Closed Bug 243928 Opened 20 years ago Closed 4 years ago

[W] UMR: Uninitialized memory read in nsTextFragment::SetBidiFlag(void) {4 occurrences}

Categories

(Core :: DOM: Core & HTML, defect, P5)

x86
Windows XP
defect

Tracking

()

RESOLVED INVALID

People

(Reporter: timeless, Unassigned)

Details

[W] UMR: Uninitialized memory read in nsTextFragment::SetBidiFlag(void) {4 occurrences} Reading 1 byte from 0x089c3669 (1 byte at 0x089c3669 uninitialized) Address 0x089c3669 is 9 bytes into a 42 byte block at 0x089c3660 Address 0x089c3669 points to a HeapAlloc'd block in heap 0x00d80000 Thread ID: 0xa08 Error location nsTextFragment::SetBidiFlag(void)+0x5a [r:\mozilla\content\shared\src\nstextfragment.cpp:353 ip=0x045785c6] memcpy(aDest, m1b + aOffset, sizeof(char) * aCount); } } } // To save time we only do this when we really want to know, not during // every allocation void nsTextFragment::SetBidiFlag() { if (mState.mIs2b && !mState.mIsBidi) { const PRUnichar* cp = m2b; const PRUnichar* end = cp + mState.mLength; while (cp < end) { => PRUnichar ch = *cp++; if (CHAR_IS_BIDI(ch) ) { mState.mIsBidi = PR_TRUE; break; } } } } nsGenericDOMDataNode::SetBidiStatus(void)+0x46 [r:\mozilla\content\base\src\nsgenericdomdatanode.cpp:1253 ip=0x04408988] nsGenericDOMDataNode::SetText(nsAString const&,int)+0x176 [r:\mozilla\content\base\src\nsgenericdomdatanode.cpp:1143 ip=0x0440a9a3] nsGenericDOMDataNode::AppendData(nsAString const&)+0x250 [r:\mozilla\content\base\src\nsgenericdomdatanode.cpp:415 ip=0x044092b2] Allocation location HeapAlloc+0xc [C:\WINDOWS\System32\KERNEL32.dll ip=0x67e633c8] heap_alloc+0x4a [f:\vs70builds\9466 \vc\crtbld\crt\src\malloc.c:211 ip=0x7c0010d3] nh_malloc+0x10 [C:\WINDOWS\System32\MSVCR70.dll:106 ip=0x7c00107b] nsMemoryImpl::Alloc(UINT)+0x34 [r:\mozilla\xpcom\base\nsmemoryimpl.cpp:325 ip=0x0177243a] nsMemory::Alloc(UINT)+0xbb [r:\mozilla\xpcom\glue\nsmemory.cpp:87 ip=0x017a9d82] ToNewUnicode(nsAString const&)+0x5b [r:\mozilla\xpcom\string\src\nsreadableutils.cpp:369 ip=0x0179e049] nsTextFragment::=(nsAString const&)+0x155 [r:\mozilla\content\shared\src\nstextfragment.cpp:150 ip=0x04577f46] if (length > 0) { PRBool in_heap = PR_TRUE; if (IsASCII(aString)) { if (length == 1 && aString.First() == '\n') { m1b = &sNewLineCharacter; in_heap = PR_FALSE; } else { m1b = (unsigned char *)ToNewCString(aString); } mState.mIs2b = PR_FALSE; } else { => m2b = ToNewUnicode(aString); mState.mIs2b = PR_TRUE; } mState.mInHeap = in_heap; mState.mLength = length; } return *this; } void nsTextFragment::SetTo(PRUnichar *aBuffer, PRInt32 aLength, PRBool aRelease) { ReleaseText(); nsGenericDOMDataNode::SetText(nsAString const&,int)+0x163 [r:\mozilla\content\base\src\nsgenericdomdatanode.cpp:1141 ip=0x0440a990] nsGenericDOMDataNode::AppendData(nsAString const&)+0x250 [r:\mozilla\content\base\src\nsgenericdomdatanode.cpp:415 ip=0x044092b2] hit 15 times while running international browser buster
Status: UNCONFIRMED → NEW
Ever confirmed: true
Priority: -- → P5
Assignee: general → nobody
QA Contact: ian → general
Component: DOM → DOM: Core & HTML

I cannot find this code through searchfox.

Status: NEW → RESOLVED
Closed: 4 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.