Closed Bug 3620 Opened 27 years ago Closed 27 years ago

Uninitialized memory read in nsRangeList::TakeFocus()

Categories

(Core :: DOM: Selection, defect, P3)

Product:
Core
Component:
DOM: Selection
Type:
defect

Tracking

()

Status:
VERIFIED FIXED

People

(Reporter: bruce, Assigned: mjudge)

Details

Uninitialized memory read in nsRangeList::TakeFocus(). The uses of the variable 'beginoffset' in 810 and 807 are initialized in some cases. While it appears that they are initialized in the call to aFrame->GetSelected(), there are 2 versions of that method. The one on nsFrame does not initialize all of the arguments. The one on TextFrame does. line 807: aFrame->SetSelected(PR_TRUE, beginoffset, aOffset, PR_FALSE); line 810: if (beginoffset <= aOffset) line 806 (apparent initialization): if (NS_SUCCEEDED(aFrame->GetSelected(&selected, &beginoffset, &endoffset, &begincontentoffset))){
Summary: Uninitialized memory read in nsRangeList::TakeFocus()
Target Milestone: M3
Status: NEW → RESOLVED
Closed: 27 years ago
Resolution: --- → FIXED
Target Milestone: M3 → M4
fixed! thanks claudius for running purify!!!
If only I could take credit for running purify but alas, 'twas not I. On that note, could either the reporter or engineer crank up purify and verify(and mark it VERIFIED) this bug as I am without the expertise and tools to do so?
Status: RESOLVED → VERIFIED
Per a request from Selection and Search component eng (mjudge) and qa (elig), moving all "Selection and Search" bugs to new "Selection" component. Original "Selection and Search" component will be retired.
You need to log in before you can comment on or make changes to this bug.