If you think a bug might affect users in the 57 release, please set the correct tracking and status flags for Release Management.

Uninitialised value use in nsMenuPopupFrame::SetPopupPosition(nsIFrame*, bool, bool, bool)

RESOLVED FIXED in Firefox 57

Status

()

Core
XUL
P5
normal
RESOLVED FIXED
4 days ago
9 hours ago

People

(Reporter: jseward, Assigned: jseward)

Tracking

unspecified
mozilla57
Points:
---

Firefox Tracking Flags

(firefox55 fix-optional, firefox56 fix-optional, firefox57 fixed)

Details

Attachments

(2 attachments)

(Assignee)

Description

4 days ago
I've seen this several times in the past few days, running Firefox on
Valgrind.  I can't reproduce it consistently.  It happens sometimes
when a popup is shown and (I _think_) the popup moves to a different
location immediately after it first appears.

Can anyone suggest some mochitests to run, that test popups?
(Assignee)

Comment 1

4 days ago
Created attachment 8908727 [details]
Valgrind complaints, unfortunately no origin info
(Assignee)

Updated

4 days ago
Flags: needinfo?(enndeakin)

Comment 2

4 days ago
Popup tests are toolkit/content/tests/chrome/test_popup* (and test_panel*)

Is there more detail about what value is uninitialized?
status-firefox55: --- → fix-optional
status-firefox56: --- → fix-optional
status-firefox57: --- → fix-optional
Flags: needinfo?(enndeakin)
Priority: -- → P5
(Assignee)

Comment 3

3 days ago
(In reply to Neil Deakin from comment #2)
> Is there more detail about what value is uninitialized?

It is nsMenuPopupFrame::mAlignmentOffset.  This is a primitive type
(nscoord, == int32_t or float) and
nsMenuPopupFrame::nsMenuPopupFrame(nsStyleContext*) doesn't give it an
initial value.
(Assignee)

Comment 4

3 days ago
Created attachment 8908985 [details] [diff] [review]
bug1400341-nsMenuPopupFrame-1.diff
(Assignee)

Updated

3 days ago
Attachment #8908985 - Flags: review?(enndeakin)

Comment 5

3 days ago
Comment on attachment 8908985 [details] [diff] [review]
bug1400341-nsMenuPopupFrame-1.diff

OK. This could probably happen when a menulist is used. Tests for these are toolkit/content/tests/chrome/test_menulist*
Attachment #8908985 - Flags: review?(enndeakin) → review+

Comment 6

23 hours ago
Pushed by jseward@mozilla.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/cfe02dcfa163
Uninitialised value use in nsMenuPopupFrame::SetPopupPosition(nsIFrame*, bool, bool, bool).  r=enndeakin.

Comment 7

21 hours ago
bugherder
https://hg.mozilla.org/mozilla-central/rev/cfe02dcfa163
Status: NEW → RESOLVED
Last Resolved: 21 hours ago
status-firefox57: fix-optional → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla57
Assignee: nobody → jseward
You need to log in before you can comment on or make changes to this bug.