Closed
Bug 203505
Opened 21 years ago
Closed 21 years ago
[FIX]UMR: Uninitialized memory read in nsDOMEvent::nsDOMEvent
Categories
(Core :: DOM: Events, defect, P2)
Tracking
()
VERIFIED
FIXED
mozilla1.5alpha
People
(Reporter: stephend, Assigned: bzbarsky)
References
Details
Attachments
(1 file)
716 bytes,
patch
|
bryner
:
review+
jst
:
superreview+
sspitzer
:
approval1.4b+
|
Details | Diff | Splinter Review |
With the trunk build on Windows 2000, loading: http://people.netscape.com/stephend/contact.html, and selecting from right to left the partial text in 'technutz@netscape.net', I get the following UMR. [W] UMR: Uninitialized memory read in nsDOMEvent::nsDOMEvent(nsIPresContext *,nsEvent *,nsAString const&) {6 occurrences} Reading 4 bytes from 0x0013aae8 (4 bytes at 0x0013aae8 uninitialized) Address 0x0013aae8 points into a thread's stack Address 0x0013aae8 is 12 bytes past the start of local variable 'event' in nsXULCommandDispatcher::UpdateCommands(nsAString const&) Thread ID: 0x568 Error location nsDOMEvent::nsDOMEvent(nsIPresContext *,nsEvent *,nsAString const&) [nsDOMEvent.cpp:221] mScreenPoint.x = aEvent->refPoint.x; mScreenPoint.y = aEvent->refPoint.y; mClientPoint.x = aEvent->point.x; => mClientPoint.y = aEvent->point.y; } else mScreenPoint.x = mScreenPoint.y = mClientPoint.x = mClientPoint.y = 0; NS_NewDOMUIEvent(nsIDOMEvent * *,nsIPresContext *,nsAString const&,nsEvent *) [nsDOMEvent.cpp:1633] nsIPresContext* aPresContext, const nsAString& aEventType, nsEvent *aEvent) { => nsDOMEvent* it = new nsDOMEvent(aPresContext, aEvent, aEventType); if (nsnull == it) { return NS_ERROR_OUT_OF_MEMORY; nsEventListenerManager::CreateEvent(nsIPresContext *,nsEvent *,nsAString const&,nsIDOMEvent * *) [nsEventListenerManager.cpp:2343] if ((aEvent && aEvent->eventStructType == NS_MUTATION_EVENT) || (!aEvent && str.EqualsIgnoreCase("MutationEvents"))) return NS_NewDOMMutationEvent(aDOMEvent, aPresContext, aEvent); => return NS_NewDOMUIEvent(aDOMEvent, aPresContext, aEventType, aEvent); } /** nsXULElement::HandleDOMEvent(nsIPresContext *,nsEvent *,nsIDOMEvent * *,UINT,nsEventStatus *) [nsXULElement.cpp:3173] return ret; } nsAutoString empty; => if (NS_FAILED(ret = listenerManager->CreateEvent (aPresContext, aEvent, empty, aDOMEvent))) { NS_ERROR("This event will fail without the ability to create the event early."); return ret; } nsXULCommandDispatcher::UpdateCommands(nsAString const&) [nsXULCommandDispatcher.cpp:389] nsEvent event; event.eventStructType = NS_EVENT; event.message = NS_XUL_COMMAND_UPDATE; => content->HandleDOMEvent(context, &event, nsnull, NS_EVENT_FLAG_INIT, &status); } } return NS_OK; GlobalWindowImpl::UpdateCommands(nsAString const&) [nsGlobalWindow.cpp:3427] // Retrieve the command dispatcher and call updateCommands on it. nsCOMPtr<nsIDOMXULCommandDispatcher> xulCommandDispatcher; xulDoc->GetCommandDispatcher(getter_AddRefs (xulCommandDispatcher)); => xulCommandDispatcher->UpdateCommands(anAction); } } nsFocusController::UpdateCommands(nsAString const&) [nsFocusController.cpp:162] nsFocusController::UpdateCommands(const nsAString& aEventName) { if (mCurrentWindow) { => mCurrentWindow->UpdateCommands(aEventName); } else if (mCurrentElement) { nsCOMPtr<nsIDOMDocument> domDoc; nsFocusController::Focus(nsIDOMEvent *) [nsFocusController.cpp:316] } if (!mCurrentElement) => UpdateCommands(NS_LITERAL_STRING("focus")); } } } nsEventListenerManager::HandleEvent(nsIPresContext *,nsEvent *,nsIDOMEvent * *,nsIDOMEventTarget *,UINT,nsEventStatus *) [nsEventListenerManager.cpp:1688] if (focusListener) { switch(aEvent->message) { case NS_FOCUS_CONTENT: => ret = focusListener->Focus(*aDOMEvent); break; case NS_BLUR_CONTENT: ret = focusListener->Blur(*aDOMEvent); nsWindowRoot::HandleChromeEvent(nsIPresContext *,nsEvent *,nsIDOMEvent * *,UINT,nsEventStatus *) [nsWindowRoot.cpp:214] //Local handling stage if (mListenerManager && !(aEvent->flags & NS_EVENT_FLAG_STOP_DISPATCH)) { aEvent->flags |= aFlags; => mListenerManager->HandleEvent(aPresContext, aEvent, aDOMEvent, this, aFlags, aEventStatus); aEvent->flags &= ~aFlags;
Reporter | ||
Updated•21 years ago
|
Summary: [W] UMR: Uninitialized memory read in nsDOMEvent::nsDOMEvent(nsIPresContext *,nsEvent *,nsAString const&) {6 occurrences} → UMR: Uninitialized memory read in nsDOMEvent::nsDOMEvent(nsIPresContext *,nsEvent *,nsAString const&) {6 occurrences}
Assignee | ||
Comment 3•21 years ago
|
||
Assignee | ||
Updated•21 years ago
|
Attachment #121833 -
Flags: superreview?(jst)
Attachment #121833 -
Flags: review?(bryner)
Reporter | ||
Comment 4•21 years ago
|
||
I tested with the patch in attachment 121833 [details] [diff] [review] and ran it under Purify, and the UMRs are fixed.
Comment 5•21 years ago
|
||
Comment on attachment 121833 [details] [diff] [review] I bet this fixes it... sr=jst
Attachment #121833 -
Flags: superreview?(jst) → superreview+
Assignee | ||
Updated•21 years ago
|
Summary: UMR: Uninitialized memory read in nsDOMEvent::nsDOMEvent(nsIPresContext *,nsEvent *,nsAString const&) {6 occurrences} → [FIX]UMR: Uninitialized memory read in nsDOMEvent::nsDOMEvent(nsIPresContext *,nsEvent *,nsAString const&) {6 occurrences}
Updated•21 years ago
|
Attachment #121833 -
Flags: review?(bryner) → review+
Assignee | ||
Comment 6•21 years ago
|
||
Comment on attachment 121833 [details] [diff] [review] I bet this fixes it... Could this be approved for 1.4b please? This just makes sure to initialize the point and refPoint member vars of nsEvent to sane values in the constructor.
Attachment #121833 -
Flags: approval1.4b?
Comment 7•21 years ago
|
||
Comment on attachment 121833 [details] [diff] [review] I bet this fixes it... a=sspitzer
Attachment #121833 -
Flags: approval1.4b? → approval1.4b+
Assignee | ||
Comment 8•21 years ago
|
||
Fixed.
Status: ASSIGNED → RESOLVED
Closed: 21 years ago
Resolution: --- → FIXED
Reporter | ||
Comment 9•21 years ago
|
||
Verified FIXED under Purify, debug Win2k build. Thanks Boris!
Status: RESOLVED → VERIFIED
Summary: [FIX]UMR: Uninitialized memory read in nsDOMEvent::nsDOMEvent(nsIPresContext *,nsEvent *,nsAString const&) {6 occurrences} → [FIX]UMR: Uninitialized memory read in nsDOMEvent::nsDOMEvent
You need to log in
before you can comment on or make changes to this bug.
Description
•