Closed Bug 527437 Opened 15 years ago Closed 15 years ago

Opening from local file system cause Valgrind Conditional jump or move depends on uninitialised value(s)

Categories

(Core :: Networking: Cookies, defect)

Product:
Core
Component:
Networking: Cookies
Version:
1.9.2 Branch
Platform:
Other
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 526789

People

(Reporter: romaxa, Unassigned)

References

(
URL
)

Details

Attachments

(2 files)

Possible fix
631 bytes, patch
dwitte
: review-
Details | Diff | Splinter Review
Maps simple test page
1.12 KB, text/html
Details
Attached patch Possible fixSplinter Review 
==25070== Conditional jump or move depends on uninitialised value(s)
==25070==    at 0x40219FD: index (in /targets/fr2009x86/usr/lib/valgrind/x86-linux/vgpreload_memcheck.so)
==25070==    by 0x4AACC57: nsCookieService::GetCookieInternal(nsIURI*, nsIChannel*, int, char**) (nsCookieService.cpp:1325)
==25070==    by 0x4AAD14C: nsCookieService::GetCookieString(nsIURI*, nsIChannel*, char**) (nsCookieService.cpp:723)
==25070==    by 0x4E1A79A: nsHTMLDocument::GetCookie(nsAString_internal&) (nsHTMLDocument.cpp:1758)
==25070==    by 0x49F81D0: nsIDOMHTMLDocument_GetCookie(JSContext*, JSObject*, int, int*) (dom_quickstubs.cpp:10239)
==25070==    by 0x565E9F6: js_NativeGet (jsscope.h:603)
==25070==    by 0x565FBE4: js_GetPropertyHelper (jsobj.cpp:4270)
==25070==    by 0x5642ADA: js_Interpret (jsops.cpp:1518)
==25070==    by 0x56519F7: js_Invoke (jsinterp.cpp:1368)
==25070==    by 0x563A9EB: js_fun_call (jsfun.cpp:1948)
==25070==    by 0x564ADB8: js_Interpret (jsops.cpp:2208)
==25070==    by 0x5650DC0: js_Execute (jsinterp.cpp:1601)
==25070==    by 0x560806B: JS_EvaluateUCScriptForPrincipals (jsapi.cpp:5108)
==25070==    by 0x4E797B2: nsJSContext::EvaluateString(nsAString_internal const&, void*, nsIPrincipal*, char const*, unsigned int, u
==25070==    by 0x4D5480B: nsScriptLoader::EvaluateScript(nsScriptLoadRequest*, nsString const&) (nsScriptLoader.cpp:690)
==25070==    by 0x4D5516F: nsScriptLoader::ProcessRequest(nsScriptLoadRequest*) (nsScriptLoader.cpp:604)
==25070==    by 0x4D5578E: nsScriptLoader::ProcessPendingRequests() (nsScriptLoader.cpp:744)
==25070==    by 0x4D55980: nsScriptLoader::OnStreamComplete(nsIStreamLoader*, nsISupports*, unsigned int, unsigned int, unsigned cha
==25070==    by 0x4A42778: nsStreamLoader::OnStopRequest(nsIRequest*, nsISupports*, unsigned int) (nsStreamLoader.cpp:127)
==25070==    by 0x4A55C9D: nsHTTPCompressConv::OnStopRequest(nsIRequest*, nsISupports*, unsigned int) (nsHTTPCompressConv.cpp:127)
==25070==    by 0x4A4222E: nsStreamListenerTee::OnStopRequest(nsIRequest*, nsISupports*, unsigned int) (nsStreamListenerTee.cpp:65)
==25070==    by 0x4A9981F: nsHttpChannel::OnStopRequest(nsIRequest*, nsISupports*, unsigned int) (nsHttpChannel.cpp:5255)
==25070==    by 0x4A28C44: nsInputStreamPump::OnStateStop() (nsInputStreamPump.cpp:576)
==25070==    by 0x4A29748: nsInputStreamPump::OnInputStreamReady(nsIAsyncInputStream*) (nsInputStreamPump.cpp:401)
==25070==    by 0x530C911: nsInputStreamReadyEvent::Run() (nsStreamUtils.cpp:112)
==25070==    by 0x5320571: nsThread::ProcessNextEvent(int, int*) (nsThread.cpp:527)
==25070==    by 0x52E938C: NS_ProcessPendingEvents_P(nsIThread*, unsigned int) (nsThreadUtils.cpp:189)
==25070==    by 0x52AC6DE: nsBaseAppShell::NativeEventCallback() (nsBaseAppShell.cpp:121)
==25070==    by 0x52A26D8: nsAppShell::EventProcessorCallback(_GIOChannel*, GIOCondition, void*) (nsAppShell.cpp:71)
==25070==    by 0x41336C6: g_io_unix_dispatch (giounix.c:162)
==25070==    by 0x40FEE3B: g_main_context_dispatch (gmain.c:1836)
==25070==    by 0x41023C4: g_main_context_iterate (gmain.c:2467)
==25070==    by 0x41026B7: g_main_loop_run (gmain.c:2675)
Attachment #411165 - Flags: review?(cbiesinger)
Attached file Maps simple test page 

        Attachment #411165 -
        Flags: review?(cbiesinger) → review?(dwitte)

    
    

    
  
Comment on attachment 411165 [details] [diff] [review]
Possible fix

let me pass this one on to dwitte :)

    
    

    
  
Comment on attachment 411165 [details] [diff] [review]
Possible fix

Interesting how three people have independently found the same bug within the last five days. And it's been around for a while!

>+  const char *nextDot = hostFromURI.Length() > 1 ? currentDot + 1 : nsnull;

The existing code kinda assumes the invariant that we never get passed an empty host. Which is false in this case for file:// URI's, and false in other parts of the code where we get passed an empty host string directly via API. We should enforce non-empty host as a precondition instead. Let's move this to bug 526789, and I'll whip up a patch to cover all the instances.

        Attachment #411165 -
        Flags: review?(dwitte) → review-

    
  
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → DUPLICATE

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: