Closed Bug 493602 Opened 17 years ago Closed 17 years ago

UMR when clicking history menu

Categories

(Firefox :: Bookmarks & History, defect)

Product:
Firefox
Component:
Bookmarks & History
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
Firefox 3.6a1

People

(Reporter: sayrer, Assigned: sdwilsh)

References

Details

Attachments

(1 file)

v1.0
1.03 KB, patch
mak
: review+
Details | Diff | Splinter Review
==58681== Conditional jump or move depends on uninitialised value(s) ==58681== at 0x613AA: dosprintf (in /Users/sayrer/dev/clean-debug-tracemonkey/nsprpub/pr/src/libnspr4.dylib) ==58681== by 0x61D94: PR_vsnprintf (in /Users/sayrer/dev/clean-debug-tracemonkey/nsprpub/pr/src/libnspr4.dylib) ==58681== by 0x3D44D85: nsPrintfCString::nsPrintfCString(unsigned int, char const*, ...) (in /Users/sayrer/dev/clean-debug-tracemonkey/toolkit/library/XUL) ==58681== by 0x3B4789A: nsNavHistory::ConstructQueryString(nsCOMArray<nsNavHistoryQuery> const&, nsNavHistoryQueryOptions*, nsCString&, int&, nsDataHashtable<nsCStringHashKey, nsCString>&) (in /Users/sayrer/dev/clean-debug-tracemonkey/toolkit/library/XUL) ==58681== by 0x3B4B67E: nsNavHistory::GetQueryResults(nsNavHistoryQueryResultNode*, nsCOMArray<nsNavHistoryQuery> const&, nsNavHistoryQueryOptions*, nsCOMArray<nsNavHistoryResultNode>*) (in /Users/sayrer/dev/clean-debug-tracemonkey/toolkit/library/XUL) ==58681== by 0x3B6F406: nsNavHistoryQueryResultNode::FillChildren() (in /Users/sayrer/dev/clean-debug-tracemonkey/toolkit/library/XUL) ==58681== by 0x3B7061C: nsNavHistoryQueryResultNode::OpenContainer() (in /Users/sayrer/dev/clean-debug-tracemonkey/toolkit/library/XUL) ==58681== by 0x3B690BA: nsNavHistoryContainerResultNode::SetContainerOpen(int) (in /Users/sayrer/dev/clean-debug-tracemonkey/toolkit/library/XUL) ==58681== by 0x3B76489: nsNavHistoryQueryResultNode::SetContainerOpen(int) (in /Users/sayrer/dev/clean-debug-tracemonkey/toolkit/library/XUL) ==58681== by 0x3D2D070: NS_InvokeByIndex_P (in /Users/sayrer/dev/clean-debug-tracemonkey/toolkit/library/XUL) ==58681== by 0x2CC4343: XPCWrappedNative::CallMethod(XPCCallContext&, XPCWrappedNative::CallMode) (in /Users/sayrer/dev/clean-debug-tracemonkey/toolkit/library/XUL) ==58681== by 0x2CD3AA6: XPCWrappedNative::SetAttribute(XPCCallContext&) (in /Users/sayrer/dev/clean-debug-tracemonkey/toolkit/library/XUL) ==58681== Uninitialised value was created by a stack allocation ==58681== at 0x3B471E0: nsNavHistory::ConstructQueryString(nsCOMArray<nsNavHistoryQuery> const&, nsNavHistoryQueryOptions*, nsCString&, int&, nsDataHashtable<nsCStringHashKey, nsCString>&) (in /Users/sayrer/dev/clean-debug-tracemonkey/toolkit/library/XUL)
Flags: blocking-firefox3.5?
Looks like something we should fix, D?
(In reply to comment #1) > Looks like something we should fix, D? Yes, yes we should. We should probably block on it in fact.
tentatively assigning to Shawn, reassign if you can't look at it.
Assignee: nobody → sdwilsh
Flags: blocking-firefox3.5? → blocking-firefox3.5+
So, this is complaining that something in ConstructQueryString is allocated on the stack, and not being initialized, and then being passed to nsPrintfCString, right? If so, I think this may be bogus. All calls to nsPrintfCString use literal strings and numerical constants in this method, so I don't so how we could have anything uninitialized.
Copying nick -- I'm not sure what it's telling us either, tbh.
I looked at the code but was unable to see what the problem could be. However, Valgrind's undefined value warnings are generally very reliable. And Valgrind does analyze at the binary level, not source code level, so it's conceivable something is wrong even though the C++ looks ok. I suggest trying to hunt down the problem with the VALGRIND_CHECK_MEM_IS_DEFINED or VALGRIND_CHECK_VALUE_IS_DEFINED client requests. It may be useful to put some of the arguments to nsPrintfCString() in temporary variables in order to check them. This is a bit laborious, as it requires recompiling, but it's the best way to investigate further.
With line numbers: ==22136== Conditional jump or move depends on uninitialised value(s) ==22136== at 0x4FFBFF1: dosprintf (in /home/sdwilsh/central/obj-i686-pc-linux-gnu/nsprpub/pr/src/libnspr4.so) ==22136== by 0x4FFCCD0: PR_vsnprintf (in /home/sdwilsh/central/obj-i686-pc-linux-gnu/nsprpub/pr/src/libnspr4.so) ==22136== by 0x4BC8F7E: nsPrintfCString::nsPrintfCString(unsigned, char const*, ...) (nsPrintfCString.cpp:81) ==22136== by 0x4A699EA: nsNavHistory::ConstructQueryString(nsCOMArray<nsNavHistoryQuery> const&, nsNavHistoryQueryOptions*, nsCString&, int&, nsDataHashtable<nsCStringHashKey, nsCString>&) (nsNavHistory.cpp:4088) ==22136== by 0x4A69AD3: nsNavHistory::GetQueryResults(nsNavHistoryQueryResultNode*, nsCOMArray<nsNavHistoryQuery> const&, nsNavHistoryQueryOptions*, nsCOMArray<nsNavHistoryResultNode>*) (nsNavHistory.cpp:4171) ==22136== by 0x4A7C09C: nsNavHistoryQueryResultNode::FillChildren() (nsNavHistoryResult.cpp:2370) ==22136== by 0x4A7C797: nsNavHistoryQueryResultNode::OpenContainer() (nsNavHistoryResult.cpp:2153) ==22136== by 0x4A77E6B: nsNavHistoryContainerResultNode::SetContainerOpen(int) (nsNavHistoryResult.cpp:449) ==22136== by 0x4BBDA72: NS_InvokeByIndex_P (in /home/sdwilsh/central/obj-i686-pc-linux-gnu/toolkit/library/libxul.so) ==22136== by 0x424CDFA: XPCWrappedNative::CallMethod(XPCCallContext&, XPCWrappedNative::CallMode) (xpcwrappednative.cpp:2474) ==22136== by 0x4255713: XPCWrappedNative::SetAttribute(XPCCallContext&) (xpcprivate.h:2318) ==22136== by 0x4254E42: XPC_WN_GetterSetter(JSContext*, JSObject*, unsigned, int*, int*) (xpcwrappednativejsops.cpp:1614)
Oh, I think I see what this is. I don't think we are passing enough arguments here...
yup, this is a regression from bug 487777. Fix RSN.
Blocks: 487777
Attached patch v1.0Splinter Review
Attachment #378643 - Flags: review?(mak77)
Whiteboard: [needs review mak]
Comment on attachment 378643 [details] [diff] [review] v1.0 i guess if we could file a bug to make so that nsPrintfCString does not compile or warns in these cases. At least in debug mode.
Attachment #378643 - Flags: review?(mak77) → review+
I filed bug 493996 for a static analysis.
Whiteboard: [needs review mak] → [can land]
http://hg.mozilla.org/mozilla-central/rev/f011cb3929c7
Status: NEW → RESOLVED
Closed: 17 years ago
Flags: in-testsuite-
Flags: in-litmus-
OS: Mac OS X → All
Hardware: x86 → All
Resolution: --- → FIXED
Whiteboard: [can land]
Target Milestone: --- → Firefox 3.6a1
Version: unspecified → Trunk
So, this doesn't actually exist on branch, so I'm removing the blocking bits...
Flags: blocking-firefox3.5+
Could GCC's 'format' attribute be used? It's used once in js/src/jsregexp.cpp, on re_debug().
(In reply to comment #15) > Could GCC's 'format' attribute be used? It's used once in js/src/jsregexp.cpp, > on re_debug(). See the spinoff bug 493996.
Bug 451915 - move Firefox/Places bugs to Firefox/Bookmarks and History. Remove all bugspam from this move by filtering for the string "places-to-b-and-h". In Thunderbird 3.0b, you do that as follows: Tools | Message Filters Make sure the correct account is selected. Click "New" Conditions: Body contains places-to-b-and-h Change the action to "Delete Message". Select "Manually Run" from the dropdown at the top. Click OK. Select the filter in the list, make sure "Inbox" is selected at the bottom, and click "Run Now". This should delete all the bugspam. You can then delete the filter. Gerv
Component: Places → Bookmarks & History
QA Contact: places → bookmarks
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: