Closed Bug 480032 Opened 15 years ago Closed 15 years ago

"Conditional jump or move depends on uninitialised value(s)" [@ _cairo_restrict_value]

Categories

(Core :: Graphics, defect)

Product:
Core
Component:
Graphics
Type:
defect
Priority:
Not set
Severity:
minor

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: MatsPalmgren_bugz, Assigned: MatsPalmgren_bugz)

References

(
URL
)

Details

(Keywords: fixed1.9.1, valgrind)

Attachments

(2 files)

valgrind 3.4.0 log, with --track-origins=yes
5.72 KB, text/plain
Details
Patch rev. 1
1017 bytes, patch
vlad
: review+
vlad
: superreview+
sayrer
: approval1.9.1+
Details | Diff | Splinter Review 
"Conditional jump or move depends on uninitialised value(s)" [@ _cairo_restrict_value]

STEPS TO REPRODUCE
0. build Firefox trunk debug with:
ac_add_options --enable-tests
ac_add_options --enable-optimize="-fno-omit-frame-pointer -fno-asynchronous-unwind-tables -fno-inline -O -g -ggdb -DDEBUG_TRACEMALLOC_FRAMEARENA"
ac_add_options --enable-debug
ac_add_options --enable-jemalloc
ac_add_options --with-valgrind

1. run it under valgrind

ACTUAL RESULT
see attached valgrind log

In layout/generic/nsImageFrame.cpp:
The uninitialized value is stored locally as 'oldColor' and when it's
restored by SetColor() valgrind detects it eventually (see log):

  1082      // if we could not draw the image, then just draw some graffiti
  1083      if (!iconUsed) {
  1084        nscolor oldColor;
  1085        nscoord iconXPos = (vis->mDirection ==   NS_STYLE_DIRECTION_RTL) ?
  1086                           inner.XMost() - size : inner.x;
  1087        nscoord twoPX = nsPresContext::CSSPixelsToAppUnits(2);
  1088        aRenderingContext.DrawRect(iconXPos, inner.y,size,size);
  1089        aRenderingContext.GetColor(oldColor);
  1090        aRenderingContext.SetColor(NS_RGB(0xFF,0,0));
  1091        aRenderingContext.FillEllipse(size/2 + iconXPos, size/2 + inner.y,
  1092                                      size/2 - twoPX, size/2 - twoPX);
  1093        aRenderingContext.SetColor(oldColor);
  1094      }
Attached patch Patch rev. 1Splinter Review 

        Attachment #363962 -
        Flags: superreview?(vladimir)

        Attachment #363962 -
        Flags: review?(vladimir)

        Attachment #363962 -
        Flags: superreview?(vladimir)

        Attachment #363962 -
        Flags: superreview+

        Attachment #363962 -
        Flags: review?(vladimir)

        Attachment #363962 -
        Flags: review+

    
    

    
  
http://hg.mozilla.org/mozilla-central/rev/3c8d3bc99c24

-> FIXED
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED

    
    

    
  
we're hitting this on the branch. I think we should take it.
Flags: wanted1.9.1+

    
    

    
  
The patch applies cleanly to 1.9.1

    
  

        Attachment #363962 -
        Flags: approval1.9.1+

          You need to log in
          before you can comment on or make changes to this bug.