Closed Bug 155034 Opened 23 years ago Closed 22 years ago

Uninitialized memory read in imgRequestProxy::OnStartRequest

Categories

(Core :: Graphics: ImageLib, defect)

defect
Not set
normal

Tracking

()

VERIFIED FIXED

People

(Reporter: stephend, Assigned: pavlov)

Details

Attachments

(1 file)

Windows 2000, Purify, current trunk. Just starting mozilla.exe -mail (with one IMAP account), and loading Account Central, I see: [W] UMR: Uninitialized memory read in imgRequestProxy::OnStartRequest (nsIRequest *,nsISupports *) {11 occurrences} Reading 1 byte from 0x090de035 (1 byte at 0x090de035 uninitialized) Address 0x090de035 is 29 bytes into a 36 byte block at 0x090de018 Address 0x090de035 points to a C++ new block in heap 0x02720000 Thread ID: 0x4f4 Error location imgRequestProxy::OnStartRequest(nsIRequest *,nsISupports *) [imgRequestProxy.cpp:365] LOG_FUNC_WITH_PARAM (gImgLog, "imgRequestProxy::OnStartRequest", "name", name.get()); #endif => if (!mIsInLoadGroup && mLoadGroup) { mLoadGroup->AddRequest(this, mContext); mIsInLoadGroup = PR_TRUE; } imgRequest::OnStartRequest(nsIRequest *,nsISupports *) [imgRequest.cpp:570] PRInt32 count = mObservers.Count(); for (PRInt32 i = 0; i < count; i++) { imgRequestProxy *proxy = NS_STATIC_CAST(imgRequestProxy*, mObservers[i]); => if (proxy) proxy->OnStartRequest(aRequest, ctxt); // If this assertion fires, it means that imgRequest notifications could // be dropped! ProxyListener::OnStartRequest(nsIRequest *,nsISupports *) [imgLoader.obj:697] nsJARChannel::OnStartRequest(nsIRequest *,nsISupports *) [nsJARChannel.cpp:578] nsOnStartRequestEvent::HandleEvent(void) [nsRequestObserverProxy.cpp:161] PL_HandleEvent [plevent.c:596] PL_ProcessPendingEvents [plevent.c:526] md_EventReceiverProc [plevent.c:1077] DestroyWindow [USER32.dll] TranslateMessageEx [USER32.dll] Allocation location new(UINT) [MSVCRT.DLL] imgLoader::CreateNewProxyForRequest(imgRequest *,nsILoadGroup *,imgIDecoderObserver *,nsISupports *,UINT,imgIRequest *,imgIRequest * *) [imgLoader.cpp:509] imgLoader::LoadImage(nsIURI *,nsIURI *,nsILoadGroup *,imgIDecoderObserver *,nsISupports *,UINT,nsISupports *,imgIRequest *,imgIRequest * *) [imgLoader.cpp:408] nsTreeBodyFrame::GetImage(int,WORD const*,int,nsIStyleContext *,imgIContainer * *) [nsTreeBodyFrame.cpp:1804] nsTreeBodyFrame::GetImageSize(int,WORD const*,int,nsIStyleContext *) [nsTreeBodyFrame.cpp:1872] nsTreeBodyFrame::PaintImage(int,nsTreeColumn *,nsRect const&,nsIPresContext *,nsIRenderingContext&,nsRect const&,nsFramePaintLayer,int&,int&) [nsTreeBodyFrame.cpp:2614] nsTreeBodyFrame::PaintCell(int,nsTreeColumn *,nsRect const&,nsIPresContext *,nsIRenderingContext&,nsRect const&,nsFramePaintLayer) [nsTreeBodyFrame.cpp:2424] nsTreeBodyFrame::PaintRow(int,nsRect const&,nsIPresContext *,nsIRenderingContext&,nsRect const&,nsFramePaintLayer) [nsTreeBodyFrame.cpp:2244] nsTreeBodyFrame::Paint(nsIPresContext *,nsIRenderingContext&,nsRect const&,nsFramePaintLayer,UINT) [nsTreeBodyFrame.cpp:2070] PresShell::Paint(nsIView *,nsIRenderingContext&,nsRect const&) [nsPresShell.cpp:5843] nsView::Paint(nsIRenderingContext&,nsRect const&,UINT,int&) [nsView.cpp:278] nsViewManager::RenderDisplayListElement(DisplayListElement2 *,nsIRenderingContext&) [nsViewManager.cpp:1190] nsViewManager::RenderViews(nsView *,nsIRenderingContext&,nsRect const&,int&) [nsViewManager.cpp:1138] nsViewManager::Refresh(nsView *,nsIRenderingContext *,nsIRegion *,UINT) [nsViewManager.cpp:731] nsViewManager::DispatchEvent(nsGUIEvent *,nsEventStatus *) [nsViewManager.cpp:1730] HandleEvent [nsView.cpp:80] nsWindow::DispatchEvent(nsGUIEvent *,nsEventStatus&) [nsWindow.cpp:1025] ??? [ip=0x0013f52c] nsWindow::DispatchWindowEvent(nsGUIEvent *,nsEventStatus&) [nsWindow.cpp:1049] nsWindow::OnPaint(void) [nsWindow.cpp:4748]
paper@animecity.nu, perhaps you could help out with this?
Was trying to figure out a crash in the destructor of this class and figured I'd try initializing mIsInLoadGroup in case that was causing problems, unlikely but ...
I'm getting the same problem with linux current trunk using Valgrind. this is easily visible by printing mIsInLoadGroup (as an int) within imgRequestProxy::OnStartRequest. it should always be 0 or 1, but (when opening mail) it is neither ~8 times.
OS: Windows 2000 → All
Keywords: nsbeta1, patch, review
Hardware: PC → All
This was fixed by a checkin from bug 93015.
Status: NEW → RESOLVED
Closed: 22 years ago
Resolution: --- → FIXED
QA Contact: tpreston → stephend
Mad props to Rick Potts for fixing this in bug 93015 indeed. Verified FIXED with my latest Purify run a Windows 2000 trunk build, opt with symbols.
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: