Closed Bug 353110 Opened 19 years ago Closed 10 years ago

Uninitialized value used in nsFrameIterator::CurrentItem()

Categories

(Core :: Layout, defect)

Product:
Core
Component:
Layout
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 378339

People

(Reporter: sum1abi, Unassigned)

Details

User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9a1) Gecko/20060917 Minefield/3.0a1 Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9a1) Gecko/20060917 Minefield/3.0a1 mOffEdge is uninitialized when evaluated in the following if statement: nsFrameTraversal.cpp: 243 if (mOffEdge) Breakpoint 2, nsFrameIterator::CurrentItem (this=0x91f0aa8, aItem=0xbf8162c0) at /home/s/cvs/mozilla/layout/base/nsFrameTraversal.cpp:243 243 if (mOffEdge) (gdb) p mOffEdge $1 = 100 'd' A comment on line 127 of nsFrameTraversal.cpp seems to indicate that mOffEdge's value should be -1, 0, or 1: 127: PRInt8 mOffEdge; //0= no -1 to far prev, 1 to far next; Reproducible: Always Steps to Reproduce: 1. Load about:blank (this might be unnecessary) 2. Select 'Manage Search Engines' from the search bar dropdown menu ==15349== Conditional jump or move depends on uninitialised value(s) ==15349== at 0x691F9F3: nsFrameIterator::CurrentItem(nsISupports**) (nsFrameTraversal.cpp:243) ==15349== by 0x6C1D998: nsEventStateManager::GetNextTabbableContent(nsIContent*, nsIContent*, nsIFrame*, int, int, nsIContent**, nsIFrame**) (nsEventStateManager.cpp:3744) ==15349== by 0x6C1E24F: nsEventStateManager::ShiftFocusInternal(int, nsIContent*) (nsEventStateManager.cpp:3494) ==15349== by 0x6C1EEA8: nsEventStateManager::ShiftFocus(int, nsIContent*) (nsEventStateManager.cpp:3378) ==15349== by 0x6DCC56F: nsFocusController::MoveFocus(int, nsIDOMElement*) (nsFocusController.cpp:302) ==15349== by 0x6D85943: nsXULCommandDispatcher::AdvanceFocusIntoSubtree(nsIDOMElement*) (nsXULCommandDispatcher.cpp:233) ==15349== by 0x422F97C: XPTC_InvokeByIndex (in /home/s/cvs/mozilla/obj-i686-pc-linux-gnu/xpcom/build/libxpcom_core.so) ==15349== by 0x47D17AA: XPCWrappedNative::CallMethod(XPCCallContext&, XPCWrappedNative::CallMode) (xpcwrappednative.cpp:2162) ==15349== by 0x47DFC8D: XPC_WN_CallMethod(JSContext*, JSObject*, unsigned, long*, long*) (xpcwrappednativejsops.cpp:1449) ==15349== by 0x40B7D8E: js_Invoke (jsinterp.c:1373) ==15349== by 0x40CC218: js_Interpret (jsinterp.c:4098) ==15349== by 0x40B7E18: js_Invoke (jsinterp.c:1392)
Status: UNCONFIRMED → RESOLVED
Closed: 10 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.