Closed Bug 455058 Opened 16 years ago Closed 15 years ago

uninitialized read nsNavHistoryExpire::OnQuit() (nsNavHistoryExpire.cpp:217)

Categories

(Core Graveyard :: History: Global, defect)

Product:
Core Graveyard
Component:
History: Global
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 495889

People

(Reporter: mcmanus, Unassigned)

Details

User-Agent:       Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.1) Gecko/2008072820 Firefox/3.0.1
Build Identifier: mozilla-central 9/12/08

I saw this using valgrind on fennec (mobile firefox) and the command line

mobilebase/mobile/dist/bin/fennec -tpcycles 1 -tp manifest -tpformat text

-tp will shutdown the browser after loading the pages in the manifest.. that's when valgrind reports this:

==13806== Conditional jump or move depends on uninitialised value(s)
==13806==    at 0x1E5727A6: nsNavHistoryExpire::OnQuit() (nsNavHistoryExpire.cpp:217)
==13806==    by 0x1E55FC27: nsNavHistory::Observe(nsISupports*, char const*, unsigned short const*) (nsNavHistory.cpp:4686)
==13806==    by 0x6EBEACB: nsObserverList::NotifyObservers(nsISupports*, char const*, unsigned short const*) (nsObserverList.cpp:128)
==13806==    by 0x6EBFE0C: nsObserverService::NotifyObservers(nsISupports*, char const*, unsigned short const*) (nsObserverService.cpp:181)
==13806==    by 0x166F435E: nsAppStartup::Quit(unsigned) (nsAppStartup.cpp:300)
==13806==    by 0x6F31DF3: NS_InvokeByIndex_P (xptcinvoke_x86_64_linux.cpp:208)
==13806==    by 0x121D439D: XPCWrappedNative::CallMethod(XPCCallContext&, XPCWrappedNative::CallMode) (xpcwrappednative.cpp:2393)
==13806==    by 0x121E1118: XPC_WN_CallMethod(JSContext*, JSObject*, unsigned, long*, long*) (xpcwrappednativejsops.cpp:1473)
==13806==    by 0xC23056C: js_Invoke (jsinterp.cpp:1306)
==13806==    by 0xC2229DA: js_Interpret (jsinterp.cpp:4976)
==13806==    by 0xC23060A: js_Invoke (jsinterp.cpp:1324)
==13806==    by 0x121CCF9D: nsXPCWrappedJSClass::CallMethod(nsXPCWrappedJS*, unsigned short, XPTMethodDescriptor const*, nsXPTCMiniVariant*) (xpcwrappedjsclass.cpp:1523)


The code in question is:

  PRBool sanitizeOnShutdown , sanitizeHistory;
  prefs->GetBoolPref(PREF_SANITIZE_ON_SHUTDOWN, &sanitizeOnShutdown);
  prefs->GetBoolPref(PREF_SANITIZE_ITEM_HISTORY, &sanitizeHistory);
  if (sanitizeHistory && sanitizeOnShutdown)
    return;

Pretty clearly the getboolpref()'s fail becuse the prefernce service has already shutdown (this is onquit() afterall).

in my local copy I initialized them to PR_FALSE, but it isn't clear to me what they should be if the pref service is not running. But it clearly shouldn't be a roll of the dice.


Reproducible: Always

Steps to Reproduce:
1.
2.
3.
Status: UNCONFIRMED → RESOLVED
Closed: 15 years ago
Resolution: --- → DUPLICATE
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.