481945 - UMR [@ GetTrackAttributes] -- nsNativeThemeCocoa::GetMinimumWidgetSize sends uninitialized stack values to DataEngine::GetTrackPartBounds

Status: RESOLVED FIXED

(Core :: Widget: Cocoa, defect)

Description

[Jesse Ruderman]

1. Install Valgrind as described at http://blog.mozilla.com/nnethercote/2009/01/18/me-valgrind-and-mac-os-x/
2. valgrind --track-origins=yes ~/central/opt-obj/dist/Minefield.app/Contents/MacOS/firefox-bin file:///Users/jruderman/central/layout/forms/crashtests/393656-1.xhtml

==5716== Conditional jump or move depends on uninitialised value(s)
==5716==    at 0x39473E1: GetTrackAttributes(HIThemeTrackDrawInfo const*, unsigned char, unsigned char, unsigned char, long*, unsigned long*) (in /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox)
==5716==    by 0x3946F48: SetupTrackData(short, HIThemeTrackDrawInfo const*, CGRect const*, float, unsigned char, unsigned char, ThemeTrackDrawParams*) (in /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox)
==5716==    by 0x3A5ADCD: DataEngine::GetTrackPartBounds(HIThemeTrackDrawInfo const*, short, CGRect*) (in /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox)
==5716==    by 0x1D24341: nsNativeThemeCocoa::GetMinimumWidgetSize(nsIRenderingContext*, nsIFrame*, unsigned char, nsIntSize*, int*) (in /Users/jruderman/central/opt-obj/toolkit/library/XUL)
==5716==    by 0x16F8778: nsIFrame::AddCSSMinSize(nsBoxLayoutState&, nsIFrame*, nsSize&) (in /Users/jruderman/central/opt-obj/toolkit/library/XUL)
==5716==    by 0x16FA068: nsBoxFrame::GetMinSize(nsBoxLayoutState&) (in /Users/jruderman/central/opt-obj/toolkit/library/XUL)
==5716==    by 0x16FA41A: nsBoxFrame::GetPrefSize(nsBoxLayoutState&) (in /Users/jruderman/central/opt-obj/toolkit/library/XUL)
==5716==    by 0x16FE578: nsSprocketLayout::GetPrefSize(nsIFrame*, nsBoxLayoutState&) (in /Users/jruderman/central/opt-obj/toolkit/library/XUL)
==5716==    by 0x16FA3D6: nsBoxFrame::GetPrefSize(nsBoxLayoutState&) (in /Users/jruderman/central/opt-obj/toolkit/library/XUL)
==5716==    by 0x17011FC: nsSliderFrame::GetPrefSize(nsBoxLayoutState&) (in /Users/jruderman/central/opt-obj/toolkit/library/XUL)
==5716==    by 0x16FE0C7: nsSprocketLayout::PopulateBoxSizes(nsIFrame*, nsBoxLayoutState&, nsBoxSize*&, nsComputedBoxSize*&, int&, int&, int&) (in /Users/jruderman/central/opt-obj/toolkit/library/XUL)
==5716==    by 0x16FCDA2: nsSprocketLayout::Layout(nsIFrame*, nsBoxLayoutState&) (in /Users/jruderman/central/opt-obj/toolkit/library/XUL)
==5716==  Uninitialised value was created by a stack allocation
==5716==    at 0x1D23C73: nsNativeThemeCocoa::GetMinimumWidgetSize(nsIRenderingContext*, nsIFrame*, unsigned char, nsIntSize*, int*) (in /Users/jruderman/central/opt-obj/toolkit/library/XUL)

Comment 1

[Steven Michaud [:smichaud] (Retired)]

Attachment: Fix

This seems to fix the problem (in my tests with valgrind).

Comment 2

[Josh Aas]

Comment on attachment 366334 [details] [diff] [review]
Fix

no need for the comment on the end of the line

Comment 3

[Steven Michaud [:smichaud] (Retired)]

> no need for the comment on the end of the line

I'll get rid of it when I land the patch.

Comment 4

[Steven Michaud [:smichaud] (Retired)]

Landed on trunk (without the comment):
http://hg.mozilla.org/mozilla-central/rev/f56998dc5c05