Closed Bug 1223139 Opened 10 years ago Closed 10 years ago

Valgrind: Use of uninitialised memory [@mozilla::PaintedLayerData::Accumulate]

Categories

(Core :: Graphics, defect)

Product:
Core
Component:
Graphics
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1223111
Tracking Flags:
Tracking Status
firefox45 --- affected

People

(Reporter: tsmith, Assigned: eflores)

References

(Blocks 1 open bug)

Details

(Keywords: csectype-uninitialized, sec-moderate, testcase)

Attachments

(3 files)

test_case.webm
399 bytes, video/webm
Details
call_stack.txt
11.13 KB, text/plain
Details
5_reloads.png
765 bytes, image/png
Details
Attached video test_case.webm
1447101693849 addons.xpi-utils WARN Disabling foreign installed add-on ubufox@ubuntu.com in app-system-share ==21729== Conditional jump or move depends on uninitialised value(s) ==21729== at 0x10BE7685: mozilla::PaintedLayerData::Accumulate(mozilla::ContainerState*, nsDisplayItem*, mozilla::gfx::IntRegionTyped<mozilla::gfx::UnknownUnits> const&, mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&, mozilla::DisplayItemClip const&, mozilla::LayerState) (FrameLayerBuilder.cpp:3494) ==21729== by 0x10BEAC19: mozilla::ContainerState::ProcessDisplayItems(nsDisplayList*) (FrameLayerBuilder.cpp:4247) ==21729== by 0x10BF0221: mozilla::FrameLayerBuilder::BuildContainerLayerFor(nsDisplayListBuilder*, mozilla::layers::LayerManager*, nsIFrame*, nsDisplayItem*, nsDisplayList*, mozilla::ContainerLayerParameters const&, mozilla::gfx::Matrix4x4 const*, unsigned int) (FrameLayerBuilder.cpp:5356) ==21729== by 0x10C49A11: nsDisplayList::PaintRoot(nsDisplayListBuilder*, nsRenderingContext*, unsigned int) (nsDisplayList.cpp:1572) ==21729== by 0x10C76F2A: nsLayoutUtils::PaintFrame(nsRenderingContext*, nsIFrame*, nsRegion const&, unsigned int, unsigned int) (nsLayoutUtils.cpp:3441) ==21729== by 0x10C99B49: PresShell::Paint(nsView*, nsRegion const&, unsigned int) (nsPresShell.cpp:6132) ==21729== by 0x109E3B03: nsViewManager::ProcessPendingUpdatesPaint(nsIWidget*) (nsViewManager.cpp:466) ==21729== by 0x109E38BF: nsViewManager::ProcessPendingUpdatesForView(nsView*, bool) (nsViewManager.cpp:397) ==21729== by 0x10BCE806: nsRefreshDriver::Tick(long, mozilla::TimeStamp) (nsRefreshDriver.cpp:1733) ==21729== by 0x10BD0F7D: mozilla::RefreshDriverTimer::Tick(long, mozilla::TimeStamp) (nsRefreshDriver.cpp:196) ==21729== by 0x10BD1957: _ZN20nsRunnableMethodImplIMN7mozilla23VsyncRefreshDriverTimer26RefreshDriverVsyncObserverEFvNS0_9TimeStampEELb1EJS3_EE3RunEv (nsThreadUtils.h:676) ==21729== by 0xEE3D012: nsThread::ProcessNextEvent(bool, bool*) (nsThread.cpp:964)
Attached file call_stack.txt
Looks like graphics to me.
Component: Audio/Video: Playback → Graphics
Flags: needinfo?(milan)
Assignee: nobody → edwin
Flags: needinfo?(milan)
Group: media-core-security → gfx-core-security
Keywords: sec-moderate
Hi Tyson, I don't seem to be able to reproduce this and it could be coming from almost anywhere. Would you be able to re-run passing |--track-origins=yes| to valgrind and post the results?
Flags: needinfo?(twsmith)
Attached image 5_reloads.png
I could not get a log from valgrind either but when I would reload the file I would get a different result each time. So something is still not right. I have put the results of five reloads in one image.
Flags: needinfo?(twsmith)
Same as bug 1223111, just different symptom.
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → DUPLICATE
Blocks: grizzly
Group: gfx-core-security
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: