Closed
Bug 133068
Opened 22 years ago
Closed 13 years ago
Uninitialized memory read in nsMsgLocalMailFolder::DisplayMoveCopyStatusMsg
Categories
(MailNews Core :: Networking: POP, defect)
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: stephend, Unassigned)
References
Details
(Whiteboard: [needs purify])
Latest win32 trunk pulled at 6:45 pm 3-23-2002. Purify, Windows 2000. All I did was read one of the 75 new messages in my POP3 account. [W] UMR: Uninitialized memory read in nsMsgLocalMailFolder::DisplayMoveCopyStatusMsg(void) {1 occurrence} Reading 4 bytes from 0x0a2fedd0 (4 bytes at 0x0a2fedd0 uninitialized) Address 0x0a2fedd0 is 48 bytes into a 112 byte block at 0x0a2feda0 Address 0x0a2fedd0 points to a C++ new block in heap 0x02710000 Thread ID: 0x830 Error location nsMsgLocalMailFolder::DisplayMoveCopyStatusMsg(void) [nsLocalMailFolder.cpp:3237] LL_I2L(nowMS, PR_IntervalToMilliseconds(PR_IntervalNow())); LL_SUB(diffSinceLastProgress, nowMS, mCopyState- >m_lastProgressTime); // r = a - b LL_SUB(diffSinceLastProgress, diffSinceLastProgress, minIntervalBetweenProgress); // r = a - b => if (!LL_GE_ZERO(diffSinceLastProgress) && mCopyState->m_curCopyIndex < mCopyState->m_totalMsgCount) return NS_OK; mCopyState->m_lastProgressTime = nowMS; nsMsgLocalMailFolder::BeginCopy(nsIMsgDBHdr *) [nsLocalMailFolder.cpp:2284] mCopyState->m_messages->QueryElementAt(messageIndex, NS_GET_IID (nsIMsgDBHdr), (void **)getter_AddRefs(mCopyState- >m_message)); => DisplayMoveCopyStatusMsg(); // if we're copying more than one message, StartMessage will handle this. if (!mCopyState->m_copyingMultipleMessages) rv = WriteStartOfNewMessage(); nsCopyMessageStreamListener::OnStartRequest(nsIRequest *,nsISupports *) [nsCopyMessageStreamListener.cpp:149] if (NS_SUCCEEDED(rv)) rv = GetMessage(uri, getter_AddRefs(message)); if(NS_SUCCEEDED(rv)) => rv = mDestination->BeginCopy(message); NS_ENSURE_SUCCESS(rv, rv); return rv; nsMsgProtocol::OnStartRequest(nsIRequest *,nsISupports *) [nsMsgProtocol.cpp:326] nsMailboxProtocol::OnStartRequest(nsIRequest *,nsISupports *) [nsMailboxProtocol.obj:242] nsOnStartRequestEvent::HandleEvent(void) [nsRequestObserverProxy.cpp:161] PL_HandleEvent [plevent.c:590] PL_ProcessPendingEvents [plevent.c:520] md_EventReceiverProc [plevent.c:1071] DestroyWindow [USER32.dll] Allocation location new(UINT) [MSVCRT.DLL] nsMsgLocalMailFolder::InitCopyState(nsISupports *,nsISupportsArray *,int,nsIMsgCopyServiceListener *,nsIMsgWindow *,int,int) [nsLocalMailFolder.cpp:1654] rv = pathSpec->GetFileSpec(&path); if (NS_FAILED(rv)) goto done; => mCopyState = new nsLocalMailCopyState(); if(!mCopyState) { rv = NS_ERROR_OUT_OF_MEMORY; nsMsgLocalMailFolder::CopyMessages(nsIMsgFolder *,nsISupportsArray *,int,nsIMsgWindow *,nsIMsgCopyServiceListener *,int,int) [nsLocalMailFolder.cpp:1777] // don't update the counts in the dest folder until it is all over EnableNotifications(allMessageCountNotifications, PR_FALSE); => rv = InitCopyState(srcSupport, messages, isMove, listener, msgWindow, isFolder, allowUndo); if (NS_FAILED(rv)) return rv; char *uri = nsnull; rv = srcFolder->GetURI(&uri); nsMsgCopyService::DoNextCopy(void) [nsMsgCopyService.cpp:238] rv = copyRequest->m_dstFolder->CopyMessages (copySource->m_msgFolder, copySource->m_messageArray, copyRequest->m_isMoveOrDraftOrTemplate, => copyRequest->m_msgWindow, copyRequest->m_listener, PR_FALSE, copyRequest->m_allowUndo); //isFolder operation PR_FALSE } else if (copyRequest->m_requestType == nsCopyFoldersType ) nsMsgCopyService::DoCopy(nsCopyRequest *) [nsMsgCopyService.cpp:191] if (aRequest) { m_copyRequests.AppendElement((void*) aRequest); => rv = DoNextCopy(); } return rv; nsMsgCopyService::CopyMessages(nsIMsgFolder *,nsISupportsArray *,nsIMsgFolder *,int,nsIMsgCopyServiceListener *,nsIMsgWindow *,int) [nsMsgCopyService.cpp:352] if (NS_FAILED(rv)) delete copyRequest; else => rv = DoCopy(copyRequest); msgArray->Clear(); nsMsgLocalMailFolder::DeleteMessages(nsISupportsArray *,nsIMsgWindow *,int,int,nsIMsgCopyServiceListener *,int) [nsLocalMailFolder.cpp:1590] nsMsgDBView::DeleteMessages(nsIMsgWindow *,UINT *,int,int) [nsMsgDBView.cpp:2099] nsMsgDBView::ApplyCommandToIndices(int,UINT *,int) [nsMsgDBView.cpp:1961] nsMsgDBView::DoCommand(int) [nsMsgDBView.cpp:1797] XPTC_InvokeByIndex [xptcinvoke.cpp:105] XPCWrappedNative::CallMethod(XPCCallContext&,CallMode::XPCWrappedNative) [xpcwrappednative.cpp:2025] XPC_WN_CallMethod(JSContext *,JSObject *,UINT,long *,long *) [xpcwrappednativejsops.cpp:1266] js_Invoke [jsinterp.c:788] js_Interpret [jsinterp.c:2745] js_Invoke [jsinterp.c:805] nsXPCWrappedJSClass::CallMethod(nsXPCWrappedJS *,WORD,nsXPTMethodInfo const*,nsXPTCMiniVariant *) [xpcwrappedjsclass.cpp:1193] nsXPCWrappedJS::CallMethod(WORD,nsXPTMethodInfo const*,nsXPTCMiniVariant *) [xpcwrappedjs.cpp:429] PrepareAndDispatch [xptcstubs.cpp:115] SharedStub [xptcstubs.cpp:138]
Reporter | ||
Comment 1•22 years ago
|
||
My bad, I thought David touched this code recently. Looks like either Darin or Navin.
Assignee: bienvenu → naving
Reporter | ||
Updated•22 years ago
|
QA Contact: sheelar → stephend
Comment 2•22 years ago
|
||
*** Bug 154599 has been marked as a duplicate of this bug. ***
Updated•20 years ago
|
Product: MailNews → Core
Comment 4•17 years ago
|
||
sorry for the spam. making bugzilla reflect reality as I'm not working on these bugs. filter on FOOBARCHEESE to remove these in bulk.
Assignee: sspitzer → nobody
Assignee | ||
Updated•16 years ago
|
Product: Core → MailNews Core
Comment 6•15 years ago
|
||
anyone still running purify?
Updated•15 years ago
|
Severity: major → minor
Whiteboard: [needs purify]
Comment 7•13 years ago
|
||
During a code modification lost in time (ie, before we switched to Mercurial) the code was modified to initialize the fields mentioned in this Purify error message. Can we resolve this as "fixed when nobody was looking"?
Comment 8•13 years ago
|
||
sure, I'll just mark it fixed.
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
Comment 9•13 years ago
|
||
(In reply to Irving Reid (:irving) from comment #7) > During a code modification lost in time (ie, before we switched to They're not lost, just here : http://bonsai.mozilla.org/cvsqueryform.cgi
You need to log in
before you can comment on or make changes to this bug.
Description
•