Closed
Bug 1538578
Opened 5 years ago
Closed 4 years ago
Conditional jump or move depends on uninitialised value(s) [@ style::properties::ShorthandId::get_shorthand_appendable_value]
Categories
(Core :: CSS Parsing and Computation, defect, P3)
Core
CSS Parsing and Computation
Tracking
()
RESOLVED
FIXED
Tracking | Status | |
---|---|---|
firefox68 | --- | affected |
People
(Reporter: tsmith, Unassigned)
References
(Blocks 1 open bug)
Details
(Keywords: csectype-uninitialized, testcase, valgrind)
Attachments
(1 file)
234 bytes,
text/html
|
Details |
Reduced with m-c:
BuildID=20190323094805
SourceStamp=59e55930dc0f243357a8730be1a0ca372e6baddb
Conditional jump or move depends on uninitialised value(s)
at 0x1432DD9E: style::properties::ShorthandId::get_shorthand_appendable_value (option.rs:158)
by 0x1432C86A: style::properties::declaration_block::PropertyDeclarationBlock::to_css (declaration_block.rs:996)
by 0x1420D32A: Servo_DeclarationBlock_GetCssText (glue.rs:3778)
by 0x10CEDF4A: nsAttrValue::ToString(nsTSubstring<char16_t>&) const (DeclarationBlock.h:163)
by 0x10C8CE6C: mozilla::dom::Element::GetAttr(int, nsAtom const*, mozilla::dom::DOMString&) const (nsAttrValueInlines.h:245)
by 0x10C65C95: mozilla::dom::Element::GetAttr(int, nsAtom const*, nsTSubstring<char16_t>&) const (Element.cpp:2692)
by 0x10D3528B: nsHTMLContentSerializer::SerializeHTMLAttributes(mozilla::dom::Element*, mozilla::dom::Element*, nsTSubstring<char16_t>&, nsTSubstring<char16_t> const&, nsAtom*, int, nsTSubstring<char16_t>&) (nsHTMLContentSerializer.cpp:79)
by 0x10D35BF4: nsHTMLContentSerializer::AppendElementStart(mozilla::dom::Element*, mozilla::dom::Element*, nsTSubstring<char16_t>&) (nsHTMLContentSerializer.cpp:245)
by 0x10D17DE5: nsDocumentEncoder::SerializeNodeStart(nsINode*, int, int, nsTSubstring<char16_t>&, nsINode*) (nsDocumentEncoder.cpp:335)
by 0x10D1805A: nsDocumentEncoder::SerializeToStringRecursive(nsINode*, nsTSubstring<char16_t>&, bool, unsigned int) (nsDocumentEncoder.cpp:424)
by 0x10D187C2: nsDocumentEncoder::SerializeRangeNodes(nsRange*, nsINode*, nsTSubstring<char16_t>&, int) (nsDocumentEncoder.cpp:642)
by 0x10D18FED: nsDocumentEncoder::SerializeRangeToString(nsRange*, nsTSubstring<char16_t>&) (nsDocumentEncoder.cpp:763)
Uninitialised value was created by a stack allocation
at 0x141FB49A: Servo_DeclarationBlock_Clone (glue.rs:3743)
Flags: in-testsuite?
Comment 1•5 years ago
|
||
This feels like yet another case of LLVM/rustc doing some optimizations that tricks valgrind, but I haven't dug in to confirm.
Priority: -- → P3
Reporter | ||
Comment 2•4 years ago
|
||
:heycam I think you are right. I can confirm this is no longer reproducible with the latest version of Valgrind.
I tested with m-c 20200102-c7082b580eeb
and Valgrind commit 2a7d3ae7681
.
Status: NEW → RESOLVED
Closed: 4 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•