Uninitialized memory read in nsParser::ResumeParser()

VERIFIED FIXED

Status

()

Core
HTML: Parser
P3
normal
VERIFIED FIXED
19 years ago
19 years ago

People

(Reporter: Bruce Mitchener, Assigned: rickg)

Tracking

Trunk
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

19 years ago
Solaris 2.6, gcc 2.7.2.3, pull from 2pm PST on March 12, 1999.

UMR: Uninitialized memory read:
  * This is occurring while in:
        nsParser::ResumeParse(nsIDTD*) [nsParser.cpp:754]
        nsParser::Parse(nsString&,void*,const nsString&,int,int)
[nsParser.cpp:719]
        PresShell::DoCopy(nsISelectionMgr*) [nsPresShell.cpp:1528]
        nsBrowserWindow::DoCopy() [nsBrowserWindow.cpp:1975]
        nsBrowserWindow::DispatchMenuItem(int) [nsBrowserWindow.cpp:520]
        nsNativeBrowserWindow::DispatchMenuItem(int) [nsGTKMain.cpp:84]
        gtk_ifactory_cb(void*,unsigned int,_GtkWidget*) [nsGTKMenu.cpp:35]
        gtk_item_factory_callback_marshal [gtkitemfactory.c:274]
        gtk_marshal_NONE__NONE [gtkmarshal.c:363]
        gtk_handlers_run [gtksignal.c:1909]
        gtk_signal_real_emit [gtksignal.c:1469]
        gtk_signal_emit [gtksignal.c:552]
        gtk_widget_activate [gtkwidget.c:2810]
        gtk_menu_shell_activate_item [gtkmenushell.c:834]
        gtk_menu_shell_button_release [gtkmenushell.c:497]
        gtk_marshal_BOOL__POINTER [gtkmarshal.c:32]
        gtk_signal_real_emit [gtksignal.c:1484]
        gtk_signal_emit [gtksignal.c:552]
        gtk_widget_event [gtkwidget.c:2784]
        gtk_propagate_event [gtkmain.c:1295]
        gtk_main_do_event [gtkmain.c:752]
        gdk_event_dispatch [gdkevents.c:2086]
        g_main_dispatch [gmain.c:647]
        g_main_iterate [gmain.c:854]
        g_main_run     [gmain.c:912]
        gtk_main       [gtkmain.c:475]
        nsAppShell::Run() [nsAppShell.cpp:152]
        nsNativeViewerApp::Run() [nsGTKMain.cpp:42]
        main           [nsGTKMain.cpp:97]
        _start         [crt1.o]
  * Reading 4 bytes from 0x773898 in the heap.
  * Address 0x773898 is 56 bytes into a malloc'd block at 0x773860 of 80 bytes.
  * This block was allocated from:
        malloc         [rtlib.o]
        __bUiLtIn_nEw  [libgcc.a]
        __builtin_new  [rtlib.o]
        nsParserFactory::CreateInstance(nsISupports*,const nsID&,void**)
[nsParserFactory.cpp:124]
        nsComponentManagerImpl::CreateInstance(const nsID&,nsISupports*,const
nsID&,void**) [nsComponentManager.cpp:1123]
        nsComponentManager::CreateInstance(const nsID&,nsISupports*,const
nsID&,void**) [nsRepository.cpp:67]
        PresShell::DoCopy(nsISelectionMgr*) [nsPresShell.cpp:1496]
        nsBrowserWindow::DoCopy() [nsBrowserWindow.cpp:1975]
        nsBrowserWindow::DispatchMenuItem(int) [nsBrowserWindow.cpp:520]
        nsNativeBrowserWindow::DispatchMenuItem(int) [nsGTKMain.cpp:84]
        gtk_ifactory_cb(void*,unsigned int,_GtkWidget*) [nsGTKMenu.cpp:35]
        gtk_item_factory_callback_marshal [gtkitemfactory.c:274]
        gtk_marshal_NONE__NONE [gtkmarshal.c:363]
        gtk_handlers_run [gtksignal.c:1909]
        gtk_signal_real_emit [gtksignal.c:1469]
        gtk_signal_emit [gtksignal.c:552]
        gtk_widget_activate [gtkwidget.c:2810]
        gtk_menu_shell_activate_item [gtkmenushell.c:834]
        gtk_menu_shell_button_release [gtkmenushell.c:497]
        gtk_marshal_BOOL__POINTER [gtkmarshal.c:32]
        gtk_signal_real_emit [gtksignal.c:1484]
        gtk_signal_emit [gtksignal.c:552]
        gtk_widget_event [gtkwidget.c:2784]
        gtk_propagate_event [gtkmain.c:1295]
        gtk_main_do_event [gtkmain.c:752]
        gdk_event_dispatch [gdkevents.c:2086]
        g_main_dispatch [gmain.c:647]
        g_main_iterate [gmain.c:854]
        g_main_run     [gmain.c:912]
        gtk_main       [gtkmain.c:475]
(Reporter)

Comment 1

19 years ago
I posted another stack trace and a possible fix for this in
netscape.public.mozilla.patches (and emailed to owners/peers of the htmlparser).
(Assignee)

Updated

19 years ago
Status: NEW → ASSIGNED
(Assignee)

Updated

19 years ago
Status: ASSIGNED → RESOLVED
Last Resolved: 19 years ago
Resolution: --- → FIXED
(Assignee)

Comment 2

19 years ago
Fixed by simply initializing the variable. No risk.
(Reporter)

Updated

19 years ago
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.