Closed
Bug 1090220
Opened 11 years ago
Closed 11 years ago
Uninitialised value use in APZCCallbackHelper::UpdateRootFrame
Categories
(Core :: Graphics: Layers, defect)
Tracking
()
RESOLVED
FIXED
mozilla36
People
(Reporter: jseward, Assigned: kats)
Details
Attachments
(1 file)
|
1.28 KB,
patch
|
jseward
:
review+
|
Details | Diff | Splinter Review |
This is with "mach crashtest-ipc". This is the first of many errors reported with
the same uninitialised-value origin.
REFTEST TEST-LOAD | file:///home/sewardj/MOZ/MC-24-10-2014/content/base/crashtests/366200-1.xhtml | 32 / 2730 (1%)
JavaScript error: file:///home/sewardj/MOZ/MC-24-10-2014/content/base/crashtests/366200-1.xhtml, line 20: HierarchyRequestError: Node cannot be inserted at the specified point in the hierarchy
Thread 1 Web Content:
Conditional jump or move depends on uninitialised value(s)
at 0x5B6AB86: mozilla::layers::APZCCallbackHelper::UpdateRootFrame(nsIDOMWindowUtils*, mozilla::layers::FrameMetrics&) (gfx/layers/apz/util/APZCCallbackHelper.cpp:110)
by 0x65CC274: mozilla::dom::TabChildBase::ProcessUpdateFrame(mozilla::layers::FrameMetrics const&) (dom/ipc/TabChild.cpp:548)
by 0x65CD4CB: mozilla::dom::TabChildBase::HandlePossibleViewportChange(mozilla::gfx::IntSizeTyped<mozilla::ScreenPixel> const&) [clone .part.296] (dom/ipc/TabChild.cpp:444)
by 0x65CD9AC: mozilla::dom::TabChild::Observe(nsISupports*, char const*, char16_t const*) (dom/ipc/TabChild.cpp:897)
by 0x523B473: nsObserverList::NotifyObservers(nsISupports*, char const*, char16_t const*) (xpcom/ds/nsObserverList.cpp:100)
by 0x523B531: NotifyObservers (xpcom/ds/nsObserverService.cpp:329)
by 0x523B531: nsObserverService::NotifyObservers(nsISupports*, char const*, char16_t const*) (xpcom/ds/nsObserverService.cpp:316)
by 0x6C653BB: nsBeforeFirstPaintDispatcher::Run() (layout/base/nsPresShell.cpp:524)
by 0x6727D6F: nsContentUtils::AddScriptRunner(nsIRunnable*) (content/base/src/nsContentUtils.cpp:5069)
by 0x6C59BDB: UnsuppressAndInvalidate (layout/base/nsPresShell.cpp:3998)
by 0x6C59BDB: PresShell::UnsuppressAndInvalidate() (layout/base/nsPresShell.cpp:3984)
by 0x6C5C09F: PresShell::ProcessReflowCommands(bool) (layout/base/nsPresShell.cpp:9215)
by 0x6C5C618: PresShell::FlushPendingNotifications(mozilla::ChangesToFlush) (layout/base/nsPresShell.cpp:4331)
by 0x6BB14EE: nsRefreshDriver::Tick(long, mozilla::TimeStamp) (layout/base/nsRefreshDriver.cpp:1291)
by 0x6BB34DD: TickDriver (layout/base/nsRefreshDriver.cpp:173)
by 0x6BB34DD: mozilla::RefreshDriverTimer::Tick() (layout/base/nsRefreshDriver.cpp:164)
by 0x5262E71: nsTimerImpl::Fire() (xpcom/threads/nsTimerImpl.cpp:618)
by 0x5263063: Run (xpcom/threads/nsTimerImpl.cpp:711)
by 0x5263063: nsTimerEvent::Run() (xpcom/threads/nsTimerImpl.cpp:696)
by 0x525F2C0: nsThread::ProcessNextEvent(bool, bool*) (xpcom/threads/nsThread.cpp:830)
Uninitialised value was created by a stack allocation
at 0x65CCD54: mozilla::dom::TabChildBase::HandlePossibleViewportChange(mozilla::gfx::IntSizeTyped<mozilla::ScreenPixel> const&) [clone .part.296] (dom/ipc/TabChild.cpp:303)
|
Assignee | |
Comment 1•11 years ago
|
||
Looks like the scrollId can not get populated in the GetOrCreateScrollIdentifiers call but then gets used later anyway. Setting it to a sane value initially should fix this. I set a value on the presShellId as well just in case the code changes later. Julian, can you verify this fixes the problem?
Assignee: nobody → bugmail.mozilla
Attachment #8512717 -
Flags: review?(jseward)
|
Reporter | |
Comment 2•11 years ago
|
||
Comment on attachment 8512717 [details] [diff] [review]
Patch
Review of attachment 8512717 [details] [diff] [review]:
-----------------------------------------------------------------
I verified that the patch does indeed stop V complaining.
Attachment #8512717 -
Flags: review?(jseward) → review+
|
||
Comment 3•11 years ago
|
||
|
|
||
Comment 4•11 years ago
|
||
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla36
You need to log in
before you can comment on or make changes to this bug.
Description
•