Closed Bug 571823 Opened 14 years ago Closed 14 years ago

UMR [@ nsHTMLSelectOptionAccessible::GetStateInternal]

Categories

(Core :: Disability Access APIs, defect)

Product:
Core
Component:
Disability Access APIs
Platform:
x86_64
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: jruderman, Assigned: davidb)

References

Details

(Keywords: testcase, valgrind)

Attachments

(3 files, 2 obsolete files)

testcase (requires accessibility service to be enabled)
275 bytes, application/xhtml+xml
Details
details from valgrind (--num-callers=50 --track-origins=yes)
5.04 KB, text/plain
Details
patch 2
2.62 KB, patch
surkov
: review+
Details | Diff | Splinter Review 
1. Run Firefox under Valgrind.

2. Enable accessibility, e.g. by pasting the following into the js console
   Components.classes["@mozilla.org/accessibilityService;1"]
     .getService(Components.interfaces.nsIAccessibleRetrieval);

3. Load the testcase

Result: Valgrind complains of a UMR [@ nsHTMLSelectOptionAccessible::GetStateInternal]

Looks like GetStateInternal expects nsHTMLSelectOptionAccessible::GetSelectState to always set its out-params, and that isn't happening in this case.
Attached patch reflex WIP (obsolete) — Splinter Review 
Assignee: nobody → bolterbugz

        Attachment #451106 -
        Flags: feedback?(jruderman)

    
  

        Attachment #451106 -
        Flags: feedback?(jruderman) → feedback+

    
    

    
  
Comment on attachment 451106 [details] [diff] [review]
reflex WIP

This patch fixes the Valgrind warning for me :)

    
    

    
  
Please initialize local variables passed into GetSelectState.

    
    

    
  

      
      
      
      

        Attached patch
          
          
        patch (obsolete)
        — Splinter Review
      

    


  
This patch makes it clear that we expect these args to be init to 0. Also fixed a typo while I'm here.

        Attachment #451106 -
        Attachment is obsolete: true

        Attachment #451286 -
        Flags: review?(surkov.alexander)

    
    

    
  
Comment on attachment 451286 [details] [diff] [review]
patch


> nsIFrame* nsHTMLSelectOptionAccessible::GetBoundsFrame()
> {
>-  PRUint32 state;
>+  PRUint32 state = 0;
>   nsCOMPtr<nsIContent> content = GetSelectState(&state);
> 
> nsIContent* nsHTMLSelectOptionAccessible::GetSelectState(PRUint32* aState,
>                                                          PRUint32* aExtraState)
> {
>+  *aState = *aExtraState = 0;

this is a crash

    
    

    
  
> this is a crash

Why?

    
    

    
  
It didn't crash for me when I tried it last night.

    
    

    
  
because aExtraState is null in the case of GetBoundsFrame().

    
    

    
  
(In reply to comment #8)
> It didn't crash for me when I tried it last night.

probably you didn't trigger this code.

    
    

    
  

      
      
      
      

        Attached patch
          
          
        patch 2Splinter Review
      

    


  

        Attachment #451286 -
        Attachment is obsolete: true

        Attachment #451297 -
        Flags: review?(surkov.alexander)

        Attachment #451286 -
        Flags: review?(surkov.alexander)

        Attachment #451297 -
        Flags: review?(surkov.alexander) → review+

    
    

    
  
http://hg.mozilla.org/mozilla-central/rev/b24c59785359
(Thanks guys)
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: