Closed Bug 519498 Opened 15 years ago Closed 15 years ago

UMR in XPCWrappedNative::CallMethod

Categories

(Core :: XPConnect, defect)

Product:
Core
Component:
XPConnect
Platform:
x86
macOS
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Tracking Flags:
Tracking Status
status1.9.2 --- beta1-fixed
status1.9.1 --- .6-fixed

People

(Reporter: sayrer, Assigned: mrbkap)

Details

Attachments

(2 files)

valgrind stack
1.88 KB, patch
Details | Diff | Splinter Review
Fix
598 bytes, patch
sayrer
: review+
jst
: approval1.9.2+
dveditz
: approval1.9.1.6+
Details | Diff | Splinter Review 
looks there's no way this should happen--could be pretty bad.
Assignee: nobody → mrbkap
Attached patch valgrind stackSplinter Review 

    
    

    
  
==4856== Conditional jump or move depends on uninitialised value(s)
==4856==    at 0x52C5DCA: XPCWrappedNative::CallMethod(XPCCallContext&, XPCWrappedNative::CallMode) (xpcwrappednative.cpp:2583)
==4856==    by 0x52CACC1: XPC_WN_CallMethod(JSContext*, JSObject*, unsigned int, long*, long*) (xpcwrappednativejsops.cpp:1590)
==4856==    by 0x6565904: js_Invoke (jsinterp.cpp:1386)
==4856==    by 0x655558E: js_Interpret (jsinterp.cpp:5179)
==4856==    by 0x656441D: js_Execute (jsinterp.cpp:1622)
==4856==    by 0x652C9B4: JS_EvaluateUCScriptForPrincipals (jsapi.cpp:5145)
==4856==    by 0x652DC0B: JS_EvaluateScriptForPrincipals (jsapi.cpp:5109)
==4856==    by 0x403C17: ProcessArgs(JSContext*, JSObject*, char**, int) (xpcshell.cpp:1079)
==4856==    by 0x4043C4: main (xpcshell.cpp:1739)
==4856==  Uninitialised value was created by a stack allocation
==4856==    at 0x5B430E2: nsBinaryInputStream::ReadBoolean(int*) (nsBinaryStream.cpp:474)
==4856==

    
    

    
  

      
      
      
      

        Attached patch
          
          
        FixSplinter Review
      

    


  
This shouldn't actually affect non-valgrind builds since we don't convert the uninitialized memory to a return value and we also don't have to deallocate it.

        Attachment #403646 -
        Flags: review?(sayrer)

    
    

    
  
Comment on attachment 403646 [details] [diff] [review]
Fix

NS_ENSURE_SUCCESS?

        Attachment #403646 -
        Flags: review?(sayrer) → review+

    
    

    
  
http://hg.mozilla.org/mozilla-central/rev/cebf1a09f168
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED

    
  

        Attachment #403646 -
        Flags: approval1.9.2?

        Attachment #403646 -
        Flags: approval1.9.1.5?

        Attachment #403646 -
        Flags: approval1.9.2? → approval1.9.2+

    
    

    
  
Comment on attachment 403646 [details] [diff] [review]
Fix

Approved for 1.9.1.5, a=dveditz for release-drivers

        Attachment #403646 -
        Flags: approval1.9.1.5? → approval1.9.1.5+

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: