Open Bug 1000072 Opened 11 years ago Updated 3 years ago

Uninitialised value use in mozilla::gfx::GfxPatternToCairoPattern

Categories

(Core :: Graphics, defect)

Product:
Core
Component:
Graphics
Platform:
x86_64
Linux
Type:
defect

Tracking

()

People

(Reporter: jseward, Unassigned)

Details

m-c of just now, x86_64-linux. Seems to be to do with buttons or popups .. only happens when I click on the button added by the SPS profiler GUI. Conditional jump or move depends on uninitialised value(s) at 0x5EFDC57: mozilla::gfx::GfxPatternToCairoPattern(mozilla::gfx::Pattern const&, float) (HelpersCairo.h:100) by 0x5EFDF60: mozilla::gfx::DrawTargetCairo::DrawPattern(mozilla::gfx::Pattern const&, mozilla::gfx::StrokeOptions const&, mozilla::gfx::DrawOptions const&, mozilla::gfx::DrawTargetCairo::DrawPatternType, bool) (DrawTargetCairo.cpp:657) by 0x5EFE5B3: mozilla::gfx::DrawTargetCairo::FillRect(mozilla::gfx::RectTyped<mozilla::gfx::UnknownUnits> const&, mozilla::gfx::Pattern const&, mozilla::gfx::DrawOptions const&) (DrawTargetCairo.cpp:714) by 0x65F6F18: nsWindow::UpdateAlpha(gfxPattern*, nsIntRect) (nsWindow.cpp:2272) by 0x65F9C6B: nsWindow::OnExposeEvent(_GdkEventExpose*) (nsWindow.cpp:2214) by 0x65F9E6E: expose_event_cb(_GtkWidget*, _GdkEventExpose*) (nsWindow.cpp:5086) by 0x333CB4DA1B: _gtk_marshal_BOOLEAN__BOXED (gtkmarshalers.c:86) by 0x34A1C0F663: g_closure_invoke (gclosure.c:777) by 0x34A1C206D7: signal_emit_unlocked_R (gsignal.c:3551) by 0x34A1C282A6: g_signal_emit_valist (gsignal.c:3310) by 0x34A1C287C1: g_signal_emit (gsignal.c:3356) by 0x333CC8148D: gtk_widget_event_internal (gtkwidget.c:5017) Uninitialised value was created by a heap allocation at 0x4809064: malloc (vg_replace_malloc.c:292) by 0x481D86D: moz_xmalloc (mozalloc.cpp:52) by 0x5F9D8EC: gfxContext::PopGroup() (mozalloc.h:201) by 0x65F9C2B: nsWindow::OnExposeEvent(_GdkEventExpose*) (nsWindow.cpp:2212) by 0x65F9E6E: expose_event_cb(_GtkWidget*, _GdkEventExpose*) (nsWindow.cpp:5086) by 0x333CB4DA1B: _gtk_marshal_BOOLEAN__BOXED (gtkmarshalers.c:86) by 0x34A1C0F663: g_closure_invoke (gclosure.c:777) by 0x34A1C206D7: signal_emit_unlocked_R (gsignal.c:3551) by 0x34A1C282A6: g_signal_emit_valist (gsignal.c:3310) by 0x34A1C287C1: g_signal_emit (gsignal.c:3356) by 0x333CC8148D: gtk_widget_event_internal (gtkwidget.c:5017) by 0x333CAC2887: gtk_container_propagate_expose (gtkcontainer.c:2757) Conditional jump or move depends on uninitialised value(s) at 0x759D1CA: _cairo_pattern_analyze_filter (cairo-pattern.c:2055) by 0x758E854: _pixman_image_for_pattern (cairo-image-surface.c:1290) by 0x7590A0F: _clip_and_composite_boxes (cairo-image-surface.c:2998) by 0x7592667: _cairo_image_surface_paint (cairo-image-surface.c:3307) by 0x75B4758: _cairo_surface_paint (cairo-surface.c:2109) by 0x7593783: _cairo_gstate_fill (cairo-gstate.c:1285) by 0x75BA20A: _moz_cairo_fill_preserve (cairo.c:2464) by 0x5EFE08C: mozilla::gfx::DrawTargetCairo::DrawPattern(mozilla::gfx::Pattern const&, mozilla::gfx::StrokeOptions const&, mozilla::gfx::DrawOptions const&, mozilla::gfx::DrawTargetCairo::DrawPatternType, bool) (DrawTargetCairo.cpp:691) by 0x5EFE5B3: mozilla::gfx::DrawTargetCairo::FillRect(mozilla::gfx::RectTyped<mozilla::gfx::UnknownUnits> const&, mozilla::gfx::Pattern const&, mozilla::gfx::DrawOptions const&) (DrawTargetCairo.cpp:714) by 0x65F6F18: nsWindow::UpdateAlpha(gfxPattern*, nsIntRect) (nsWindow.cpp:2272) by 0x65F9C6B: nsWindow::OnExposeEvent(_GdkEventExpose*) (nsWindow.cpp:2214) by 0x65F9E6E: expose_event_cb(_GtkWidget*, _GdkEventExpose*) (nsWindow.cpp:5086) Uninitialised value was created by a heap allocation at 0x4809064: malloc (vg_replace_malloc.c:292) by 0x481D86D: moz_xmalloc (mozalloc.cpp:52) by 0x5F9D8EC: gfxContext::PopGroup() (mozalloc.h:201) by 0x65F9C2B: nsWindow::OnExposeEvent(_GdkEventExpose*) (nsWindow.cpp:2212) by 0x65F9E6E: expose_event_cb(_GtkWidget*, _GdkEventExpose*) (nsWindow.cpp:5086) by 0x333CB4DA1B: _gtk_marshal_BOOLEAN__BOXED (gtkmarshalers.c:86) by 0x34A1C0F663: g_closure_invoke (gclosure.c:777) by 0x34A1C206D7: signal_emit_unlocked_R (gsignal.c:3551) by 0x34A1C282A6: g_signal_emit_valist (gsignal.c:3310) by 0x34A1C287C1: g_signal_emit (gsignal.c:3356) by 0x333CC8148D: gtk_widget_event_internal (gtkwidget.c:5017) by 0x333CAC2887: gtk_container_propagate_expose (gtkcontainer.c:2757) (and a bunch of others also ending in _cairo_pattern_analyze_filter)
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.