UMR: nsEditor::JoinNodesImpl()

VERIFIED FIXED in M6

Status

()

P3
normal
VERIFIED FIXED
20 years ago
12 years ago

People

(Reporter: bruce, Assigned: kinmoz)

Tracking

Trunk
Sun
Solaris
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

20 years ago
Pull/build from April 8, 1999. Solaris 2.6, Purify, gcc 2.7.2.3.  Launch
apprunner, pull up editor, i selected some text, made it bold, italics, etc.
each undo thereafter (not sure about the very first undo, maybe each after the
first undo) caused this UMR.

****  Purify instrumented ./apprunner.pure (pid 16118)  ****
UMR: Uninitialized memory read (3 times):
  * This is occurring while in:
        nsEditor::JoinNodesImpl(nsIDOMNode*,nsIDOMNode*,nsIDOMNode*,int)
[nsEditor.cpp:1998]
        SplitElementTxn::Undo() [SplitElementTxn.cpp:112]
        nsTransactionItem::Undo() [nsTransactionItem.cpp:125]
        nsTransactionItem::UndoChildren() [nsTransactionItem.cpp:168]
        nsTransactionItem::Undo() [nsTransactionItem.cpp:109]
        nsTransactionManager::Undo() [nsTransactionManager.cpp:145]
        nsEditor::Undo(unsigned int) [nsEditor.cpp:721]
        nsTextEditor::Undo(unsigned int) [nsTextEditor.cpp:728]
        nsHTMLEditor::Undo(unsigned int) [nsHTMLEditor.cpp:224]
        nsEditorAppCore::Undo() [nsEditorAppCore.cpp:712]
        EditorAppCoreUndo(JSContext*,JSObject*,unsigned int,long*,long*)
[nsJSEditorAppCore.cpp:338]
        js_Invoke      [jsinterp.c:650]
        js_Interpret   [jsinterp.c:2183]
        js_Invoke      [jsinterp.c:666]
        js_Interpret   [jsinterp.c:2183]
        js_Invoke      [jsinterp.c:666]
        js_CallFunctionValue [jsinterp.c:735]
        JS_CallFunctionValue [jsapi.c:2369]
        nsJSEventListener::HandleEvent(nsIDOMEvent*) [nsJSEventListener.cpp:93]

nsEventListenerManager::HandleEvent(nsIPresContext&,nsEvent*,nsIDOMEvent**,unsig
ned int,nsEventStatus&) [nsEventListenerManager.cpp:555]

RDFElementImpl::HandleDOMEvent(nsIPresContext&,nsEvent*,nsIDOMEvent**,unsigned
int,nsEventStatus&) [nsRDFElement.cpp:2200]
        nsXULCommand::DoCommand() [nsXULCommand.cpp:174]
        nsXULCommand::MenuSelected(const nsMenuEvent&) [nsXULCommand.cpp:205]
        nsMenuItem::MenuSelected(const nsMenuEvent&) [nsMenuItem.cpp:327]
        menu_item_activate_handler(_GtkWidget*,void*)
[nsGtkEventHandler.cpp:625]
        gtk_marshal_NONE__NONE [gtkmarshal.c:363]
        gtk_handlers_run [gtksignal.c:1909]
        gtk_signal_real_emit [gtksignal.c:1469]
        gtk_signal_emit [gtksignal.c:552]
        gtk_widget_activate [gtkwidget.c:2810]
  * Reading 4 bytes from 0xefffcc14 on the stack.
  * Address 0xefffcc14 is local variable "result" in function
nsEditor::JoinNodesImpl(nsIDOMNode*,nsIDOMNode*,nsIDOMNode*,int).
(Assignee)

Updated

20 years ago
Status: NEW → ASSIGNED
(Assignee)

Updated

20 years ago
Target Milestone: M6
(Assignee)

Comment 1

20 years ago
Set milestone to M6, I'll be running purify and fixing all UMRs that come up in
the editor.

This is pretty easy to fix ... looks like the variable result might be used
before it is initialized.
(Assignee)

Comment 2

20 years ago
I have a fix for this. I'll check it in when the tree opens.
(Assignee)

Updated

20 years ago
Status: ASSIGNED → RESOLVED
Last Resolved: 20 years ago
Resolution: --- → FIXED
(Assignee)

Comment 3

20 years ago
Checked in fix to nsEditor.cpp (revision 1.90).
(Reporter)

Updated

20 years ago
Status: RESOLVED → VERIFIED
(Reporter)

Comment 4

20 years ago
Looks good!

Updated

12 years ago
You need to log in before you can comment on or make changes to this bug.