcheck_analyze.py [ERROR] FAIL! There were 3 errors: 
17:04:07 memcheck_analyze.py [ERROR] Command: src/xcodebuild/Release/unit_tests --gtest_filter=-P2PTransportImplTest.FAILS_SendDataTcp:SyncBackendHostTest.FLAKY_InitShutdown:WebDropTargetTest.FAILS_URL:NSMenuItemAdditionsTest.TestMOnDifferentLayouts:SyncBackendHostTest.InitShutdown:PrefsControllerTest.ShowAndClose:P2PTransportImplTest.Create:PrefsControllerTest.FLAKY_ShowAndClose:P2PTransportImplTest.FLAKY_SendDataUdp:VisitedLinkRelayTest.Basics:ConnectionTesterTest.FLAKY_RunAllTests:WebDropTargetTest.FLAKY_Data:PrefsControllerTest.FAILS_SwitchToPage:SignedSettingsTest.FLAKY_StorePolicyNoPolicyData:ConnectionTesterTest.FAILS_RunAllTests:PredictorTest.FAILS_MassiveConcurrentLookupTest:P2PTransportImplTest.FAILS_ConnectTcp:RenderViewTest.ImeComposition:FirefoxImporterTest.FLAKY_Firefox3NSS3Decryptor:FirefoxImporterTest.FAILS_Firefox3NSS3Decryptor:PrefsControllerTest.FAILS_GetPrefsViewForPage:ProcessInfoSnapshotMacTest.EffectiveVsRealUserIDTest:VisitedLinkEventsTest.FLAKY_Coalescense:P2PTransportImplTest.FLAKY_SendDataTcp:P2PTransportImplTest.FAILS_ConnectUdp:P2PTransportImplTest.FAILS_Create:P2PTransportImplTest.ConnectUdp:SyncBackendHostTest.FAILS_InitShutdown:RenderViewTest.FLAKY_ImeComposition:P2PTransportImplTest.FLAKY_ConnectUdp:RenderViewTest.FAILS_ImeComposition:P2PTransportImplTest.ConnectTcp:SignedSettingsTest.StorePolicyNoPolicyData:PrefsControllerTest.SwitchToPage:ProcessInfoSnapshotMacTest.FLAKY_EffectiveVsRealUserIDTest:VisitedLinkRelayTest.FAILS_Basics:PredictorTest.FLAKY_MassiveConcurrentLookupTest:WebDropTargetTest.FLAKY_URL:VisitedLinkEventsTest.FAILS_Coalescense:BookmarkBarControllerTest.DeleteFromOffTheSideWhileItIsOpen:VisitedLinkEventsTest.Coalescense:BookmarkBarControllerTest.FLAKY_DeleteFromOffTheSideWhileItIsOpen:PrefsControllerTest.FLAKY_GetPrefsViewForPage:PrefsControllerTest.GetToolbarItemForPage:ProcessInfoSnapshotMacTest.FAILS_EffectiveVsRealUserIDTest:P2PTransportImplTest.FLAKY_ConnectTcp:PrefsControllerTest.FLAKY_GetToolbarItemForPage:P2PTransportImplTest.SendDataTcp:P2PTransportImplTest.FLAKY_Create:InputMethodUtilTest.*:P2PTransportImplTest.FAILS_SendDataUdp:PrefsControllerTest.GetPrefsViewForPage:WebDropTargetTest.Data:BookmarkBarControllerTest.FAILS_DeleteFromOffTheSideWhileItIsOpen:PredictorTest.MassiveConcurrentLookupTest:FirefoxImporterTest.Firefox3NSS3Decryptor:NSMenuItemAdditionsTest.FLAKY_TestMOnDifferentLayouts:PrefsControllerTest.FLAKY_SwitchToPage:WebDropTargetTest.FAILS_Data:VisitedLinkRelayTest.FLAKY_Basics:PrefsControllerTest.FAILS_ShowAndClose:ConnectionTesterTest.RunAllTests:IPCSyncChannelTest.*:P2PTransportImplTest.SendDataUdp:WebDropTargetTest.URL:NSMenuItemAdditionsTest.FAILS_TestMOnDifferentLayouts:SignedSettingsTest.FAILS_StorePolicyNoPolicyData:PrefsControllerTest.FAILS_GetToolbarItemForPage --gtest_print_time
UninitValue
Use of uninitialised value of size 4
  ucase_toFullFolding_46
  icu_46::RegexMatcher::MatchChunkAt(int, signed char, UErrorCode&)
  icu_46::RegexMatcher::matches(long long, UErrorCode&)
  IcuRegularExpression::Match(char const*, bool, std::basic_string<char, std::char_traits<char>, std::allocator<char> >*) const
  i18n::phonenumbers::PhoneNumberUtil::IsViablePhoneNumber(std::basic_string<char, std::char_traits<char>, std::allocator<char> > const&)
  i18n::phonenumbers::PhoneNumberUtil::ParseHelper(std::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, bool, bool, i18n::phonenumbers::PhoneNumber*) const
  i18n::phonenumbers::PhoneNumberUtil::Parse(std::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, i18n::phonenumbers::PhoneNumber*) const
  autofill_i18n::PhoneNumbersMatch(std::basic_string<unsigned short, base::string16_char_traits, std::allocator<unsigned short> > const&, std::basic_string<unsigned short, base::string16_char_traits, std::allocator<unsigned short> > const&, std::basic_string<char, std::char_traits<char>, std::allocator<char> > const&)
  PhoneNumberI18NTest_PhoneNumbersMatch_Test::TestBody()
  void testing::internal::HandleSehExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*)
  void testing::internal::HandleExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*)
  testing::Test::Run()
Suppression (error hash=#FFFFFFFFF539CC33#):
{
   <insert_a_suppression_name_here>
   Memcheck:Value4
   fun:ucase_toFullFolding_46
   fun:_ZN6icu_4612RegexMatcher12MatchChunkAtEiaR10UErrorCode
   fun:_ZN6icu_4612RegexMatcher7matchesExR10UErrorCode
   fun:_ZNK20IcuRegularExpression5MatchEPKcbPSs
   fun:_ZN4i18n12phonenumbers15PhoneNumberUtil19IsViablePhoneNumberERKSs
   fun:_ZNK4i18n12phonenumbers15PhoneNumberUtil11ParseHelperERKSsS3_bbPNS0_11PhoneNumberE
   fun:_ZNK4i18n12phonenumbers15PhoneNumberUtil5ParseERKSsS3_PNS0_11PhoneNumberE
   fun:_ZN13autofill_i18n17PhoneNumbersMatchERKSbItN4base20string16_char_traitsESaItEES5_RKSs
   fun:_ZN42PhoneNumberI18NTest_PhoneNumbersMatch_Test8TestBodyEv
   fun:_ZN7testing8internal38HandleSehExceptionsInMethodIfSupportedINS_4TestEvEET0_PT_MS4_FS3_vEPKc
   fun:_ZN7testing8internal35HandleExceptionsInMethodIfSupportedINS_4TestEvEET0_PT_MS4_FS3_vEPKc
}

17:04:07 memcheck_analyze.py [ERROR] Command: src/xcodebuild/Release/unit_tests --gtest_filter=-P2PTransportImplTest.FAILS_SendDataTcp:SyncBackendHostTest.FLAKY_InitShutdown:WebDropTargetTest.FAILS_URL:NSMenuItemAdditionsTest.TestMOnDifferentLayouts:SyncBackendHostTest.InitShutdown:PrefsControllerTest.ShowAndClose:P2PTransportImplTest.Create:PrefsControllerTest.FLAKY_ShowAndClose:P2PTransportImplTest.FLAKY_SendDataUdp:VisitedLinkRelayTest.Basics:ConnectionTesterTest.FLAKY_RunAllTests:WebDropTargetTest.FLAKY_Data:PrefsControllerTest.FAILS_SwitchToPage:SignedSettingsTest.FLAKY_StorePolicyNoPolicyData:ConnectionTesterTest.FAILS_RunAllTests:PredictorTest.FAILS_MassiveConcurrentLookupTest:P2PTransportImplTest.FAILS_ConnectTcp:RenderViewTest.ImeComposition:FirefoxImporterTest.FLAKY_Firefox3NSS3Decryptor:FirefoxImporterTest.FAILS_Firefox3NSS3Decryptor:PrefsControllerTest.FAILS_GetPrefsViewForPage:ProcessInfoSnapshotMacTest.EffectiveVsRealUserIDTest:VisitedLinkEventsTest.FLAKY_Coalescense:P2PTransportImplTest.FLAKY_SendDataTcp:P2PTransportImplTest.FAILS_ConnectUdp:P2PTransportImplTest.FAILS_Create:P2PTransportImplTest.ConnectUdp:SyncBackendHostTest.FAILS_InitShutdown:RenderViewTest.FLAKY_ImeComposition:P2PTransportImplTest.FLAKY_ConnectUdp:RenderViewTest.FAILS_ImeComposition:P2PTransportImplTest.ConnectTcp:SignedSettingsTest.StorePolicyNoPolicyData:PrefsControllerTest.SwitchToPage:ProcessInfoSnapshotMacTest.FLAKY_EffectiveVsRealUserIDTest:VisitedLinkRelayTest.FAILS_Basics:PredictorTest.FLAKY_MassiveConcurrentLookupTest:WebDropTargetTest.FLAKY_URL:VisitedLinkEventsTest.FAILS_Coalescense:BookmarkBarControllerTest.DeleteFromOffTheSideWhileItIsOpen:VisitedLinkEventsTest.Coalescense:BookmarkBarControllerTest.FLAKY_DeleteFromOffTheSideWhileItIsOpen:PrefsControllerTest.FLAKY_GetPrefsViewForPage:PrefsControllerTest.GetToolbarItemForPage:ProcessInfoSnapshotMacTest.FAILS_EffectiveVsRealUserIDTest:P2PTransportImplTest.FLAKY_ConnectTcp:PrefsControllerTest.FLAKY_GetToolbarItemForPage:P2PTransportImplTest.SendDataTcp:P2PTransportImplTest.FLAKY_Create:InputMethodUtilTest.*:P2PTransportImplTest.FAILS_SendDataUdp:PrefsControllerTest.GetPrefsViewForPage:WebDropTargetTest.Data:BookmarkBarControllerTest.FAILS_DeleteFromOffTheSideWhileItIsOpen:PredictorTest.MassiveConcurrentLookupTest:FirefoxImporterTest.Firefox3NSS3Decryptor:NSMenuItemAdditionsTest.FLAKY_TestMOnDifferentLayouts:PrefsControllerTest.FLAKY_SwitchToPage:WebDropTargetTest.FAILS_Data:VisitedLinkRelayTest.FLAKY_Basics:PrefsControllerTest.FAILS_ShowAndClose:ConnectionTesterTest.RunAllTests:IPCSyncChannelTest.*:P2PTransportImplTest.SendDataUdp:WebDropTargetTest.URL:NSMenuItemAdditionsTest.FAILS_TestMOnDifferentLayouts:SignedSettingsTest.FAILS_StorePolicyNoPolicyData:PrefsControllerTest.FAILS_GetToolbarItemForPage --gtest_print_time
UninitCondition
Conditional jump or move depends on uninitialised value(s)
  icu_46::RegexMatcher::MatchChunkAt(int, signed char, UErrorCode&)
  icu_46::RegexMatcher::matches(long long, UErrorCode&)
  IcuRegularExpression::Match(char const*, bool, std::basic_string<char, std::char_traits<char>, std::allocator<char> >*) const
  i18n::phonenumbers::PhoneNumberUtil::IsViablePhoneNumber(std::basic_string<char, std::char_traits<char>, std::allocator<char> > const&)
  i18n::phonenumbers::PhoneNumberUtil::ParseHelper(std::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, bool, bool, i18n::phonenumbers::PhoneNumber*) const
  i18n::phonenumbers::PhoneNumberUtil::Parse(std::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, i18n::phonenumbers::PhoneNumber*) const
  autofill_i18n::PhoneNumbersMatch(std::basic_string<unsigned short, base::string16_char_traits, std::allocator<unsigned short> > const&, std::basic_string<unsigned short, base::string16_char_traits, std::allocator<unsigned short> > const&, std::basic_string<char, std::char_traits<char>, std::allocator<char> > const&)
  PhoneNumberI18NTest_PhoneNumbersMatch_Test::TestBody()
  void testing::internal::HandleSehExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*)
  void testing::internal::HandleExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*)
  testing::Test::Run()
Suppression (error hash=#00000000791A1BD9#):
{
   <insert_a_suppression_name_here>
   Memcheck:Cond
   fun:_ZN6icu_4612RegexMatcher12MatchChunkAtEiaR10UErrorCode
   fun:_ZN6icu_4612RegexMatcher7matchesExR10UErrorCode
   fun:_ZNK20IcuRegularExpression5MatchEPKcbPSs
   fun:_ZN4i18n12phonenumbers15PhoneNumberUtil19IsViablePhoneNumberERKSs
   fun:_ZNK4i18n12phonenumbers15PhoneNumberUtil11ParseHelperERKSsS3_bbPNS0_11PhoneNumberE
   fun:_ZNK4i18n12phonenumbers15PhoneNumberUtil5ParseERKSsS3_PNS0_11PhoneNumberE
   fun:_ZN13autofill_i18n17PhoneNumbersMatchERKSbItN4base20string16_char_traitsESaItEES5_RKSs
   fun:_ZN42PhoneNumberI18NTest_PhoneNumbersMatch_Test8TestBodyEv
   fun:_ZN7testing8internal38HandleSehExceptionsInMethodIfSupportedINS_4TestEvEET0_PT_MS4_FS3_vEPKc
   fun:_ZN7testing8internal35HandleExceptionsInMethodIfSupportedINS_4TestEvEET0_PT_MS4_FS3_vEPKc
}

17:04:07 memcheck_analyze.py [ERROR] Command: src/xcodebuild/Release/unit_tests --gtest_filter=-P2PTransportImplTest.FAILS_SendDataTcp:SyncBackendHostTest.FLAKY_InitShutdown:WebDropTargetTest.FAILS_URL:NSMenuItemAdditionsTest.TestMOnDifferentLayouts:SyncBackendHostTest.InitShutdown:PrefsControllerTest.ShowAndClose:P2PTransportImplTest.Create:PrefsControllerTest.FLAKY_ShowAndClose:P2PTransportImplTest.FLAKY_SendDataUdp:VisitedLinkRelayTest.Basics:ConnectionTesterTest.FLAKY_RunAllTests:WebDropTargetTest.FLAKY_Data:PrefsControllerTest.FAILS_SwitchToPage:SignedSettingsTest.FLAKY_StorePolicyNoPolicyData:ConnectionTesterTest.FAILS_RunAllTests:PredictorTest.FAILS_MassiveConcurrentLookupTest:P2PTransportImplTest.FAILS_ConnectTcp:RenderViewTest.ImeComposition:FirefoxImporterTest.FLAKY_Firefox3NSS3Decryptor:FirefoxImporterTest.FAILS_Firefox3NSS3Decryptor:PrefsControllerTest.FAILS_GetPrefsViewForPage:ProcessInfoSnapshotMacTest.EffectiveVsRealUserIDTest:VisitedLinkEventsTest.FLAKY_Coalescense:P2PTransportImplTest.FLAKY_SendDataTcp:P2PTransportImplTest.FAILS_ConnectUdp:P2PTransportImplTest.FAILS_Create:P2PTransportImplTest.ConnectUdp:SyncBackendHostTest.FAILS_InitShutdown:RenderViewTest.FLAKY_ImeComposition:P2PTransportImplTest.FLAKY_ConnectUdp:RenderViewTest.FAILS_ImeComposition:P2PTransportImplTest.ConnectTcp:SignedSettingsTest.StorePolicyNoPolicyData:PrefsControllerTest.SwitchToPage:ProcessInfoSnapshotMacTest.FLAKY_EffectiveVsRealUserIDTest:VisitedLinkRelayTest.FAILS_Basics:PredictorTest.FLAKY_MassiveConcurrentLookupTest:WebDropTargetTest.FLAKY_URL:VisitedLinkEventsTest.FAILS_Coalescense:BookmarkBarControllerTest.DeleteFromOffTheSideWhileItIsOpen:VisitedLinkEventsTest.Coalescense:BookmarkBarControllerTest.FLAKY_DeleteFromOffTheSideWhileItIsOpen:PrefsControllerTest.FLAKY_GetPrefsViewForPage:PrefsControllerTest.GetToolbarItemForPage:ProcessInfoSnapshotMacTest.FAILS_EffectiveVsRealUserIDTest:P2PTransportImplTest.FLAKY_ConnectTcp:PrefsControllerTest.FLAKY_GetToolbarItemForPage:P2PTransportImplTest.SendDataTcp:P2PTransportImplTest.FLAKY_Create:InputMethodUtilTest.*:P2PTransportImplTest.FAILS_SendDataUdp:PrefsControllerTest.GetPrefsViewForPage:WebDropTargetTest.Data:BookmarkBarControllerTest.FAILS_DeleteFromOffTheSideWhileItIsOpen:PredictorTest.MassiveConcurrentLookupTest:FirefoxImporterTest.Firefox3NSS3Decryptor:NSMenuItemAdditionsTest.FLAKY_TestMOnDifferentLayouts:PrefsControllerTest.FLAKY_SwitchToPage:WebDropTargetTest.FAILS_Data:VisitedLinkRelayTest.FLAKY_Basics:PrefsControllerTest.FAILS_ShowAndClose:ConnectionTesterTest.RunAllTests:IPCSyncChannelTest.*:P2PTransportImplTest.SendDataUdp:WebDropTargetTest.URL:NSMenuItemAdditionsTest.FAILS_TestMOnDifferentLayouts:SignedSettingsTest.FAILS_StorePolicyNoPolicyData:PrefsControllerTest.FAILS_GetToolbarItemForPage --gtest_print_time
UninitCondition
Conditional jump or move depends on uninitialised value(s)
  ucase_toFullFolding_46
  icu_46::RegexMatcher::MatchChunkAt(int, signed char, UErrorCode&)
  icu_46::RegexMatcher::matches(long long, UErrorCode&)
  IcuRegularExpression::Match(char const*, bool, std::basic_string<char, std::char_traits<char>, std::allocator<char> >*) const
  i18n::phonenumbers::PhoneNumberUtil::IsViablePhoneNumber(std::basic_string<char, std::char_traits<char>, std::allocator<char> > const&)
  i18n::phonenumbers::PhoneNumberUtil::ParseHelper(std::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, bool, bool, i18n::phonenumbers::PhoneNumber*) const
  i18n::phonenumbers::PhoneNumberUtil::Parse(std::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, i18n::phonenumbers::PhoneNumber*) const
  autofill_i18n::PhoneNumbersMatch(std::basic_string<unsigned short, base::string16_char_traits, std::allocator<unsigned short> > const&, std::basic_string<unsigned short, base::string16_char_traits, std::allocator<unsigned short> > const&, std::basic_string<char, std::char_traits<char>, std::allocator<char> > const&)
  PhoneNumberI18NTest_PhoneNumbersMatch_Test::TestBody()
  void testing::internal::HandleSehExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*)
  void testing::internal::HandleExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*)
  testing::Test::Run()
Suppression (error hash=#000000006926059B#):
{
   <insert_a_suppression_name_here>
   Memcheck:Cond
   fun:ucase_toFullFolding_46
   fun:_ZN6icu_4612RegexMatcher12MatchChunkAtEiaR10UErrorCode
   fun:_ZN6icu_4612RegexMatcher7matchesExR10UErrorCode
   fun:_ZNK20IcuRegularExpression5MatchEPKcbPSs
   fun:_ZN4i18n12phonenumbers15PhoneNumberUtil19IsViablePhoneNumberERKSs
   fun:_ZNK4i18n12phonenumbers15PhoneNumberUtil11ParseHelperERKSsS3_bbPNS0_11PhoneNumberE
   fun:_ZNK4i18n12phonenumbers15PhoneNumberUtil5ParseERKSsS3_PNS0_11PhoneNumberE
   fun:_ZN13autofill_i18n17PhoneNumbersMatchERKSbItN4base20string16_char_traitsESaItEES5_RKSs
   fun:_ZN42PhoneNumberI18NTest_PhoneNumbersMatch_Test8TestBodyEv
   fun:_ZN7testing8internal38HandleSehExceptionsInMethodIfSupportedINS_4TestEvEET0_PT_MS4_FS3_vEPKc
   fun:_ZN7testing8internal35HandleExceptionsInMethodIfSupportedINS_4TestEvEET0_PT_MS4_FS3_vEPKc
}

 
Project Member Comment 1 by bugdroid1@chromium.org, May 7 2011
The following revision refers to this bug:
    http://src.chromium.org/viewvc/chrome?view=rev&revision=84535

------------------------------------------------------------------------
r84535 | dhollowa@chromium.org | Fri May 06 17:52:37 PDT 2011

Changed paths:
 M http://src.chromium.org/viewvc/chrome/trunk/src/tools/valgrind/memcheck/suppressions.txt?r1=84535&r2=84534&pathrev=84535

Valgrind reports issues in icu::RegexMatcher

Adds suppression for icu RegexMatcher, triggered by Autofill unit test of new libphonenumber.

BUG= 81753 
TEST=PhoneNumberI18NTest.PhoneNumbersMatch
TBR=isherman@chromium.org

Review URL: http://codereview.chromium.org/6952015
------------------------------------------------------------------------
Cc: a deleted user
Labels: -Feature-Autofill Feature-I18N
Owner: glider@chromium.org
From my read of the |ucase_toFullFolding_46| issue the values appear to be initialized before use.  glider@: maybe you can see something I'm not?

|RegexMatcher::MatchChunkAt| at src/third_party/icu/source/i18n/rematch.cpp:4411.
Cc: georgey@chromium.org
Related  issue 82183 
Labels: -Mstone-13 Mstone-14 MovedFrom-13
Moving !type=meta|regression and !releaseblocker to next mstone
Comment 6 by thestig@google.com, Jun 3 2011
Cc: dhollowa@chromium.org
 Issue 82183  has been merged into this issue.
r87710 triggers some more of these:

http://build.chromium.org/p/chromium.memory/builders/Linux%20Tests%20%28valgrind%29%281%29/builds/2540/steps/memory%20test%3A%20unit/logs/stdio

UninitCondition
Conditional jump or move depends on uninitialised value(s)
  icu_46::RegexMatcher::MatchChunkAt(int, signed char, UErrorCode&) (third_party/icu/source/i18n/rematch.cpp:5615)
  icu_46::RegexMatcher::findUsingChunk() (third_party/icu/source/i18n/rematch.cpp:981)
  icu_46::RegexMatcher::find() (third_party/icu/source/i18n/rematch.cpp:598)
  icu_46::RegexMatcher::find(long long, UErrorCode&) (third_party/icu/source/i18n/rematch.cpp:872)
  autofill::MatchesPattern(std::basic_string<unsigned short, base::string16_char_traits, std::allocator<unsigned short> > const&, std::basic_string<unsigned short, base::string16_char_traits, std::allocator<unsigned short> > const&) (chrome/browser/autofill/autofill_regexes.cc:78)
  FormField::Match(AutofillField const*, std::basic_string<unsigned short, base::string16_char_traits, std::allocator<unsigned short> > const&, int) (chrome/browser/autofill/form_field.cc:154)
  FormField::MatchAndAdvance(AutofillScanner*, std::basic_string<unsigned short, base::string16_char_traits, std::allocator<unsigned short> > const&, int, AutofillField const**) (chrome/browser/autofill/form_field.cc:140)
  FormField::ParseFieldSpecifics(AutofillScanner*, std::basic_string<unsigned short, base::string16_char_traits, std::allocator<unsigned short> > const&, int, AutofillField const**) (chrome/browser/autofill/form_field.cc:98)
  PhoneField::ParseInternal(PhoneField*, AutofillScanner*, bool) (chrome/browser/autofill/phone_field.cc:272)
  PhoneField::Parse(AutofillScanner*, bool) (chrome/browser/autofill/phone_field.cc:118)
  FormField::ParseFormFieldsPass(FormField* (*)(AutofillScanner*, bool), bool, std::vector<AutofillField const*, std::allocator<AutofillField const*> >*, std::map<std::basic_string<unsigned short, base::string16_char_traits, std::allocator<unsigned short> >, AutofillFieldType, std::less<std::basic_string<unsigned short, base::string16_char_traits, std::allocator<unsigned short> > >, std::allocator<std::pair<std::basic_string<unsigned short, base::string16_char_traits, std::allocator<unsigned short> > const, AutofillFieldType> >*) (chrome/browser/autofill/form_field.cc:177)
  FormField::ParseFormFields(std::vector<AutofillField*, std::allocator<AutofillField*> > const&, std::map<std::basic_string<unsigned short, base::string16_char_traits, std::allocator<unsigned short> >, AutofillFieldType, std::less<std::basic_string<unsigned short, base::string16_char_traits, std::allocator<unsigned short> > >, std::allocator<std::pair<std::basic_string<unsigned short, base::string16_char_traits, std::allocator<unsigned short> > const, AutofillFieldType> >*) (chrome/browser/autofill/form_field.cc:68)
  FormStructure::DetermineHeuristicTypes() (chrome/browser/autofill/form_structure.cc:120)
  (anonymous namespace)::FormStructureTest_HeuristicsInfernoCC_Test::TestBody() (chrome/browser/autofill/form_structure_unittest.cc:1123)
  void testing::internal::HandleSehExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) (testing/gtest/src/gtest.cc:2090)
  void testing::internal::HandleExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) (testing/gtest/src/gtest.cc:2142)
  testing::Test::Run() (testing/gtest/src/gtest.cc:2162)
Project Member Comment 8 by bugdroid1@chromium.org, Jun 3 2011
The following revision refers to this bug:
    http://src.chromium.org/viewvc/chrome?view=rev&revision=87761

------------------------------------------------------------------------
r87761 | thestig@chromium.org | Fri Jun 03 01:51:44 PDT 2011

Changed paths:
 M http://src.chromium.org/viewvc/chrome/trunk/src/tools/valgrind/memcheck/suppressions.txt?r1=87761&r2=87760&pathrev=87761

Valgrind: Merge suppressions for  bug 81753  and  bug 82183 . Add new suppressions for similar errors triggered by autofill.

BUG= 81753 
TEST=none
TBR=timurrrr
Review URL: http://codereview.chromium.org/7058044
------------------------------------------------------------------------
Comment 9 by js...@chromium.org, Jun 29 2011
Is this different from  bug 84304  ? 


 Issue 84304  has been merged into this issue.
Comment 11 by js...@chromium.org, Jun 30 2011
Copied from  bug 84304 : 

Hmm... I looked at it before and took another look today and it's not obvious where an uninitialized memory is used in a condition. 

|c| (a character to fold) is our input.  |trie| used in various macros in ucase.h  is a member of case_props_singleton (a static UCaseProps struct)  and its actual values come from static (ucase_props_data.c) 

Comment 12 by k...@google.com, Jul 28 2011
Labels: -Mstone-14 Mstone-15 MovedFrom-14
Punting out non-critical bugs.  Please move back to 14 if you believe this was done in error.
Cc: bruening@chromium.org
Labels: Stability-DrMemory Stability-Valgrind
Owner: js...@chromium.org
Why is it assigned to glider@?

> From my read of the |ucase_toFullFolding_46| issue the values appear to be initialized before use.  glider@: maybe you can see something I'm not?
Are you sure everything which these values depend is initialized?

---
I see similar reports on Dr. Memory on Windows:
[matches the report in  issue 84304  merged into this one]
http://build.chromium.org/p/chromium.fyi/builders/Windows%20Tests%20%28DrMemory%29/builds/4650/steps/memory%20test%3A%20unit/logs/stdio
UNINITIALIZED READ: reading register ecx
 # 1 icu_46::RegexMatcher::MatchChunkAt                 third_party\icu\source\i18n\rematch.cpp:5613
 # 2 icu_46::RegexMatcher::findUsingChunk               third_party\icu\source\i18n\rematch.cpp:981
 # 3 icu_46::RegexMatcher::find                         third_party\icu\source\i18n\rematch.cpp:598
 # 4 icu_46::RegexMatcher::find                         third_party\icu\source\i18n\rematch.cpp:872
 # 5 autofill::MatchesPattern                           chrome\browser\autofill\autofill_regexes.cc:78
 # 6 FormField::Match                                   chrome\browser\autofill\form_field.cc:160
 # 7 FormField::MatchAndAdvance                         chrome\browser\autofill\form_field.cc:140
 # 8 FormField::ParseFieldSpecifics                     chrome\browser\autofill\form_field.cc:98
 # 9 FormField::ParseField                              chrome\browser\autofill\form_field.cc:84
 #10 AddressField::ParseAddressLines                    chrome\browser\autofill\address_field.cc:222
 #11 AddressField::Parse                                chrome\browser\autofill\address_field.cc:42
 #12 AddressFieldTest::Parse                            chrome\browser\autofill\address_field_unittest.cc:26
 #13 AddressFieldTest_ParseOneLineAddressBilling_Test::TestBody chrome\browser\autofill\address_field_unittest.cc:75

Since this is Windows-MSVC-DrMemory instead of Linux-gcc-Valgrind, I'm pretty sure this is not a Valgrind bug.

Project Member Comment 14 by bugdroid1@chromium.org, Jul 28 2011
The following revision refers to this bug:
    http://src.chromium.org/viewvc/chrome?view=rev&revision=94448

------------------------------------------------------------------------
r94448 | timurrrr@chromium.org | Thu Jul 28 05:20:33 PDT 2011

Changed paths:
 M http://src.chromium.org/viewvc/chrome/trunk/src/tools/valgrind/memcheck/suppressions.txt?r1=94448&r2=94447&pathrev=94448

Merge icu_46 suppressions for  bug 84304  with those for  bug 81753 
BUG= 81753 , 84304 
TBR=glider
Review URL: http://codereview.chromium.org/7492067
------------------------------------------------------------------------
Project Member Comment 15 by bugdroid1@chromium.org, Jul 28 2011
The following revision refers to this bug:
    http://src.chromium.org/viewvc/chrome?view=rev&revision=94449

------------------------------------------------------------------------
r94449 | timurrrr@chromium.org | Thu Jul 28 05:30:09 PDT 2011

Changed paths:
 M http://src.chromium.org/viewvc/chrome/trunk/src/tools/valgrind/drmemory/suppressions.txt?r1=94449&r2=94448&pathrev=94449

Suppress uninitialized reads in icu_46
+ widen wave[InOut]GetNumDevs suppression
BUG= 81753 
TBR=bruening
Review URL: http://codereview.chromium.org/7482043
------------------------------------------------------------------------
Comment 16 by mal@google.com, Sep 8 2011
Labels: Stability-CodeYellow
Comment 17 by kareng@google.com, Sep 8 2011
Labels: Mstone-16 MovedFrom16 bulkmove
moving all nonessential bugs from 15 to 16. please feel free to move back if this is an error and ur bug is a release blocker.
Owner: bradchen@chromium.org
I believe I've figured out the cause of this bug. Near line 5613, U16_NEXT() appears to be reading past the end of the string. It assumes that the index (fp->fInputIdx) is less than the string length (fActiveLimit) which is false. Working on a fix... 
Project Member Comment 19 by bugdroid1@chromium.org, Sep 14 2011
The following revision refers to this bug:
    http://src.chromium.org/viewvc/chrome?view=rev&revision=101167

------------------------------------------------------------------------
r101167 | bradchen@google.com | Wed Sep 14 14:45:11 PDT 2011

Changed paths:
 M http://src.chromium.org/viewvc/chrome/trunk/deps/third_party/icu46/README.chromium?r1=101167&r2=101166&pathrev=101167
 M http://src.chromium.org/viewvc/chrome/trunk/deps/third_party/icu46/source/i18n/rematch.cpp?r1=101167&r2=101166&pathrev=101167
 A http://src.chromium.org/viewvc/chrome/trunk/deps/third_party/icu46/patches/rematch.patch?r1=101167&r2=101166&pathrev=101167

Fix for  bug 81753 , do not read past the end of unicode strings

BUG= 81753 
TEST=unit_tests


Review URL: http://codereview.chromium.org/7891051
------------------------------------------------------------------------
Woot!
Project Member Comment 21 by bugdroid1@chromium.org, Sep 14 2011
The following revision refers to this bug:
    http://src.chromium.org/viewvc/chrome?view=rev&revision=101184

------------------------------------------------------------------------
r101184 | bradchen@google.com | Wed Sep 14 15:57:13 PDT 2011

Changed paths:
 M http://src.chromium.org/viewvc/chrome/trunk/deps/third_party/icu46/source/i18n/rematch.cpp?r1=101184&r2=101183&pathrev=101184
 M http://src.chromium.org/viewvc/chrome/trunk/deps/third_party/icu46/patches/rematch.patch?r1=101184&r2=101183&pathrev=101184

Fixing an oversite in my first fix (7891051).

BUG= 81753 
TEST=unit_tests


Review URL: http://codereview.chromium.org/7886048
------------------------------------------------------------------------
I am dubious that this is causing crashes, so I won't nominating for merge into M15 unless somebody else has reason to believe it is above threshold.
Cc: security@chromium.org adamk@chromium.org
Labels: Restrict-View-SecurityTeam
All these bugs are being hidden from public view, because of possible security impact. We will retain these tags until we can determine they affect the security of our users. The ability to easily mine these kind of reports has been discussed publicly.
Cc: -security@chromium.org
Adjusting tags to reduce email noise.
Labels: -Type-Bug Type-Security
Adding security flags.
Labels: Uninitialized-Value
One more tag for tracking.
Project Member Comment 27 by bugdroid1@chromium.org, Sep 15 2011
The following revision refers to this bug:
    http://src.chromium.org/viewvc/chrome?view=rev&revision=101384

------------------------------------------------------------------------
r101384 | bradchen@google.com | Thu Sep 15 14:53:51 PDT 2011

Changed paths:
 M http://src.chromium.org/viewvc/chrome/trunk/src/DEPS?r1=101384&r2=101383&pathrev=101384
 M http://src.chromium.org/viewvc/chrome/trunk/src/tools/valgrind/memcheck/suppressions.txt?r1=101384&r2=101383&pathrev=101384
 M http://src.chromium.org/viewvc/chrome/trunk/src/tools/valgrind/drmemory/suppressions.txt?r1=101384&r2=101383&pathrev=101384

Remove suppressions for  bug 81753 , fixed by CL 7891051

BUG= 81753 
TEST=unit_tests on valgrind bots


Review URL: http://codereview.chromium.org/7892036
------------------------------------------------------------------------
Labels: -MovedFrom-13 -Mstone-16 -MovedFrom16 -bulkmove -Restrict-View-SecurityTeam Merge-Approved Restrict-View-SecurityNotify
Status: FixUnreleased
Labels: SecSeverity-Medium
Labels: -MovedFrom-14 Mstone-16
m16 based on c#22
Labels: -Merge-Approved
Labels: SecImpacts-Stable
Batch update: assuming these security changes impacted stable based on some fuzzy filtering.
Comment 34 by cdn@chromium.org, May 15 2012
Status: Fixed
Marking old security bugs Fixed..
Project Member Comment 35 by bugdroid1@chromium.org, Oct 13 2012
Labels: Restrict-AddIssueComment-Commit
This issue has been closed for some time. No one will pay attention to new comments.
If you are seeing this bug or have new data, please click New Issue to start a new bug.
Project Member Comment 36 by bugdroid1@chromium.org, Mar 10 2013
Labels: -Area-Internals -Feature-I18N -Mstone-16 -Stability-DrMemory -Stability-Valgrind -Type-Security -SecSeverity-Medium -SecImpacts-Stable Performance-Valgrind Performance-Memory-DrMemory Cr-Internals Cr-UI-I18N Security-Impact-Stable Type-Bug-Security Security-Severity-Medium M-16
Project Member Comment 37 by bugdroid1@chromium.org, Mar 13 2013
Labels: Restrict-View-EditIssue
Project Member Comment 38 by bugdroid1@chromium.org, Mar 13 2013
Labels: -Restrict-AddIssueComment-Commit Restrict-AddIssueComment-EditIssue
Project Member Comment 39 by bugdroid1@chromium.org, Mar 20 2013
Labels: -Cr-UI-I18N Cr-UI-Internationalization
Labels: -Restrict-View-SecurityNotify -Restrict-View-EditIssue
Project Member Comment 41 by bugdroid1@chromium.org, Mar 21 2013
Labels: -Security-Impact-Stable Security_Impact-Stable
Project Member Comment 42 by bugdroid1@chromium.org, Mar 21 2013
Labels: -Security-Severity-Medium Security_Severity-Medium
Project Member Comment 43 by bugdroid1@chromium.org, Apr 1 2013
Labels: -Performance-Memory-DrMemory Stability-Memory-DrMemory
Project Member Comment 44 by bugdroid1@chromium.org, Apr 1 2013
Labels: -Performance-Valgrind Stability-Valgrind
Project Member Comment 45 by sheriffbot@chromium.org, Oct 1 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Project Member Comment 46 by sheriffbot@chromium.org, Oct 2 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Labels: allpublic
Sign in to add a comment