Open Bug 117563 Opened 23 years ago Updated 2 years ago

Uninitialized memory read in initMemOFile

Categories

(MailNews Core :: MIME, defect)

Product:
MailNews Core
Component:
MIME
Platform:
x86
Windows 2000
Type:
defect

Tracking

(Not tracked)

People

(Reporter: stephend, Unassigned)

References

Details

(Keywords: memory-leak, Whiteboard: [needs purify])

Attachments

(1 file)

Message with a .vcf attachment
1.93 KB, text/plain
Details 
Windows 2000, trunk pull as of 2:30, 12-31-2001, under Purify.

Steps to Reproduce:

1.  Read a message which contains a .vcf (I'll attach the message that exhibits 
this UMR).
2.  Shutdown.

    [W] UMR: Uninitialized memory read in initMemOFile {1 occurrence}
        Reading 4 bytes from 0x0013f4dc (4 bytes at 0x0013f4dc uninitialized)
        Address 0x0013f4dc points into a thread's stack 
        Address 0x0013f4dc is 48 bytes above the frame pointer in initMemOFile
        Thread ID: 0x2a0
        Error location
        initMemOFile   [nsVCardObj.cpp:1122]
            fp->s = s;
            fp->len = 0;
            fp->limit = s?len:0;
     =>     fp->alloc = s?0:1;
            fp->fail = 0;
        }
        
        OutputButtons  [mimevcrd.cpp:994]
          if (!obj->options->output_vcard_buttons_p)
            return status;
        
     =>   vCard = writeMemoryVObjects(0, &len, v, PR_FALSE);
        
          if (!vCard)
            return VCARD_OUT_OF_MEMORY;
        EndLayer       [mimevcrd.cpp:1152]
          status = OutputTableRowOrData (obj, PR_FALSE, PR_TRUE, NULL, NULL, 
NULL, NULL);
          if (status < 0) return status;
        
     =>   status = OutputButtons(obj, basic, v);
          if (status < 0) return status;
        
          status = OutputTableRowOrData (obj, PR_TRUE, PR_TRUE, NULL, NULL, 
NULL, NULL);
        WriteOutVCard  [mimevcrd.cpp:1244]
          if (status < 0) return status;
          status = OutputBasicVcard(obj, v);
          if (status < 0) return status;
     =>   status = EndLayer(obj, PR_TRUE, v);
          if (status < 0) return status;
        
          /* write out advanced layer */
        MimeMultipart_close_child [mimemult.cpp:499]
              if (kid)
                {
                  int status;
     =>           status = kid->clazz->parse_eof(kid, PR_FALSE);
                  if (status < 0) return status;
                  status = kid->clazz->parse_end(kid, PR_FALSE);
                  if (status < 0) return status;
        convert_and_send_buffer [mimebuf.cpp:168]
            }
        #endif
        
     =>   return (*per_line_fn)(buf, length, closure);
        }
        
        extern "C" int
        mime_LineBuffer [mimebuf.cpp:255]
        
              status = convert_and_send_buffer(*bufferP, *buffer_fpP,
                                                   convert_newlines_p,
     =>                                            per_line_fn, closure);
              if (status < 0)
              return status;
        
    MimeObject_parse_buffer [mimeobj.cpp:255]
                                 ((int (*PR_CALLBACK) (char *, PRInt32, void *))
                                  /* This cast is to turn void into MimeObject 
*/
                                  obj->clazz->parse_line),
     =>                          obj);
        }
        
        
    convert_and_send_buffer [mimebuf.cpp:168]
            }
        #endif
        
     =>   return (*per_line_fn)(buf, length, closure);
        }
        
        extern "C" int
    mime_LineBuffer [mimebuf.cpp:255]
        
              status = convert_and_send_buffer(*bufferP, *buffer_fpP,
                                                   convert_newlines_p,
     =>                                            per_line_fn, closure);
              if (status < 0)
              return status;
Keywords: nsbeta1
QA Contact: esther → stephend
I've been asked to mass-check bugs with no TM and priority, as to their
validity.  This bug still exits on the latest trunk.
If this is hiding a bug, could someone who knows the code add the nsbeta1+?
Otherwise, could you nsbeta1- it.
Status: NEW → ASSIGNED
Keywords: nsbeta1nsbeta1-
Product: MailNews → Core
Assignee: ducarroz → nobody
Status: ASSIGNED → NEW
QA Contact: stephend → mime
Product: Core → MailNews Core
(In reply to comment #0)
> Windows 2000, trunk pull as of 2:30, 12-31-2001, under Purify.

I'm interpreting this as requiring IBM Purify (similar to Valgrind) to triage:

http://en.wikipedia.org/wiki/IBM_Rational_Purify

Anyone uses Purify? (Or can we use Valgrind on TB/SM)

Else this should be resolved incomplete if no one can confirm.
With the price and machine you need to run purify with I doubt. I think we should leave it open.
Severity: major → minor
Keywords: mlk
Whiteboard: [needs purify]
Jonathan, is the purify system running yet?
(In reply to Wayne Mery (:wsmwk) from comment #6)
> Jonathan, is the purify system running yet?

I don't think so, but am cc'ing bclary, who would know for sure.
We scrapped the purify system as unusable either in automation or in standalone.
(In reply to Bob Clary [:bc:] from comment #8)
> We scrapped the purify system as unusable either in automation or in
> standalone.

what is the alternative process?
afaik, ASAN and valgrind
Removing myslef on all the bugs I'm cced on. Please NI me if you need something on MailNews Core bugs from me.
Severity: minor → S4
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: