Closed Bug 4836 Opened 21 years ago Closed 21 years ago

UMR: nsBlockFrame::ComputeLineMaxElementSize()

Categories

(Core :: Layout, defect, P1, critical)

Sun
Solaris
defect

Tracking

()

VERIFIED FIXED

People

(Reporter: bruce, Assigned: buster)

References

()

Details

Pull/build from April 8, 1999. Solaris 2.6, gcc 2.7.2.3, Purify. Going to the
given URL will cause this to happen many many times.  Might be related to bug
#1431. cc'ing karnaze as he owns bug #1431.

****  Purify instrumented ./apprunner.pure (pid 10892)  ****
UMR: Uninitialized memory read (15 times):
  * This is occurring while in:

nsBlockFrame::ComputeLineMaxElementSize(nsBlockReflowState&,nsLineBox*,nsSize*)
[nsBlockFrame.cpp:3290]
        nsBlockFrame::ReflowBlockFrame(nsBlockReflowState&,nsLineBox*,int*)
[nsBlockFrame.cpp:2617]
        nsBlockFrame::ReflowLine(nsBlockReflowState&,nsLineBox*,int*)
[nsBlockFrame.cpp:1961]
        nsBlockFrame::ReflowDirtyLines(nsBlockReflowState&)
[nsBlockFrame.cpp:1769]
        nsBlockFrame::Reflow(nsIPresContext&,nsHTMLReflowMetrics&,const
nsHTMLReflowState&,unsigned int&) [nsBlockFrame.cpp:1206]
        nsBlockReflowContext::ReflowBlock(nsIFrame*,const
nsRect&,int,int,int,nsMargin&,unsigned int&) [nsBlockReflowContext.cpp:225]
        nsBlockFrame::ReflowBlockFrame(nsBlockReflowState&,nsLineBox*,int*)
[nsBlockFrame.cpp:2527]
        nsBlockFrame::ReflowLine(nsBlockReflowState&,nsLineBox*,int*)
[nsBlockFrame.cpp:1961]
        nsBlockFrame::ReflowDirtyLines(nsBlockReflowState&)
[nsBlockFrame.cpp:1769]
        nsBlockFrame::Reflow(nsIPresContext&,nsHTMLReflowMetrics&,const
nsHTMLReflowState&,unsigned int&) [nsBlockFrame.cpp:1206]
        nsBlockReflowContext::ReflowBlock(nsIFrame*,const
nsRect&,int,int,int,nsMargin&,unsigned int&) [nsBlockReflowContext.cpp:225]
        nsBlockFrame::ReflowBlockFrame(nsBlockReflowState&,nsLineBox*,int*)
[nsBlockFrame.cpp:2527]
        nsBlockFrame::ReflowLine(nsBlockReflowState&,nsLineBox*,int*)
[nsBlockFrame.cpp:1961]
        nsBlockFrame::ReflowDirtyLines(nsBlockReflowState&)
[nsBlockFrame.cpp:1769]
        nsBlockFrame::Reflow(nsIPresContext&,nsHTMLReflowMetrics&,const
nsHTMLReflowState&,unsigned int&) [nsBlockFrame.cpp:1206]
        nsAreaFrame::Reflow(nsIPresContext&,nsHTMLReflowMetrics&,const
nsHTMLReflowState&,unsigned int&) [nsAreaFrame.cpp:465]

nsContainerFrame::ReflowChild(nsIFrame*,nsIPresContext&,nsHTMLReflowMetrics&,con
st nsHTMLReflowState&,unsigned int&) [nsContainerFrame.cpp:388]
        RootFrame::Reflow(nsIPresContext&,nsHTMLReflowMetrics&,const
nsHTMLReflowState&,unsigned int&) [nsHTMLFrame.cpp:231]

nsContainerFrame::ReflowChild(nsIFrame*,nsIPresContext&,nsHTMLReflowMetrics&,con
st nsHTMLReflowState&,unsigned int&) [nsContainerFrame.cpp:388]
        ViewportFrame::Reflow(nsIPresContext&,nsHTMLReflowMetrics&,const
nsHTMLReflowState&,unsigned int&) [nsViewportFrame.cpp:432]
        nsHTMLReflowCommand::Dispatch(nsIPresContext&,nsHTMLReflowMetrics&,const
nsSize&,nsIRenderingContext&) [nsHTMLReflowCommand.cpp:165]
        PresShell::ProcessReflowCommands() [nsPresShell.cpp:1242]
        PresShell::ExitReflowLock() [nsPresShell.cpp:668]
        PresShell::ContentAppended(nsIDocument*,nsIContent*,int)
[nsPresShell.cpp:1748]
        nsDocument::ContentAppended(nsIContent*,int) [nsDocument.cpp:1456]
        nsHTMLDocument::ContentAppended(nsIContent*,int)
[nsHTMLDocument.cpp:631]
        HTMLContentSink::DidBuildModel(int) [nsHTMLContentSink.cpp:1536]
        CNavDTD::DidBuildModel(unsigned int,int,nsIParser*,nsIContentSink*)
[CNavDTD.cpp:577]
        nsParser::DidBuildModel(unsigned int) [nsParser.cpp:447]
        nsParser::ResumeParse(nsIDTD*) [nsParser.cpp:803]
  * Reading 4 bytes from 0xefff6850 on the stack.
  * Address 0xefff6850 is 240 bytes below frame pointer in function
nsBlockFrame::ReflowBlockFrame(nsBlockReflowState&,nsLineBox*,int*).

This happens because nsBlockFrame::ReflowBlockFrame() is passing it
&maxElementSize, which is calculates from the
nsBlockReflowContext.GetMaxElementSize().  the 'mMaxElementSize' value on
nsBlockReflowContext is never initialized at all that I can see.
Assignee: troy → kipp
Severity: normal → critical
Status: NEW → ASSIGNED
Priority: P3 → P1
Status: ASSIGNED → RESOLVED
Closed: 21 years ago
Resolution: --- → FIXED
Fixed as of now.
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.