1167723 - Use of uninitialized class member nsViewManager::mPosY in nsView::SetDimensions(nsRect const&, bool, bool)

Status: RESOLVED INVALID

(Core :: Layout, defect)

Description

[Bhargava Shastry]

Attachment: report-6b3198.html

User Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36

Steps to reproduce:

- Ran a Clang SA checker I wrote against Firefox source


Actual results:

- Clang Static Analyzer bug report attached. Plus, this is a potential call stack:
nsView::SetDimensions(nsRect const&, bool, bool)
nsViewManager::DoSetWindowDimensions(int, int)
nsViewManager::SetWindowDimensions(int, int)
nsView::WindowResized(nsIWidget*, int, int)

nsView::SetDimensions(nsRect const&, bool, bool)
nsViewManager::ResizeView(nsView*, nsRect const&, bool)


Expected results:

Initialize said class member in constructor

Comment 1

[Bhargava Shastry]

Ditto for class member nsViewManager::mPosX in method nsView::SetDimensions()

Comment 2

[Timothy Nikkel (:tnikkel)]

nsView has NS_DECL_AND_IMPL_ZEROING_OPERATOR_NEW here

http://mxr.mozilla.org/mozilla-central/source/view/nsView.h?rev=f58aab6a4e62#60

so all variables fields should be getting initialized with zeroed memory. So this seems fine. Does your static analyzer maybe need to be adjusted to know about NS_DECL_AND_IMPL_ZEROING_OPERATOR_NEW?

Comment 3

[Bhargava Shastry]

Likely a false positive. 

FWIW: There are two problems here from an analyzer perspective, (1) the macro NS_DECL_AND_IMPL_ZEROING_OPERATOR_NEW, and (2) the memset library call.
Even if analyzer is made aware of (1), it is still going to flag uninitialized read because it does not model the side-effect of (2), the memset call.

Comment 4

[Andrew McCreight [:mccr8]]

Resolving invalid per comment 2.

Comment 5

[Andrew McCreight [:mccr8]]

Please comment or reopen if you disagree.