Closed Bug 133068 Opened 22 years ago Closed 13 years ago

Uninitialized memory read in nsMsgLocalMailFolder::DisplayMoveCopyStatusMsg

Categories

(MailNews Core :: Networking: POP, defect)

Product:
MailNews Core
Component:
Networking: POP
Platform:
x86
Windows 2000
Type:
defect
Priority:
Not set
Severity:
minor

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: stephend, Unassigned)

References

Details

(Whiteboard: [needs purify]) 

Latest win32 trunk pulled at 6:45 pm 3-23-2002.  Purify, Windows 2000.

All I did was read one of the 75 new messages in my POP3 account.

[W] UMR: Uninitialized memory read in 
nsMsgLocalMailFolder::DisplayMoveCopyStatusMsg(void) {1 occurrence}
    Reading 4 bytes from 0x0a2fedd0 (4 bytes at 0x0a2fedd0 uninitialized)
    Address 0x0a2fedd0 is 48 bytes into a 112 byte block at 0x0a2feda0
    Address 0x0a2fedd0 points to a C++ new block in heap 0x02710000
    Thread ID: 0x830
    Error location
    nsMsgLocalMailFolder::DisplayMoveCopyStatusMsg(void) 
[nsLocalMailFolder.cpp:3237]
          LL_I2L(nowMS, PR_IntervalToMilliseconds(PR_IntervalNow()));
          LL_SUB(diffSinceLastProgress, nowMS, mCopyState-
>m_lastProgressTime); // r = a - b
          LL_SUB(diffSinceLastProgress, diffSinceLastProgress, 
minIntervalBetweenProgress); // r = a - b
 =>       if (!LL_GE_ZERO(diffSinceLastProgress) && mCopyState->m_curCopyIndex 
< mCopyState->m_totalMsgCount)
            return NS_OK;
    
          mCopyState->m_lastProgressTime = nowMS;
    nsMsgLocalMailFolder::BeginCopy(nsIMsgDBHdr *) [nsLocalMailFolder.cpp:2284]
      mCopyState->m_messages->QueryElementAt(messageIndex, NS_GET_IID
(nsIMsgDBHdr),
                                      (void **)getter_AddRefs(mCopyState-
>m_message));
    
 =>   DisplayMoveCopyStatusMsg();
      // if we're copying more than one message, StartMessage will handle this.
      if (!mCopyState->m_copyingMultipleMessages)
        rv = WriteStartOfNewMessage();
    nsCopyMessageStreamListener::OnStartRequest(nsIRequest *,nsISupports *) 
[nsCopyMessageStreamListener.cpp:149]
        if (NS_SUCCEEDED(rv))
            rv = GetMessage(uri, getter_AddRefs(message));
        if(NS_SUCCEEDED(rv))
 =>         rv = mDestination->BeginCopy(message);
    
      NS_ENSURE_SUCCESS(rv, rv);
        return rv;
    nsMsgProtocol::OnStartRequest(nsIRequest *,nsISupports *) 
[nsMsgProtocol.cpp:326]
    nsMailboxProtocol::OnStartRequest(nsIRequest *,nsISupports *) 
[nsMailboxProtocol.obj:242]
    nsOnStartRequestEvent::HandleEvent(void) [nsRequestObserverProxy.cpp:161]
    PL_HandleEvent [plevent.c:590]
    PL_ProcessPendingEvents [plevent.c:520]
    md_EventReceiverProc [plevent.c:1071]
    DestroyWindow  [USER32.dll]
    Allocation location
    new(UINT)      [MSVCRT.DLL]
    nsMsgLocalMailFolder::InitCopyState(nsISupports *,nsISupportsArray 
*,int,nsIMsgCopyServiceListener *,nsIMsgWindow *,int,int) 
[nsLocalMailFolder.cpp:1654]
        rv = pathSpec->GetFileSpec(&path);
      if (NS_FAILED(rv)) goto done;
    
 =>     mCopyState = new nsLocalMailCopyState();
        if(!mCopyState)
      {
        rv =  NS_ERROR_OUT_OF_MEMORY;
    nsMsgLocalMailFolder::CopyMessages(nsIMsgFolder *,nsISupportsArray 
*,int,nsIMsgWindow *,nsIMsgCopyServiceListener *,int,int) 
[nsLocalMailFolder.cpp:1777]
      // don't update the counts in the dest folder until it is all over
      EnableNotifications(allMessageCountNotifications, PR_FALSE);
    
 =>   rv = InitCopyState(srcSupport, messages, isMove, listener, msgWindow, 
isFolder, allowUndo);
      if (NS_FAILED(rv)) return rv;
      char *uri = nsnull;
      rv = srcFolder->GetURI(&uri);
    nsMsgCopyService::DoNextCopy(void) [nsMsgCopyService.cpp:238]
                  rv = copyRequest->m_dstFolder->CopyMessages
                          (copySource->m_msgFolder, copySource->m_messageArray,
                           copyRequest->m_isMoveOrDraftOrTemplate,
     =>                    copyRequest->m_msgWindow, copyRequest->m_listener, 
PR_FALSE, copyRequest->m_allowUndo);   //isFolder operation PR_FALSE
        
                  }
                  else if (copyRequest->m_requestType == nsCopyFoldersType )
    nsMsgCopyService::DoCopy(nsCopyRequest *) [nsMsgCopyService.cpp:191]
          if (aRequest)
          {
              m_copyRequests.AppendElement((void*) aRequest);
     =>       rv = DoNextCopy();
          }
        
          return rv;
    nsMsgCopyService::CopyMessages(nsIMsgFolder *,nsISupportsArray 
*,nsIMsgFolder *,int,nsIMsgCopyServiceListener *,nsIMsgWindow *,int) 
[nsMsgCopyService.cpp:352]
            if (NS_FAILED(rv))
                delete copyRequest;
            else
     =>         rv = DoCopy(copyRequest);
        
            msgArray->Clear();
        
    nsMsgLocalMailFolder::DeleteMessages(nsISupportsArray *,nsIMsgWindow 
*,int,int,nsIMsgCopyServiceListener *,int) [nsLocalMailFolder.cpp:1590]
    nsMsgDBView::DeleteMessages(nsIMsgWindow *,UINT *,int,int) 
[nsMsgDBView.cpp:2099]
    nsMsgDBView::ApplyCommandToIndices(int,UINT *,int) [nsMsgDBView.cpp:1961]
    nsMsgDBView::DoCommand(int) [nsMsgDBView.cpp:1797]
    XPTC_InvokeByIndex [xptcinvoke.cpp:105]
    XPCWrappedNative::CallMethod(XPCCallContext&,CallMode::XPCWrappedNative) 
[xpcwrappednative.cpp:2025]
    XPC_WN_CallMethod(JSContext *,JSObject *,UINT,long *,long *) 
[xpcwrappednativejsops.cpp:1266]
    js_Invoke      [jsinterp.c:788]
    js_Interpret   [jsinterp.c:2745]
    js_Invoke      [jsinterp.c:805]
    nsXPCWrappedJSClass::CallMethod(nsXPCWrappedJS *,WORD,nsXPTMethodInfo 
const*,nsXPTCMiniVariant *) [xpcwrappedjsclass.cpp:1193]
    nsXPCWrappedJS::CallMethod(WORD,nsXPTMethodInfo const*,nsXPTCMiniVariant *) 
[xpcwrappedjs.cpp:429]
    PrepareAndDispatch [xptcstubs.cpp:115]
    SharedStub     [xptcstubs.cpp:138]
My bad, I thought David touched this code recently.  Looks like either Darin or 
Navin.
Assignee: bienvenu → naving
QA Contact: sheelar → stephend
*** Bug 154599 has been marked as a duplicate of this bug. ***
mass re-assign.
Assignee: naving → sspitzer
Product: MailNews → Core
sorry for the spam.  making bugzilla reflect reality as I'm not working on these bugs.  filter on FOOBARCHEESE to remove these in bulk.
Assignee: sspitzer → nobody
Filter on "Nobody_NScomTLD_20080620"
QA Contact: stephend → networking.pop
Product: Core → MailNews Core
anyone still running purify?
Severity: major → minor
Whiteboard: [needs purify]
During a code modification lost in time (ie, before we switched to Mercurial) the code was modified to initialize the fields mentioned in this Purify error message.

Can we resolve this as "fixed when nobody was looking"?
sure, I'll just mark it fixed.
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
(In reply to Irving Reid (:irving) from comment #7)
> During a code modification lost in time (ie, before we switched to

They're not lost, just here : http://bonsai.mozilla.org/cvsqueryform.cgi
You need to log in before you can comment on or make changes to this bug.