499704 - UMR [@ nsCookieService::GetCookieInternal]

Status: RESOLVED INACTIVE

(Core :: Networking: Cookies, defect, P3)

Description

[Jesse Ruderman]

Attachment: testcase

To install Valgrind trunk on Mac: http://valgrind.org/downloads/repository.html

valgrind --track-origins=yes --auto-run-dsymutil=yes ~/central/debug-obj/dist/MinefieldDebug.app/Contents/MacOS/firefox-bin -P vgrind ckie2.html

My "vgrind" Firefox profile has JIT and history disabled, fwiw.

Conditional jump or move depends on uninitialised value(s)
   at 0x14A6F: strchr (mc_replace_strmem.c:140)
   by 0x71AA653: nsCookieService::GetCookieInternal(nsIURI*, nsIChannel*, int, char**) (nsCookieService.cpp:1284)
   by 0x71AAB8B: nsCookieService::GetCookieString(nsIURI*, nsIChannel*, char**) (nsCookieService.cpp:686)
   by 0x21F8D31D: nsHTMLDocument::GetCookie(nsAString_internal&) (nsHTMLDocument.cpp:1737)
   by 0x6EDCD8F: nsIDOMHTMLDocument_GetCookie(JSContext*, JSObject*, long, long*) (dom_quickstubs.cpp:9177)
   by 0x30F11B: js_GetSprop (jsscope.h:379)
   by 0x31BB58: js_NativeGet (jsobj.cpp:4165)
   by 0x31CD27: js_GetPropertyHelper (jsobj.cpp:4331)
   by 0x2E53B4: js_Interpret (jsinterp.cpp:4481)
   by 0x30047C: js_Execute (jsinterp.cpp:1629)
   by 0x27F216: JS_EvaluateUCScriptForPrincipals (jsapi.cpp:5155)
   by 0x220A6A5C: nsJSContext::EvaluateString(nsAString_internal const&, void*, nsIPrincipal*, char const*, unsigned int, unsigned int, nsAString_internal*, int*) (nsJSEnvironment.cpp:1680)
 Uninitialised value was created by a stack allocation
   at 0x71AA08E: nsCookieService::GetCookieInternal(nsIURI*, nsIChannel*, int, char**) (nsCookieService.cpp:1181)

Comment 1

[Firefox Bug Husbandry Bot]

Bulk change to priority: https://bugzilla.mozilla.org/show_bug.cgi?id=1399258

Comment 2

[Firefox Bug Husbandry Bot]

Bulk change to priority: https://bugzilla.mozilla.org/show_bug.cgi?id=1399258

Comment 3

[Andrea Marchesini [:baku]]

I close this bug for inactivity. The cookie code has changed a lot in the last 11 years.