Closed Bug 386889 Opened 18 years ago Closed 18 years ago

nsObjectLoadingContent should null-initialize mPendingInstantiateEvent (uninitialized memory read/jump)

Categories

(Core Graveyard :: Plug-ins, defect)

Product:
Core Graveyard
Component:
Plug-ins
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: dbaron, Assigned: dbaron)

References

Details

Attachments

(1 file)

patch
542 bytes, patch
Biesinger
: review+
Biesinger
: superreview+
Details | Diff | Splinter Review
While loading the scriptaculous mochitest under valgrind (the one test in dom/tests/mochitest/ajax/scriptaculous/), I saw: ==21933== Conditional jump or move depends on uninitialised value(s) ==21933== at 0x66BBD3D: nsObjectLoadingContent::LoadObject(nsIURI*, int, nsCString const&, int) (nsObjectLoadingContent.cpp:747) ==21933== by 0x6767EBF: nsHTMLSharedObjectElement::StartObjectLoad(int) (nsHTMLSharedObjectElement.cpp:412) ==21933== by 0x67689A1: nsHTMLSharedObjectElement::BindToTree(nsIDocument*, nsIContent*, nsIContent*, int) (nsHTMLSharedObjectElement.cpp:250) ... looks like mPendingInstantiateEvent should be null-initialized in the constructor. (This is pretty harmless given the code.)
Attached patch patchSplinter Review
Assignee: nobody → dbaron
Status: NEW → ASSIGNED
Attachment #270972 - Flags: superreview?(cbiesinger)
Attachment #270972 - Flags: review?(cbiesinger)
Attachment #270972 - Flags: superreview?(cbiesinger)
Attachment #270972 - Flags: superreview+
Attachment #270972 - Flags: review?(cbiesinger)
Attachment #270972 - Flags: review+
Checked in to trunk.
Status: ASSIGNED → RESOLVED
Closed: 18 years ago
Resolution: --- → FIXED
Flags: in-testsuite-
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: