Closed
Bug 1149194
Opened 9 years ago
Closed 9 years ago
use of uninitialized value in Animation.h
Categories
(Core :: DOM: Core & HTML, defect)
Tracking
()
RESOLVED
FIXED
mozilla40
| Tracking | Status | |
|---|---|---|
| firefox40 | --- | fixed |
People
(Reporter: tromey, Assigned: tromey)
Details
Attachments
(1 file)
|
1.05 KB,
patch
|
birtles
:
review+
|
Details | Diff | Splinter Review |
While looking into another bug, I ran ./browser/devtools/storage/test/browser_storage_dynamic_updates.js under valgrind. This showed the appended error due to using an uninitalized value. I believe the bug is that ComputedTimingFunction::operator== unconditionally compares both the mTimingFunction and mSteps members; but ComputedTimingFunction::Init will only initialize one member, not both. I'll attach a patch that fixes the problem. Valgrind output: ==7192== Conditional jump or move depends on uninitialised value(s) ==7192== at 0x83437EF: operator== (Animation.h:119) ==7192== by 0x83437EF: operator== (Animation.h:143) ==7192== by 0x83437EF: operator==<nsTArrayInfallibleAllocator> (nsTArray.h:874) ==7192== by 0x83437EF: operator== (Animation.h:172) ==7192== by 0x83437EF: operator==<nsTArrayInfallibleAllocator> (nsTArray.h:874) ==7192== by 0x83437EF: operator!= (nsTArray.h:884) ==7192== by 0x83437EF: nsAnimationManager::CheckAnimationRule(nsStyleContext*, mozilla::dom::Element*) (nsAnimationManager.cpp:336) ==7192== by 0x8367506: nsStyleSet::GetContext(nsStyleContext*, nsRuleNode*, nsRuleNode*, nsIAtom*, nsCSSPseudoElements::Type, mozilla::dom::Element*, unsigned int) (nsStyleSet.cpp:890) ==7192== by 0x83678A6: nsStyleSet::ResolveStyleFor(mozilla::dom::Element*, nsStyleContext*, TreeMatchContext&) (nsStyleSet.cpp:1293) ==7192== by 0x839DF4B: mozilla::ElementRestyler::RestyleSelf(nsIFrame*, nsRestyleHint, unsigned int*) (RestyleManager.cpp:3232) ==7192== by 0x839D511: mozilla::ElementRestyler::Restyle(nsRestyleHint) (RestyleManager.cpp:2764) ==7192== by 0x839DA3D: mozilla::ElementRestyler::RestyleContentChildren(nsIFrame*, nsRestyleHint) (RestyleManager.cpp:3987) ==7192== by 0x839DB7B: mozilla::ElementRestyler::RestyleChildren(nsRestyleHint) (RestyleManager.cpp:3527) ==7192== by 0x839D6C0: mozilla::ElementRestyler::Restyle(nsRestyleHint) (RestyleManager.cpp:2869) ==7192== by 0x839DA3D: mozilla::ElementRestyler::RestyleContentChildren(nsIFrame*, nsRestyleHint) (RestyleManager.cpp:3987) ==7192== by 0x839DB7B: mozilla::ElementRestyler::RestyleChildren(nsRestyleHint) (RestyleManager.cpp:3527) ==7192== by 0x839D6C0: mozilla::ElementRestyler::Restyle(nsRestyleHint) (RestyleManager.cpp:2869) ==7192== by 0x839DA3D: mozilla::ElementRestyler::RestyleContentChildren(nsIFrame*, nsRestyleHint) (RestyleManager.cpp:3987)
|
Assignee | |
Updated•9 years ago
|
Assignee: nobody → ttromey
Status: NEW → ASSIGNED
|
|
Assignee | |
Comment 1•9 years ago
|
||
|
|
Assignee | |
Updated•9 years ago
|
Attachment #8585569 -
Flags: review?(bbirtles)
|
||
Comment 2•9 years ago
|
||
Comment on attachment 8585569 [details] [diff] [review] don't use uninitialized value in ComputedTimingFunction::operator== Review of attachment 8585569 [details] [diff] [review]: ----------------------------------------------------------------- Thanks for doing this!
Attachment #8585569 -
Flags: review?(bbirtles) → review+
|
|
Assignee | |
Comment 3•9 years ago
|
||
https://treeherder.mozilla.org/#/jobs?repo=try&revision=d6f737f74461
|
|
Assignee | |
Updated•9 years ago
|
Keywords: checkin-needed
|
||
Comment 4•9 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/3e9e33791d34
Keywords: checkin-needed
|
|
||
Comment 5•9 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/3e9e33791d34
Status: ASSIGNED → RESOLVED
Closed: 9 years ago
status-firefox40:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla40
|
||
Updated•5 years ago
|
Component: DOM → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•