Closed Bug 494103 Opened 15 years ago Closed 15 years ago

nsXMLContentSerializer UMR during update.mar tests

Categories

(Core :: XML, defect)

Product:
Core
Component:
XML
Platform:
x86
macOS
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla1.9.2a1

People

(Reporter: sayrer, Assigned: laurent)

References

Details

Attachments

(2 files)

valgrind log
4.73 KB, text/plain
Details
the patch [Checkin: Comment 11]
3.04 KB, patch
peterv
: review+
peterv
: superreview+
Details | Diff | Splinter Review
Attached file valgrind log 
      No description provided.
Flags: blocking1.9.1?
Gents: can we get some quick eyes on this?
I think the relevant code is this:

1004   PRBool forceFormat, outputElementEnd;
1005   outputElementEnd = CheckElementEnd(content, forceFormat, aStr);
1006 
1007   nsIAtom *name = content->Tag();
1008 
1009   if ((mDoFormat || forceFormat) && !mPreLevel && !mDoRaw) {
1010     DecrIndentation(name);
1011   }
1012 
1013   if (!outputElementEnd) {
1014     PopNameSpaceDeclsFor(aElement);
1015     MaybeFlagNewlineForRootNode(aElement);
1016     return NS_OK;
1017   }

checkElementEnd doesn't set forceFormat if it returns false.  So if !outputElementEnd, then forceFormat is garbage.  The UMR will only happen if !mDoFormat, of course.

This code is newly added in bug 422403, which didn't land on branch.  So if I'm right that this is the UMR, no need to block 1.9.1 on it.

Laurent, can you check what the desired code flow is here?
Blocks: 422403
Flags: blocking1.9.2?
Not blocking 3.5 as per comment 2; sayrer, were you evaluating against trunk or branch? If branch, please renominate!
Flags: blocking1.9.1? → blocking1.9.1-
Against TM, if I read the log right.  Good call.
I will check this issue this week-end. However, I don't understand what shows the valgrind log. And what does "UMR" mean ? :-)
Uninitialized Memory Read.

Valgrind is saying that the program is choosing the result of a conditional (if statement etc) based on initialized data. A simple case is this:

PRBool foo; 

if (foo) { // <-- foo is not initialized
  ...
}

In mozilla code, what usually happens is this:

PRBool foo; 
nsresult rv = DoSomething(&foo);

/* forget to check rv */

if (foo) { // <-- foo is not initialized if rv is a failure code
  ...
}
Ok I see what append. Thanks Robert.
Status: NEW → ASSIGNED
This patch initializes the "forceFormat" variables.
Assignee: nobody → laurent
Attachment #379324 - Flags: review?(Olli.Pettay)
Attachment #379324 - Flags: superreview+
Attachment #379324 - Flags: review?(Olli.Pettay)
Attachment #379324 - Flags: review+
Attachment #379324 - Flags: approval1.9.1?
Comment on attachment 379324 [details] [diff] [review]
the patch
[Checkin: Comment 11]

I don't think there's a need to init the forceFormat vars. Either way, r/sr=me.
Attachment #379324 - Flags: approval1.9.1?
Comment on attachment 379324 [details] [diff] [review]
the patch
[Checkin: Comment 11]

this patch is only for mozilla-central. This problem doesn't appear in 1.9.1 branch (at least, not for this variables since they don't exist in 1.9.1)
Keywords: checkin-needed
Whiteboard: [c-n: to m-c (only) after m-1.9.1 freeze]
Version: unspecified → Trunk
Comment on attachment 379324 [details] [diff] [review]
the patch
[Checkin: Comment 11]


http://hg.mozilla.org/mozilla-central/rev/d9c96ff8b5ba
Attachment #379324 - Attachment description: the patch → the patch [Checkin: Comment 11]
Status: ASSIGNED → RESOLVED
Closed: 15 years ago
Flags: blocking1.9.2? → in-testsuite-
Keywords: checkin-needed
Resolution: --- → FIXED
Whiteboard: [c-n: to m-c (only) after m-1.9.1 freeze]
Target Milestone: --- → mozilla1.9.2a1
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: