Closed Bug 133432 Opened 22 years ago Closed 22 years ago

UMR: nsScanner::ReadUntil()

Categories

(Core :: DOM: HTML Parser, defect)

Product:
Core
Component:
DOM: HTML Parser
Platform:
x86
Windows 2000
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
VERIFIED DUPLICATE of bug 102613

People

(Reporter: hjtoi-bugzilla, Assigned: harishd)

References

(
URL
)

Details

Attachments

(2 files)

css
501 bytes, text/css
Details
testcase
20.39 KB, text/html
Details 
When going to the URL with the latest build and using Purify I hit this UMR in
the parser:

[W] UMR: Uninitialized memory read in nsReadingIterator<WORD>::*(void)const {2
occurrences}
        Reading 2 bytes from 0x09d08ab0 (2 bytes at 0x09d08ab0 uninitialized)
        Address 0x09d08ab0 is 8192 bytes into a 8194 byte block at 0x09d06ab0
        Address 0x09d08ab0 points to a malloc'd block in heap 0x026d0000
        Thread ID: 0x5d0
        Error location
            nsReadingIterator<WORD>::*(void)const [nsStringIterator.h:95]
           
nsScanner::ReadUntil(nsReadingIterator<WORD>&,nsReadingIterator<WORD>&,nsReadEndCondition
const&,int) [nsScanner.cpp:1293]
                    }
                
                    ++current;
             =>     theChar = *current;
                  }
                
                  // If we are here, we didn't find any terminator in the string and
            CTextToken::Consume(WORD,nsScanner&,int) [nsHTMLTokens.cpp:552]
            nsHTMLTokenizer::ConsumeText(CToken *&,nsScanner&)
[nsHTMLTokenizer.cpp:946]
            nsHTMLTokenizer::ConsumeToken(nsScanner&,int&) [nsHTMLTokenizer.cpp:512]
            nsParser::Tokenize(int) [nsParser.cpp:2516]
            nsParser::ResumeParse(int,int,int) [nsParser.cpp:1730]
            nsParser::OnDataAvailable(nsIRequest *,nsISupports *,nsIInputStream
*,UINT,UINT) [nsParser.cpp:2387]
            nsDocumentOpenInfo::OnDataAvailable(nsIRequest *,nsISupports
*,nsIInputStream *,UINT,UINT) [nsURILoader.cpp:242]
            nsHttpChannel::OnDataAvailable(nsIRequest *,nsISupports
*,nsIInputStream *,UINT,UINT) [nsHttpChannel.cpp:2646]
        Allocation location
            malloc         [MSVCRT.DLL]
            PR_Malloc      [prmem.c:474]
            nsMemoryImpl::Alloc(UINT) [nsMemoryImpl.cpp:320]
            nsMemory::Alloc(UINT) [nsMemory.cpp:77]
            nsScanner::Append(char const*,UINT) [nsScanner.cpp:336]
                  if(mUnicodeDecoder) {
                    PRInt32 unicharBufLen = 0;
                    mUnicodeDecoder->GetMaxLength(aBuffer, aLen, &unicharBufLen);
             =>     start = unichars =
(PRUnichar*)nsMemory::Alloc((unicharBufLen+1) * sizeof(PRUnichar));
                    NS_ENSURE_TRUE(unichars,NS_ERROR_OUT_OF_MEMORY);
                
                    PRInt32 totalChars = 0;
            ParserWriteFunc [nsParser.cpp:2325]
            nsPipe::nsPipeInputStream::ReadSegments((*)(nsIInputStream *,void
*,char const*,UINT,UINT,UINT *),void *,UINT,UINT *) [nsPipe2.cpp:419]
            nsParser::OnDataAvailable(nsIRequest *,nsISupports *,nsIInputStream
*,UINT,UINT) [nsParser.cpp:2382]
            nsDocumentOpenInfo::OnDataAvailable(nsIRequest *,nsISupports
*,nsIInputStream *,UINT,UINT) [nsURILoader.cpp:242]
            nsHttpChannel::OnDataAvailable(nsIRequest *,nsISupports
*,nsIInputStream *,UINT,UINT) [nsHttpChannel.cpp:2646]
Oops :)

*** This bug has been marked as a duplicate of 102613 ***
Status: NEW → RESOLVED
Closed: 22 years ago
Resolution: --- → DUPLICATE
Verified dup
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.