Closed
Bug 109487
Opened 23 years ago
Closed 23 years ago
[W] UMR: Uninitialized memory read in nsHTMLInputElement::HandleDOMEvent
Categories
(Core :: DOM: Core & HTML, defect)
Core
DOM: Core & HTML
Tracking
()
VERIFIED
FIXED
mozilla1.0
People
(Reporter: stephend, Assigned: jst)
Details
(Whiteboard: [HAVE FIX])
Just saw this on my Win2K box, (latest tip) when reading 2 IMAP messages with
pictures attached.
[W] UMR: Uninitialized memory read in nsHTMLInputElement::HandleDOMEvent
(nsIPresContext *,nsEvent *,nsIDOMEvent * *,UINT,nsEventStatus *) {1 occurrence}
Reading 4 bytes from 0x0013f050 (4 bytes at 0x0013f050 uninitialized)
Address 0x0013f050 points into a thread's stack
Address 0x0013f050 is 28 bytes past the start of local
variable 'blurevent' in nsEventStateManager::PreHandleEvent(nsIPresContext
*,nsEvent *,nsIFrame *,nsEventStatus *,nsIView *)
Thread ID: 0x38c
Error location
nsHTMLInputElement::HandleDOMEvent(nsIPresContext *,nsEvent
*,nsIDOMEvent * *,UINT,nsEventStatus *) [nsHTMLInputElement.cpp:1134]
// If NS_EVENT_FLAG_NO_CONTENT_DISPATCH is set we will not allow
content to handle
// this event. But to allow middle mouse button paste to work we
must allow
// middle clicks to go to text fields anyway.
=> PRBool noContentDispatch = aEvent->flags &
NS_EVENT_FLAG_NO_CONTENT_DISPATCH;
if (type == NS_FORM_INPUT_TEXT && aEvent->message ==
NS_MOUSE_MIDDLE_CLICK) {
aEvent->flags &= ~NS_EVENT_FLAG_NO_CONTENT_DISPATCH;
}
nsEventStateManager::PreHandleEvent(nsIPresContext *,nsEvent *,nsIFrame
*,nsEventStatus *,nsIView *) [nsEventStateManager.cpp:674]
oldPresContext->GetEventStateManager(getter_AddRefs(esm));
esm->SetFocusedContent(gLastFocusedContent);
if(focusedContent)
=> focusedContent->HandleDOMEvent(oldPresContext, &event,
nsnull, NS_EVENT_FLAG_INIT, &status);
esm->SetFocusedContent(nsnull);
NS_IF_RELEASE(gLastFocusedContent);
}
PresShell::HandleEventInternal(nsEvent *,nsIView *,UINT,nsEventStatus
*) [nsPresShell.cpp:5809]
nsIEventStateManager *manager;
if (NS_OK == mPresContext->GetEventStateManager(&manager) &&
GetCurrentEventFrame()) {
//1. Give event to event manager for pre event state changes and
generation of synthetic events.
=> rv = manager->PreHandleEvent(mPresContext, aEvent,
mCurrentEventFrame, aStatus, aView);
//2. Give event to the DOM for third party and JS use.
if ((GetCurrentEventFrame()) && NS_OK == rv) {
PresShell::HandleEvent(nsIView *,nsGUIEvent *,nsEventStatus *,int,int&)
[nsPresShell.cpp:5740]
}
}
if (GetCurrentEventFrame()) {
=> rv = HandleEventInternal(aEvent, aView, NS_EVENT_FLAG_INIT,
aEventStatus);
}
NS_RELEASE(manager);
}
nsView::HandleEvent(nsGUIEvent *,UINT,nsEventStatus *,int,int&)
[nsView.cpp:362]
//if no child's bounds matched the event or we consumed but still
want
//default behavior check the view itself. -EDV
if (nsnull != mClientData && nsnull != obs) {
=> obs->HandleEvent((nsIView *)this, event, aStatus, aForceHandle,
aHandled);
}
}
/* XXX Just some debug code to see what event are being thrown away
because
nsViewManager::DispatchEvent(nsGUIEvent *,nsEventStatus *)
[nsViewManager.cpp:1872]
NS_VIEW_FLAG_CHECK_SIBLINGS,
aStatus,
PR_TRUE,
=> handled);
aEvent->point.x -= offset.x;
aEvent->point.y -= offset.y;
HandleEvent [nsView.cpp:81]
{
nsViewManager *vm = view->GetViewManager();
=> vm->DispatchEvent(aEvent, &result);
}
return result;
nsWindow::DispatchEvent(nsGUIEvent *,nsEventStatus&) [nsWindow.obj:744]
nsWindow::DispatchFocus(UINT,int) [nsWindow.cpp:4506]
event.nativeMsg = (void *)&pluginEvent;
=> PRBool result = DispatchWindowEvent(&event);
NS_RELEASE(event.widget);
return result;
}
nsWindow::ProcessMessage(UINT,UINT,long,long *) [nsWindow.cpp:3409]
isMozWindowTakingFocus = PR_FALSE;
if(gJustGotDeactivate) {
gJustGotDeactivate = PR_FALSE;
=> result = DispatchFocus(NS_DEACTIVATE, isMozWindowTakingFocus);
}
result = DispatchFocus(NS_LOSTFOCUS, isMozWindowTakingFocus);
break;
|
Assignee | |
Comment 1•23 years ago
|
||
I bet there's a ton of these in our code, it's all because our nsEvent structs
don't have constructors that would take care of initializing everything properly.
This patch fixes this particular UMR:
Index: content/events/src/nsEventStateManager.cpp
===================================================================
RCS file: /cvsroot/mozilla/content/events/src/nsEventStateManager.cpp,v
retrieving revision 1.312
diff -u -r1.312 nsEventStateManager.cpp
--- content/events/src/nsEventStateManager.cpp 6 Dec 2001 15:29:01 -00001.312
+++ content/events/src/nsEventStateManager.cpp 14 Dec 2001 07:15:21 -0000
@@ -684,6 +684,7 @@
nsEvent event;
event.eventStructType = NS_EVENT;
event.message = NS_BLUR_CONTENT;
+ event.flags = 0;
nsCOMPtr<nsIEventStateManager> esm;
oldPresContext->GetEventStateManager(getter_AddRefs(esm));
esm->SetFocusedContent(gLastFocusedContent);
Peter, would you review this please?Status: NEW → ASSIGNED
OS: Windows 2000 → All
Hardware: PC → All
Whiteboard: [HAVE FIX]
Target Milestone: --- → mozilla0.9.8
|
||
Comment 2•23 years ago
|
||
r=peterv
|
Reporter | |
Updated•23 years ago
|
|
|
Assignee | |
Updated•23 years ago
|
Target Milestone: mozilla0.9.8 → mozilla0.9.9
|
||
Updated•23 years ago
|
Boy, I'd love to see those grow a constructor. But I have no real belief that we'll actually solve this right, so sure: what's another snippet of wallpaper between friends? sr=shaver.
|
|
Assignee | |
Comment 5•23 years ago
|
||
FIXED.
Status: ASSIGNED → RESOLVED
Closed: 23 years ago
Resolution: --- → FIXED
|
|
Reporter | |
Comment 6•23 years ago
|
||
verified fixed with the latest win32 tip
Status: RESOLVED → VERIFIED
|
|
Reporter | |
Updated•22 years ago
|
QA Contact: stummala → stephend
Component: DOM: HTML → DOM: Core & HTML
QA Contact: stephend → general
You need to log in
before you can comment on or make changes to this bug.
Description
•