Closed Bug 527437 Opened 16 years ago Closed 16 years ago

Opening from local file system cause Valgrind Conditional jump or move depends on uninitialised value(s)

Categories

(Core :: Networking: Cookies, defect)

Product:
Core
Component:
Networking: Cookies
Version:
1.9.2 Branch
Platform:
Other
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 526789

People

(Reporter: romaxa, Unassigned)

References

(
URL
)

Details

Attachments

(2 files)

Possible fix
631 bytes, patch
dwitte
: review-
Details | Diff | Splinter Review
Maps simple test page
1.12 KB, text/html
Details
Attached patch Possible fixSplinter Review
==25070== Conditional jump or move depends on uninitialised value(s) ==25070== at 0x40219FD: index (in /targets/fr2009x86/usr/lib/valgrind/x86-linux/vgpreload_memcheck.so) ==25070== by 0x4AACC57: nsCookieService::GetCookieInternal(nsIURI*, nsIChannel*, int, char**) (nsCookieService.cpp:1325) ==25070== by 0x4AAD14C: nsCookieService::GetCookieString(nsIURI*, nsIChannel*, char**) (nsCookieService.cpp:723) ==25070== by 0x4E1A79A: nsHTMLDocument::GetCookie(nsAString_internal&) (nsHTMLDocument.cpp:1758) ==25070== by 0x49F81D0: nsIDOMHTMLDocument_GetCookie(JSContext*, JSObject*, int, int*) (dom_quickstubs.cpp:10239) ==25070== by 0x565E9F6: js_NativeGet (jsscope.h:603) ==25070== by 0x565FBE4: js_GetPropertyHelper (jsobj.cpp:4270) ==25070== by 0x5642ADA: js_Interpret (jsops.cpp:1518) ==25070== by 0x56519F7: js_Invoke (jsinterp.cpp:1368) ==25070== by 0x563A9EB: js_fun_call (jsfun.cpp:1948) ==25070== by 0x564ADB8: js_Interpret (jsops.cpp:2208) ==25070== by 0x5650DC0: js_Execute (jsinterp.cpp:1601) ==25070== by 0x560806B: JS_EvaluateUCScriptForPrincipals (jsapi.cpp:5108) ==25070== by 0x4E797B2: nsJSContext::EvaluateString(nsAString_internal const&, void*, nsIPrincipal*, char const*, unsigned int, u ==25070== by 0x4D5480B: nsScriptLoader::EvaluateScript(nsScriptLoadRequest*, nsString const&) (nsScriptLoader.cpp:690) ==25070== by 0x4D5516F: nsScriptLoader::ProcessRequest(nsScriptLoadRequest*) (nsScriptLoader.cpp:604) ==25070== by 0x4D5578E: nsScriptLoader::ProcessPendingRequests() (nsScriptLoader.cpp:744) ==25070== by 0x4D55980: nsScriptLoader::OnStreamComplete(nsIStreamLoader*, nsISupports*, unsigned int, unsigned int, unsigned cha ==25070== by 0x4A42778: nsStreamLoader::OnStopRequest(nsIRequest*, nsISupports*, unsigned int) (nsStreamLoader.cpp:127) ==25070== by 0x4A55C9D: nsHTTPCompressConv::OnStopRequest(nsIRequest*, nsISupports*, unsigned int) (nsHTTPCompressConv.cpp:127) ==25070== by 0x4A4222E: nsStreamListenerTee::OnStopRequest(nsIRequest*, nsISupports*, unsigned int) (nsStreamListenerTee.cpp:65) ==25070== by 0x4A9981F: nsHttpChannel::OnStopRequest(nsIRequest*, nsISupports*, unsigned int) (nsHttpChannel.cpp:5255) ==25070== by 0x4A28C44: nsInputStreamPump::OnStateStop() (nsInputStreamPump.cpp:576) ==25070== by 0x4A29748: nsInputStreamPump::OnInputStreamReady(nsIAsyncInputStream*) (nsInputStreamPump.cpp:401) ==25070== by 0x530C911: nsInputStreamReadyEvent::Run() (nsStreamUtils.cpp:112) ==25070== by 0x5320571: nsThread::ProcessNextEvent(int, int*) (nsThread.cpp:527) ==25070== by 0x52E938C: NS_ProcessPendingEvents_P(nsIThread*, unsigned int) (nsThreadUtils.cpp:189) ==25070== by 0x52AC6DE: nsBaseAppShell::NativeEventCallback() (nsBaseAppShell.cpp:121) ==25070== by 0x52A26D8: nsAppShell::EventProcessorCallback(_GIOChannel*, GIOCondition, void*) (nsAppShell.cpp:71) ==25070== by 0x41336C6: g_io_unix_dispatch (giounix.c:162) ==25070== by 0x40FEE3B: g_main_context_dispatch (gmain.c:1836) ==25070== by 0x41023C4: g_main_context_iterate (gmain.c:2467) ==25070== by 0x41026B7: g_main_loop_run (gmain.c:2675)
Attachment #411165 - Flags: review?(cbiesinger)
Attached file Maps simple test page
Attachment #411165 - Flags: review?(cbiesinger) → review?(dwitte)
Comment on attachment 411165 [details] [diff] [review] Possible fix let me pass this one on to dwitte :)
Comment on attachment 411165 [details] [diff] [review] Possible fix Interesting how three people have independently found the same bug within the last five days. And it's been around for a while! >+ const char *nextDot = hostFromURI.Length() > 1 ? currentDot + 1 : nsnull; The existing code kinda assumes the invariant that we never get passed an empty host. Which is false in this case for file:// URI's, and false in other parts of the code where we get passed an empty host string directly via API. We should enforce non-empty host as a precondition instead. Let's move this to bug 526789, and I'll whip up a patch to cover all the instances.
Attachment #411165 - Flags: review?(dwitte) → review-
Status: NEW → RESOLVED
Closed: 16 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: