Closed Bug 1538578 Opened 5 years ago Closed 4 years ago

Conditional jump or move depends on uninitialised value(s) [@ style::properties::ShorthandId::get_shorthand_appendable_value]

Categories

(Core :: CSS Parsing and Computation, defect, P3)

Product:
Core
Component:
CSS Parsing and Computation
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Tracking Flags:
Tracking Status
firefox68 --- affected

People

(Reporter: tsmith, Unassigned)

References

(Blocks 1 open bug)

Details

(Keywords: csectype-uninitialized, testcase, valgrind)

Attachments

(1 file)

testcase.html
234 bytes, text/html
Details
Attached file testcase.html

Reduced with m-c:
BuildID=20190323094805
SourceStamp=59e55930dc0f243357a8730be1a0ca372e6baddb

Conditional jump or move depends on uninitialised value(s)
   at 0x1432DD9E: style::properties::ShorthandId::get_shorthand_appendable_value (option.rs:158)
   by 0x1432C86A: style::properties::declaration_block::PropertyDeclarationBlock::to_css (declaration_block.rs:996)
   by 0x1420D32A: Servo_DeclarationBlock_GetCssText (glue.rs:3778)
   by 0x10CEDF4A: nsAttrValue::ToString(nsTSubstring<char16_t>&) const (DeclarationBlock.h:163)
   by 0x10C8CE6C: mozilla::dom::Element::GetAttr(int, nsAtom const*, mozilla::dom::DOMString&) const (nsAttrValueInlines.h:245)
   by 0x10C65C95: mozilla::dom::Element::GetAttr(int, nsAtom const*, nsTSubstring<char16_t>&) const (Element.cpp:2692)
   by 0x10D3528B: nsHTMLContentSerializer::SerializeHTMLAttributes(mozilla::dom::Element*, mozilla::dom::Element*, nsTSubstring<char16_t>&, nsTSubstring<char16_t> const&, nsAtom*, int, nsTSubstring<char16_t>&) (nsHTMLContentSerializer.cpp:79)
   by 0x10D35BF4: nsHTMLContentSerializer::AppendElementStart(mozilla::dom::Element*, mozilla::dom::Element*, nsTSubstring<char16_t>&) (nsHTMLContentSerializer.cpp:245)
   by 0x10D17DE5: nsDocumentEncoder::SerializeNodeStart(nsINode*, int, int, nsTSubstring<char16_t>&, nsINode*) (nsDocumentEncoder.cpp:335)
   by 0x10D1805A: nsDocumentEncoder::SerializeToStringRecursive(nsINode*, nsTSubstring<char16_t>&, bool, unsigned int) (nsDocumentEncoder.cpp:424)
   by 0x10D187C2: nsDocumentEncoder::SerializeRangeNodes(nsRange*, nsINode*, nsTSubstring<char16_t>&, int) (nsDocumentEncoder.cpp:642)
   by 0x10D18FED: nsDocumentEncoder::SerializeRangeToString(nsRange*, nsTSubstring<char16_t>&) (nsDocumentEncoder.cpp:763)
 Uninitialised value was created by a stack allocation
   at 0x141FB49A: Servo_DeclarationBlock_Clone (glue.rs:3743)
Flags: in-testsuite?

This feels like yet another case of LLVM/rustc doing some optimizations that tricks valgrind, but I haven't dug in to confirm.

Priority: -- → P3

:heycam I think you are right. I can confirm this is no longer reproducible with the latest version of Valgrind.

I tested with m-c 20200102-c7082b580eeb and Valgrind commit 2a7d3ae7681.

Status: NEW → RESOLVED
Closed: 4 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: