Closed
Bug 155034
Opened 23 years ago
Closed 22 years ago
Uninitialized memory read in imgRequestProxy::OnStartRequest
Categories
(Core :: Graphics: ImageLib, defect)
Core
Graphics: ImageLib
Tracking
()
VERIFIED
FIXED
People
(Reporter: stephend, Assigned: pavlov)
Details
Attachments
(1 file)
663 bytes,
patch
|
Details | Diff | Splinter Review |
Windows 2000, Purify, current trunk.
Just starting mozilla.exe -mail (with one IMAP account), and loading Account
Central, I see:
[W] UMR: Uninitialized memory read in imgRequestProxy::OnStartRequest
(nsIRequest *,nsISupports *) {11 occurrences}
Reading 1 byte from 0x090de035 (1 byte at 0x090de035 uninitialized)
Address 0x090de035 is 29 bytes into a 36 byte block at 0x090de018
Address 0x090de035 points to a C++ new block in heap 0x02720000
Thread ID: 0x4f4
Error location
imgRequestProxy::OnStartRequest(nsIRequest *,nsISupports *)
[imgRequestProxy.cpp:365]
LOG_FUNC_WITH_PARAM
(gImgLog, "imgRequestProxy::OnStartRequest", "name", name.get());
#endif
=> if (!mIsInLoadGroup && mLoadGroup) {
mLoadGroup->AddRequest(this, mContext);
mIsInLoadGroup = PR_TRUE;
}
imgRequest::OnStartRequest(nsIRequest *,nsISupports *)
[imgRequest.cpp:570]
PRInt32 count = mObservers.Count();
for (PRInt32 i = 0; i < count; i++) {
imgRequestProxy *proxy = NS_STATIC_CAST(imgRequestProxy*,
mObservers[i]);
=> if (proxy) proxy->OnStartRequest(aRequest, ctxt);
// If this assertion fires, it means that imgRequest
notifications could
// be dropped!
ProxyListener::OnStartRequest(nsIRequest *,nsISupports *)
[imgLoader.obj:697]
nsJARChannel::OnStartRequest(nsIRequest *,nsISupports *)
[nsJARChannel.cpp:578]
nsOnStartRequestEvent::HandleEvent(void)
[nsRequestObserverProxy.cpp:161]
PL_HandleEvent [plevent.c:596]
PL_ProcessPendingEvents [plevent.c:526]
md_EventReceiverProc [plevent.c:1077]
DestroyWindow [USER32.dll]
TranslateMessageEx [USER32.dll]
Allocation location
new(UINT) [MSVCRT.DLL]
imgLoader::CreateNewProxyForRequest(imgRequest *,nsILoadGroup
*,imgIDecoderObserver *,nsISupports *,UINT,imgIRequest *,imgIRequest * *)
[imgLoader.cpp:509]
imgLoader::LoadImage(nsIURI *,nsIURI *,nsILoadGroup
*,imgIDecoderObserver *,nsISupports *,UINT,nsISupports *,imgIRequest
*,imgIRequest * *) [imgLoader.cpp:408]
nsTreeBodyFrame::GetImage(int,WORD const*,int,nsIStyleContext
*,imgIContainer * *) [nsTreeBodyFrame.cpp:1804]
nsTreeBodyFrame::GetImageSize(int,WORD const*,int,nsIStyleContext *)
[nsTreeBodyFrame.cpp:1872]
nsTreeBodyFrame::PaintImage(int,nsTreeColumn *,nsRect
const&,nsIPresContext *,nsIRenderingContext&,nsRect
const&,nsFramePaintLayer,int&,int&) [nsTreeBodyFrame.cpp:2614]
nsTreeBodyFrame::PaintCell(int,nsTreeColumn *,nsRect
const&,nsIPresContext *,nsIRenderingContext&,nsRect const&,nsFramePaintLayer)
[nsTreeBodyFrame.cpp:2424]
nsTreeBodyFrame::PaintRow(int,nsRect const&,nsIPresContext
*,nsIRenderingContext&,nsRect const&,nsFramePaintLayer)
[nsTreeBodyFrame.cpp:2244]
nsTreeBodyFrame::Paint(nsIPresContext *,nsIRenderingContext&,nsRect
const&,nsFramePaintLayer,UINT) [nsTreeBodyFrame.cpp:2070]
PresShell::Paint(nsIView *,nsIRenderingContext&,nsRect const&)
[nsPresShell.cpp:5843]
nsView::Paint(nsIRenderingContext&,nsRect const&,UINT,int&)
[nsView.cpp:278]
nsViewManager::RenderDisplayListElement(DisplayListElement2
*,nsIRenderingContext&) [nsViewManager.cpp:1190]
nsViewManager::RenderViews(nsView *,nsIRenderingContext&,nsRect
const&,int&) [nsViewManager.cpp:1138]
nsViewManager::Refresh(nsView *,nsIRenderingContext *,nsIRegion *,UINT)
[nsViewManager.cpp:731]
nsViewManager::DispatchEvent(nsGUIEvent *,nsEventStatus *)
[nsViewManager.cpp:1730]
HandleEvent [nsView.cpp:80]
nsWindow::DispatchEvent(nsGUIEvent *,nsEventStatus&) [nsWindow.cpp:1025]
??? [ip=0x0013f52c]
nsWindow::DispatchWindowEvent(nsGUIEvent *,nsEventStatus&)
[nsWindow.cpp:1049]
nsWindow::OnPaint(void) [nsWindow.cpp:4748]
Reporter | ||
Comment 1•23 years ago
|
||
paper@animecity.nu, perhaps you could help out with this?
Comment 2•23 years ago
|
||
Was trying to figure out a crash in the destructor of this class and figured
I'd try initializing mIsInLoadGroup in case that was causing problems, unlikely
but ...
Comment 3•22 years ago
|
||
I'm getting the same problem with linux current trunk using Valgrind.
this is easily visible by printing mIsInLoadGroup (as an int) within
imgRequestProxy::OnStartRequest. it should always be 0 or 1, but (when opening
mail) it is neither ~8 times.
OS: Windows 2000 → All
Reporter | ||
Updated•22 years ago
|
Comment 4•22 years ago
|
||
This was fixed by a checkin from bug 93015.
Status: NEW → RESOLVED
Closed: 22 years ago
Resolution: --- → FIXED
Reporter | ||
Updated•22 years ago
|
QA Contact: tpreston → stephend
Reporter | ||
Comment 5•22 years ago
|
||
Mad props to Rick Potts for fixing this in bug 93015 indeed.
Verified FIXED with my latest Purify run a Windows 2000 trunk build, opt with
symbols.
Status: RESOLVED → VERIFIED
You need to log in
before you can comment on or make changes to this bug.
Description
•