Uninitialized memory read in initMemOFile

NEW
Unassigned

Status

MailNews Core
MIME
--
minor
16 years ago
2 years ago

People

(Reporter: stephend@netscape.com (gone - use stephen.donner@gmail.com instead), Unassigned)

Tracking

({mlk})

Trunk
x86
Windows 2000

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [needs purify])

Attachments

(1 attachment)

Windows 2000, trunk pull as of 2:30, 12-31-2001, under Purify.

Steps to Reproduce:

1.  Read a message which contains a .vcf (I'll attach the message that exhibits 
this UMR).
2.  Shutdown.

    [W] UMR: Uninitialized memory read in initMemOFile {1 occurrence}
        Reading 4 bytes from 0x0013f4dc (4 bytes at 0x0013f4dc uninitialized)
        Address 0x0013f4dc points into a thread's stack 
        Address 0x0013f4dc is 48 bytes above the frame pointer in initMemOFile
        Thread ID: 0x2a0
        Error location
        initMemOFile   [nsVCardObj.cpp:1122]
            fp->s = s;
            fp->len = 0;
            fp->limit = s?len:0;
     =>     fp->alloc = s?0:1;
            fp->fail = 0;
        }
        
        OutputButtons  [mimevcrd.cpp:994]
          if (!obj->options->output_vcard_buttons_p)
            return status;
        
     =>   vCard = writeMemoryVObjects(0, &len, v, PR_FALSE);
        
          if (!vCard)
            return VCARD_OUT_OF_MEMORY;
        EndLayer       [mimevcrd.cpp:1152]
          status = OutputTableRowOrData (obj, PR_FALSE, PR_TRUE, NULL, NULL, 
NULL, NULL);
          if (status < 0) return status;
        
     =>   status = OutputButtons(obj, basic, v);
          if (status < 0) return status;
        
          status = OutputTableRowOrData (obj, PR_TRUE, PR_TRUE, NULL, NULL, 
NULL, NULL);
        WriteOutVCard  [mimevcrd.cpp:1244]
          if (status < 0) return status;
          status = OutputBasicVcard(obj, v);
          if (status < 0) return status;
     =>   status = EndLayer(obj, PR_TRUE, v);
          if (status < 0) return status;
        
          /* write out advanced layer */
        MimeMultipart_close_child [mimemult.cpp:499]
              if (kid)
                {
                  int status;
     =>           status = kid->clazz->parse_eof(kid, PR_FALSE);
                  if (status < 0) return status;
                  status = kid->clazz->parse_end(kid, PR_FALSE);
                  if (status < 0) return status;
        convert_and_send_buffer [mimebuf.cpp:168]
            }
        #endif
        
     =>   return (*per_line_fn)(buf, length, closure);
        }
        
        extern "C" int
        mime_LineBuffer [mimebuf.cpp:255]
        
              status = convert_and_send_buffer(*bufferP, *buffer_fpP,
                                                   convert_newlines_p,
     =>                                            per_line_fn, closure);
              if (status < 0)
              return status;
        
    MimeObject_parse_buffer [mimeobj.cpp:255]
                                 ((int (*PR_CALLBACK) (char *, PRInt32, void *))
                                  /* This cast is to turn void into MimeObject 
*/
                                  obj->clazz->parse_line),
     =>                          obj);
        }
        
        
    convert_and_send_buffer [mimebuf.cpp:168]
            }
        #endif
        
     =>   return (*per_line_fn)(buf, length, closure);
        }
        
        extern "C" int
    mime_LineBuffer [mimebuf.cpp:255]
        
              status = convert_and_send_buffer(*bufferP, *buffer_fpP,
                                                   convert_newlines_p,
     =>                                            per_line_fn, closure);
              if (status < 0)
              return status;
Created attachment 63154 [details]
Message with a .vcf attachment
Keywords: nsbeta1
QA Contact: esther → stephend
Blocks: 110171
I've been asked to mass-check bugs with no TM and priority, as to their
validity.  This bug still exits on the latest trunk.

Comment 3

16 years ago
If this is hiding a bug, could someone who knows the code add the nsbeta1+?
Otherwise, could you nsbeta1- it.
Status: NEW → ASSIGNED

Updated

16 years ago
Keywords: nsbeta1 → nsbeta1-
Product: MailNews → Core

Updated

10 years ago
Assignee: ducarroz → nobody
Status: ASSIGNED → NEW
QA Contact: stephend → mime
(Assignee)

Updated

10 years ago
Product: Core → MailNews Core
(In reply to comment #0)
> Windows 2000, trunk pull as of 2:30, 12-31-2001, under Purify.

I'm interpreting this as requiring IBM Purify (similar to Valgrind) to triage:

http://en.wikipedia.org/wiki/IBM_Rational_Purify

Anyone uses Purify? (Or can we use Valgrind on TB/SM)

Else this should be resolved incomplete if no one can confirm.
With the price and machine you need to run purify with I doubt. I think we should leave it open.

Updated

8 years ago
Severity: major → minor

Updated

7 years ago
Keywords: mlk
Whiteboard: [needs purify]

Comment 6

6 years ago
Jonathan, is the purify system running yet?
(In reply to Wayne Mery (:wsmwk) from comment #6)
> Jonathan, is the purify system running yet?

I don't think so, but am cc'ing bclary, who would know for sure.

Comment 8

6 years ago
We scrapped the purify system as unusable either in automation or in standalone.

Comment 9

6 years ago
(In reply to Bob Clary [:bc:] from comment #8)
> We scrapped the purify system as unusable either in automation or in
> standalone.

what is the alternative process?

Comment 10

6 years ago
afaik, ASAN and valgrind
Removing myslef on all the bugs I'm cced on. Please NI me if you need something on MailNews Core bugs from me.
You need to log in before you can comment on or make changes to this bug.