Closed Bug 14171 Opened 25 years ago Closed 25 years ago

ran viewer under purify, got UMR in nsFrameConstructorState::PushFloaterContainingBlock

Categories

(Core :: Layout, defect, P2)

Product:
Core
Component:
Layout
Platform:
x86
Windows NT
Type:
defect

Tracking

()

Status:
VERIFIED FIXED

People

(Reporter: buster, Assigned: buster)

References

(
URL
)

Details

from purify:
[W] UMR: Uninitialized memory read in
nsFrameConstructorState::PushFloaterContainingBlock(nsIFrame
*,nsFrameConstructorSaveState&,int,int) {1 occurrence}
    Reading 4 bytes from 0x0012f850 (4 bytes at 0x0012f850 uninitialized)
    Address 0x0012f850 points into a thread's stack
    Address 0x0012f850 is 48 bytes past the start of local variable 'state' in
nsCSSFrameConstructor::ContentInserted(nsIPresContext *,nsIContent *,nsIContent
*,int)
    Thread ID: 0x56
    Error location
        nsFrameConstructorState::PushFloaterContainingBlock(nsIFrame
*,nsFrameConstructorSaveState&,int,int) [nsCSSFrameConstructor.cpp:320]
        nsCSSFrameConstructor::ConstructDocElementFrame(nsIPresContext
*,nsFrameConstructorState&,nsIContent *,nsIFrame *,nsIStyleContext *,nsIFrame
*&) [nsCSSFrameConstructor.cpp:2225]
        nsCSSFrameConstructor::ContentInserted(nsIPresContext *,nsIContent
*,nsIContent *,int) [nsCSSFrameConstructor.cpp:5512]
        StyleSetImpl::ContentInserted(nsIPresContext *,nsIContent *,nsIContent
*,int) [nsStyleSet.cpp:861]
        PresShell::InitialReflow(int,int) [nsPresShell.cpp:838]
        HTMLContentSink::StartLayout(void) [nsHTMLContentSink.cpp:2349]
        HTMLContentSink::OpenBody(nsIParserNode const&)
[nsHTMLContentSink.cpp:1998]
        ???            [ip=0x05b42de0]
        CNavDTD::OpenContainer(nsIParserNode const&,int) [CNavDTD.cpp:2486]
        CNavDTD::HandleDefaultStartToken(CToken *,nsHTMLTag,nsIParserNode&)
[CNavDTD.cpp:1056]
        CNavDTD::HandleStartToken(CToken *) [CNavDTD.cpp:1288]
        NavDispatchTokenHandler [CNavDTD.cpp:241]
        CNavDTD::HandleToken(CToken *,nsIParser *) [CNavDTD.cpp:743]
        CNavDTD::BuildModel(nsIParser *,nsITokenizer *,nsITokenObserver
*,nsIContentSink *) [CNavDTD.cpp:554]
        nsParser::BuildModel(void) [nsParser.cpp:955]
        nsParser::ResumeParse(nsIDTD *,int) [nsParser.cpp:900]
        nsParser::OnDataAvailable(nsIChannel *,nsISupports *,nsIInputStream
*,UINT,UINT) [nsParser.cpp:1301]
        nsDocumentBindInfo::OnDataAvailable(nsIChannel *,nsISupports
*,nsIInputStream *,UINT,UINT) [nsDocLoader.cpp:1991]
        nsChannelListener::OnDataAvailable(nsIChannel *,nsISupports
*,nsIInputStream *,UINT,UINT) [nsDocLoader.cpp:2263]
        nsFileChannel::OnDataAvailable(nsIChannel *,nsISupports *,nsIInputStream
*,UINT,UINT) [nsFileChannel.cpp:485]
        nsOnDataAvailableEvent::HandleEvent(void)
[nsAsyncStreamListener.cpp:344]
        nsStreamListenerEvent::HandlePLEvent(PLEvent *)
[nsAsyncStreamListener.cpp:144]
        ???            [ip=0x0284a6d4]
        DispatchMessageA [USER32.dll]
        ???            [ip=0x028a39a0]
        main           [nsWinMain.cpp:133]
Severity: normal → major
Priority: P3 → P2
forgot to mention, many instances of this same UMR occur per url load.
Assignee: troy → kipp
Kipp, this looks to be related to some member data you added.

It looks like PlushFloaterContainingBlock() should also have this line (the
one with the '+' in front) as well:
  aSaveState.mFirstLetterStyle = &mFirstLetterStyle;
+ aSaveState.mFirstLineStyle = &mFirstLineStyle;
  aSaveState.mSavedItems = mFloatedItems;
Status: NEW → ASSIGNED
Status: ASSIGNED → RESOLVED
Closed: 25 years ago
Resolution: --- → FIXED
Fixed. Thanks for the data
Status: RESOLVED → VERIFIED
Based on Kipp's comments, marking as verified fixed.
You need to log in before you can comment on or make changes to this bug.