Closed
Bug 1149194
Opened 10 years ago
Closed 10 years ago
use of uninitialized value in Animation.h
Categories
(Core :: DOM: Core & HTML, defect)
Tracking
()
RESOLVED
FIXED
mozilla40
| Tracking | Status | |
|---|---|---|
| firefox40 | --- | fixed |
People
(Reporter: tromey, Assigned: tromey)
Details
Attachments
(1 file)
|
1.05 KB,
patch
|
birtles
:
review+
|
Details | Diff | Splinter Review |
While looking into another bug, I ran ./browser/devtools/storage/test/browser_storage_dynamic_updates.js
under valgrind. This showed the appended error due to using an uninitalized value.
I believe the bug is that ComputedTimingFunction::operator== unconditionally compares both the
mTimingFunction and mSteps members; but ComputedTimingFunction::Init will only initialize one
member, not both.
I'll attach a patch that fixes the problem.
Valgrind output:
==7192== Conditional jump or move depends on uninitialised value(s)
==7192== at 0x83437EF: operator== (Animation.h:119)
==7192== by 0x83437EF: operator== (Animation.h:143)
==7192== by 0x83437EF: operator==<nsTArrayInfallibleAllocator> (nsTArray.h:874)
==7192== by 0x83437EF: operator== (Animation.h:172)
==7192== by 0x83437EF: operator==<nsTArrayInfallibleAllocator> (nsTArray.h:874)
==7192== by 0x83437EF: operator!= (nsTArray.h:884)
==7192== by 0x83437EF: nsAnimationManager::CheckAnimationRule(nsStyleContext*, mozilla::dom::Element*) (nsAnimationManager.cpp:336)
==7192== by 0x8367506: nsStyleSet::GetContext(nsStyleContext*, nsRuleNode*, nsRuleNode*, nsIAtom*, nsCSSPseudoElements::Type, mozilla::dom::Element*, unsigned int) (nsStyleSet.cpp:890)
==7192== by 0x83678A6: nsStyleSet::ResolveStyleFor(mozilla::dom::Element*, nsStyleContext*, TreeMatchContext&) (nsStyleSet.cpp:1293)
==7192== by 0x839DF4B: mozilla::ElementRestyler::RestyleSelf(nsIFrame*, nsRestyleHint, unsigned int*) (RestyleManager.cpp:3232)
==7192== by 0x839D511: mozilla::ElementRestyler::Restyle(nsRestyleHint) (RestyleManager.cpp:2764)
==7192== by 0x839DA3D: mozilla::ElementRestyler::RestyleContentChildren(nsIFrame*, nsRestyleHint) (RestyleManager.cpp:3987)
==7192== by 0x839DB7B: mozilla::ElementRestyler::RestyleChildren(nsRestyleHint) (RestyleManager.cpp:3527)
==7192== by 0x839D6C0: mozilla::ElementRestyler::Restyle(nsRestyleHint) (RestyleManager.cpp:2869)
==7192== by 0x839DA3D: mozilla::ElementRestyler::RestyleContentChildren(nsIFrame*, nsRestyleHint) (RestyleManager.cpp:3987)
==7192== by 0x839DB7B: mozilla::ElementRestyler::RestyleChildren(nsRestyleHint) (RestyleManager.cpp:3527)
==7192== by 0x839D6C0: mozilla::ElementRestyler::Restyle(nsRestyleHint) (RestyleManager.cpp:2869)
==7192== by 0x839DA3D: mozilla::ElementRestyler::RestyleContentChildren(nsIFrame*, nsRestyleHint) (RestyleManager.cpp:3987)
|
Assignee | |
Updated•10 years ago
|
Assignee: nobody → ttromey
Status: NEW → ASSIGNED
|
|
Assignee | |
Comment 1•10 years ago
|
||
|
|
Assignee | |
Updated•10 years ago
|
Attachment #8585569 -
Flags: review?(bbirtles)
|
||
Comment 2•10 years ago
|
||
Comment on attachment 8585569 [details] [diff] [review]
don't use uninitialized value in ComputedTimingFunction::operator==
Review of attachment 8585569 [details] [diff] [review]:
-----------------------------------------------------------------
Thanks for doing this!
Attachment #8585569 -
Flags: review?(bbirtles) → review+
|
|
Assignee | |
Comment 3•10 years ago
|
||
|
|
Assignee | |
Updated•10 years ago
|
Keywords: checkin-needed
|
||
Comment 4•10 years ago
|
||
Keywords: checkin-needed
|
|
||
Comment 5•10 years ago
|
||
Status: ASSIGNED → RESOLVED
Closed: 10 years ago
status-firefox40:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla40
|
||
Updated•6 years ago
|
Component: DOM → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•