Last Comment Bug 723498 - Uninitialised value use in nsInputStreamPump::AsyncRead
: Uninitialised value use in nsInputStreamPump::AsyncRead
Status: RESOLVED FIXED
:
Product: Core
Classification: Components
Component: XPCOM (show other bugs)
: Trunk
: x86_64 Linux
: P4 normal (vote)
: mozilla13
Assigned To: Boris Zbarsky [:bz] (Out June 25-July 6)
:
Mentors:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2012-02-02 06:35 PST by Julian Seward [:jseward]
Modified: 2012-02-08 09:39 PST (History)
1 user (show)
bzbarsky: in‑testsuite-
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---


Attachments
Make sure to always set our out param in nsMultiplexInputStream::IsNonBlocking when returning success. (1.46 KB, patch)
2012-02-02 06:55 PST, Boris Zbarsky [:bz] (Out June 25-July 6)
benjamin: review+
Details | Diff | Review

Description Julian Seward [:jseward] 2012-02-02 06:35:06 PST
TEST_PATH=content/base/test/test_blobbuilder.htm

(DISPLAY=:1 TEST_PATH=content/base/test/test_blobbuilder.html make -C ff-opt mochitest-plain EXTRA_TEST_ARGS='--close-when-done --debugger=vTRUNK --debugger-args="--tool=memcheck --suppressions=/home/sewardj/MOZ/fglrx-supp.supp --suppressions=/home/sewardj/MOZ/moz-supp.supp --error-limit=no --stats=yes --smc-check=all-non-file --trace-children=yes --child-silent-after-fork=yes '--trace-children-skip=/usr/bin/hg,/bin/rm,*/bin/certutil,*/bin/pk12util,*/bin/ssltunnel' --track-origins=yes"') 2>&1 | tee spew2-memcheck-2a

gives the complaint below.  Looking at the start of 
nsInputStreamPump::AsyncRead(nsIStreamListener*, nsISupports*)
we have

    bool nonBlocking;
    nsresult rv = mStream->IsNonBlocking(&nonBlocking);
    ...
    if (NS_FAILED(rv)) return rv; // not taken
    if (nonBlocking)  // complaint is here

so perhaps IsNonBlocking can return a non-fail rv but still fail to
set &nonBlocking.



Conditional jump or move depends on uninitialised value(s)
   at 0x7F2A534: nsInputStreamPump::AsyncRead(nsIStreamListener*, nsISupports*) (nsInputStreamPump.cpp:318)
   by 0x7F219D2: nsBaseChannel::BeginPumpingData() (nsBaseChannel.cpp:262)
   by 0x7F21FD5: nsBaseChannel::AsyncOpen(nsIStreamListener*, nsISupports*) (nsBaseChannel.cpp:609)
   by 0x82BECFD: nsDOMFileReader::ReadFileContent(JSContext*, nsIDOMBlob*, nsAString_internal const&, nsDOMFileReader::eDataFormat) (nsDOMFileReader.cpp:462)
   by 0x885DB47: nsIDOMFileReader_ReadAsBinaryString(JSContext*, unsigned int, JS::Value*) (dom_quickstubs.cpp:21087)
   by 0x908D9D6: js::InvokeKernel(JSContext*, js::CallArgs, js::MaybeConstruct) (jscntxtinlines.h:311)
   by 0x908762D: js::Interpret(JSContext*, js::StackFrame*, js::InterpMode) (jsinterp.cpp:2801)
   by 0x908DACC: js::InvokeKernel(JSContext*, js::CallArgs, js::MaybeConstruct) (jsinterp.cpp:537)
   by 0x9022E1D: array_forEach(JSContext*, unsigned int, JS::Value*) (jsinterp.h:157)
   by 0x908D9D6: js::InvokeKernel(JSContext*, js::CallArgs, js::MaybeConstruct) (jscntxtinlines.h:311)
   by 0x908762D: js::Interpret(JSContext*, js::StackFrame*, js::InterpMode) (jsinterp.cpp:2801)
   by 0x908DACC: js::InvokeKernel(JSContext*, js::CallArgs, js::MaybeConstruct) (jsinterp.cpp:537)

 Uninitialised value was created by a stack allocation
   at 0x7F2A4D0: nsInputStreamPump::AsyncRead(nsIStreamListener*, nsISupports*) (nsInputStreamPump.cpp:303)
Comment 1 Boris Zbarsky [:bz] (Out June 25-July 6) 2012-02-02 06:49:09 PST
> so perhaps IsNonBlocking can return a non-fail rv but still fail to
> set &nonBlocking.

It _can_, but if so it's totally broken.

Kyle says that the underlying stream here can be a multiplex stream, a file stream, a partial file stream.  Looking at those, a multiplex stream with 0 underlying streams will in fact do the broken thing for IsNonBlocking.
Comment 2 Boris Zbarsky [:bz] (Out June 25-July 6) 2012-02-02 06:55:15 PST
Created attachment 593827 [details] [diff] [review]
Make sure to always set our out param in nsMultiplexInputStream::IsNonBlocking when returning success.
Comment 3 Boris Zbarsky [:bz] (Out June 25-July 6) 2012-02-02 06:56:48 PST
Julian, does that fix the bug?
Comment 4 Julian Seward [:jseward] 2012-02-03 03:03:27 PST
(In reply to Boris Zbarsky (:bz) from comment #3)
Yes, that fixes it.
Comment 5 Boris Zbarsky [:bz] (Out June 25-July 6) 2012-02-07 12:29:37 PST
http://hg.mozilla.org/integration/mozilla-inbound/rev/7869ec49aba8
Comment 6 Ed Morley [:emorley] 2012-02-08 09:39:35 PST
https://hg.mozilla.org/mozilla-central/rev/7869ec49aba8

Note You need to log in before you can comment on or make changes to this bug.