Closed
Bug 687982
Opened 13 years ago
Closed 13 years ago
Innocuous uninitialized value in nsBMPDecoder
Categories
(Core :: Graphics: ImageLib, defect)
Tracking
()
RESOLVED
FIXED
mozilla11
People
(Reporter: joe, Assigned: bbondy)
References
Details
Attachments
(1 file)
2.77 KB,
patch
|
joe
:
review+
|
Details | Diff | Splinter Review |
I was running Firefox through Valgrind and came across: ==54156== Conditional jump or move depends on uninitialised value(s) ==54156== at 0x10748F204: mozilla::imagelib::nsBMPDecoder::WriteInternal(char const*, unsigned int) (nsBMPDecoder.cpp:382) ==54156== by 0x107455880: mozilla::imagelib::Decoder::Write(char const*, unsigned int) (Decoder.cpp:123) ==54156== by 0x107491D6A: mozilla::imagelib::nsICODecoder::WriteInternal(char const*, unsigned int) (nsICODecoder.cpp:400) ==54156== by 0x107455880: mozilla::imagelib::Decoder::Write(char const*, unsigned int) (Decoder.cpp:123) ==54156== by 0x107458A8D: mozilla::imagelib::RasterImage::WriteToDecoder(char const*, unsigned int) (RasterImage.cpp:2293) ==54156== by 0x107458C8A: mozilla::imagelib::RasterImage::DecodeSomeData(unsigned int) (RasterImage.cpp:2625) ==54156== by 0x107458EAD: mozilla::imagelib::imgDecodeWorker::Run() (RasterImage.cpp:2744) ==54156== by 0x107459789: mozilla::imagelib::RasterImage::AddSourceData(char const*, unsigned int) (RasterImage.cpp:1281) ==54156== by 0x1074598D4: mozilla::imagelib::RasterImage::WriteToRasterImage(nsIInputStream*, void*, char const*, unsigned int, unsigned int, unsigned int*) (RasterImage.cpp:2831) ==54156== by 0x1088ECB6A: nsPipeInputStream::ReadSegments(unsigned int (*)(nsIInputStream*, void*, char const*, unsigned int, unsigned int, unsigned int*), void*, unsigned int, unsigned int*) (nsPipe3.cpp:799) ==54156== by 0x10747E3CC: imgRequest::OnDataAvailable(nsIRequest*, nsISupports*, nsIInputStream*, unsigned int, unsigned int) (imgRequest.cpp:1158) ==54156== by 0x10746BB8B: ProxyListener::OnDataAvailable(nsIRequest*, nsISupports*, nsIInputStream*, unsigned int, unsigned int) (imgLoader.cpp:2100) ==54156== ==54156== Conditional jump or move depends on uninitialised value(s) ==54156== at 0x10748F4D6: mozilla::imagelib::nsBMPDecoder::WriteInternal(char const*, unsigned int) (nsBMPDecoder.cpp:419) ==54156== by 0x107455880: mozilla::imagelib::Decoder::Write(char const*, unsigned int) (Decoder.cpp:123) ==54156== by 0x107491D6A: mozilla::imagelib::nsICODecoder::WriteInternal(char const*, unsigned int) (nsICODecoder.cpp:400) ==54156== by 0x107455880: mozilla::imagelib::Decoder::Write(char const*, unsigned int) (Decoder.cpp:123) ==54156== by 0x107458A8D: mozilla::imagelib::RasterImage::WriteToDecoder(char const*, unsigned int) (RasterImage.cpp:2293) ==54156== by 0x107458C8A: mozilla::imagelib::RasterImage::DecodeSomeData(unsigned int) (RasterImage.cpp:2625) ==54156== by 0x107458EAD: mozilla::imagelib::imgDecodeWorker::Run() (RasterImage.cpp:2744) ==54156== by 0x107459789: mozilla::imagelib::RasterImage::AddSourceData(char const*, unsigned int) (RasterImage.cpp:1281) ==54156== by 0x1074598D4: mozilla::imagelib::RasterImage::WriteToRasterImage(nsIInputStream*, void*, char const*, unsigned int, unsigned int, unsigned int*) (RasterImage.cpp:2831) ==54156== by 0x1088ECB6A: nsPipeInputStream::ReadSegments(unsigned int (*)(nsIInputStream*, void*, char const*, unsigned int, unsigned int, unsigned int*), void*, unsigned int, unsigned int*) (nsPipe3.cpp:799) ==54156== by 0x10747E3CC: imgRequest::OnDataAvailable(nsIRequest*, nsISupports*, nsIInputStream*, unsigned int, unsigned int) (imgRequest.cpp:1158) ==54156== by 0x10746BB8B: ProxyListener::OnDataAvailable(nsIRequest*, nsISupports*, nsIInputStream*, unsigned int, unsigned int) (imgLoader.cpp:2100) ==54156==
Comment 1•13 years ago
|
||
I thought this was known and innocuous?
Assignee | ||
Comment 2•13 years ago
|
||
I know this one is older but for bug 700930 it has the side effect icons as attachments. I don't know why yet but I'm almost positive that the problem is with bpc getting a value of 3 instead of 4. bpc = (mBFH.bihsize == OS2_BIH_LENGTH) ? 3 : 4; // OS/2 Bitmaps have no padding byte Will fix soon and suggest aurora and beta pushes. On a side note I setup valgrind and did get some uninitialized value errors but not one in nsBMPDecoder. I think it depends on how much data is passed in each WriteInternal call.
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → DUPLICATE
Assignee | ||
Comment 3•13 years ago
|
||
It turns out that this bug is not related to what I thought was the cause of bug 700930.
Status: RESOLVED → REOPENED
Resolution: DUPLICATE → ---
Assignee | ||
Comment 4•13 years ago
|
||
The uninitialized variable is indeed innocuous and is only because we calculate the value of bpc before and after the header was read.
> bpc = (mBFH.bihsize == OS2_BIH_LENGTH) ? 3 : 4;
The bpc value (mBFH.bihsize) is only actually used when the header is is already read.
The patch also fixes up a couple comments to be on their own line and renames bpc to bytesPerColor since it's a better self explanatory name.
Attachment #574405 -
Flags: review?(joe)
Assignee | ||
Updated•13 years ago
|
Status: REOPENED → ASSIGNED
Assignee | ||
Comment 5•13 years ago
|
||
"The bpc value (mBFH.bihsize) is only actually used when the header is is already read." Should read: The bpc value is only actually used when the header is is already read. The uninitialized value which causes the valgrind warning is mBFH.bihsize.
Reporter | ||
Updated•13 years ago
|
Attachment #574405 -
Flags: review?(joe) → review+
Assignee | ||
Comment 6•13 years ago
|
||
Thanks for the quick review! I'm sure it's fine to push to m-i since it still passes all reftests, but I pushed to try first to be safe. Results here: https://tbpl.mozilla.org/?tree=Try&rev=145d69060885 Will push to m-i if that succeeds.
Assignee | ||
Updated•13 years ago
|
Summary: Uninitialized values in nsBMPDecoder → Innocuous uninitialized value in nsBMPDecoder
Assignee | ||
Updated•13 years ago
|
Target Milestone: --- → mozilla10
Assignee | ||
Updated•13 years ago
|
OS: Mac OS X → All
Assignee | ||
Comment 7•13 years ago
|
||
This was pushed to m-i earlier today by the way: http://hg.mozilla.org/integration/mozilla-inbound/rev/d339796e649b
Comment 8•13 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/d339796e649b
Status: ASSIGNED → RESOLVED
Closed: 13 years ago → 13 years ago
Resolution: --- → FIXED
Target Milestone: mozilla10 → mozilla11
You need to log in
before you can comment on or make changes to this bug.
Description
•