As a security precaution, we have turned on the setting "Require API key authentication for API requests" for everyone. If this has broken something, please contact
Last Comment Bug 679618 - uninitialized memory in gfx/2d/SourceSurfaceCG.cpp
: uninitialized memory in gfx/2d/SourceSurfaceCG.cpp
Product: Core
Classification: Components
Component: Graphics (show other bugs)
: Trunk
: All All
: -- normal (vote)
: mozilla9
Assigned To: Atul Aggarwal
: Milan Sreckovic [:milan]
Depends on:
Blocks: cppcheck
  Show dependency treegraph
Reported: 2011-08-17 00:09 PDT by David Volgyes
Modified: 2011-09-02 21:42 PDT (History)
5 users (show)
emorley: in‑testsuite-
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---

v1 patch to swap data and aData variable. (716 bytes, patch)
2011-08-28 06:24 PDT, Atul Aggarwal
jmuizelaar: review+
Details | Diff | Splinter Review

Description User image David Volgyes 2011-08-17 00:09:39 PDT
User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:6.0) Gecko/20100101 Firefox/6.0
Build ID: 20110812233755

Steps to reproduce:

cppcheck found this uninitialized memory problem in the code.

Actual results:

in gfx/2d/SourceSurfaceCG.cpp in InitFromData(...) at line #113:

  void *data = malloc(aStride * aSize.height);
  memcpy(aData, data, aStride * aSize.height);

Well, the problem is that:
if you would like copy from data to aData, then data is uninitialized.
(Use calloc, or a memset befopre the copy, etc.)
If you would like copy from aData to data, then the order is wrong.

Expected results:

Fix this uninitialized data problem.
Comment 1 User image Josh Matthews [:jdm] 2011-08-17 08:00:43 PDT
This is supposed to read memcpy(data, aData, aStride * aSize.height). Is this code actually used? I am amazed this hasn't been noticed before.
Comment 2 User image Atul Aggarwal 2011-08-28 06:24:06 PDT
Created attachment 556387 [details] [diff] [review]
v1 patch to swap data and aData variable.

This is my patch to mozilla. Please let me know if I am missing something.
Comment 3 User image Bas Schouten (:bas.schouten) 2011-08-28 13:25:44 PDT
This code is not actually used at this point. As a matter of fact, it isn't even compiled, and it wouldn't compile if you tried to compile it :).
Comment 4 User image Ed Morley [:emorley] 2011-08-31 05:05:31 PDT
In my queue :-)
Comment 6 User image Ed Morley [:emorley] 2011-09-01 01:32:30 PDT

Thanks Atul :-)
Comment 7 User image Tobias (:Tobbi) Markus 2011-09-02 21:42:18 PDT
Clearing good first bug status to get this off the good first bug buglist!

Note You need to log in before you can comment on or make changes to this bug.