Closed Bug 726580 Opened 13 years ago Closed 13 years ago

Uninitialised value use in gfxUtils::GetYCbCrToRGBDestFormatAndSize

Categories

(Core :: Audio/Video, defect)

Product:
Core
Component:
Audio/Video
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla13

People

(Reporter: jseward, Assigned: derf)

References

Details

(Keywords: valgrind)

Attachments

(1 file, 1 obsolete file)

Stop shadowing PlanarYCbCr::mOffscreenFormat
1.35 KB, patch
bas.schouten
: review+
Details | Diff | Splinter Review
TEST_PATH=content/media/test/test_buffered.html (DISPLAY=:3.0 make -C ff-opt mochitest-plain TEST_PATH=content/media/test/test_buffered.html EXTRA_TEST_ARGS='--close-when-done --debugger=/home/sewardj/VgTRUNK/merge/Inst/bin/valgrind --debugger-args="--smc-check=all-non-file --suppressions=/home/sewardj/MOZ/SUPPS/mochitest-mc.supp --error-limit=no --stats=yes --trace-children=yes --child-silent-after-fork=yes '--trace-children-skip=/usr/bin/hg,/bin/rm,*/bin/certutil,*/bin/pk12util,*/bin/ssltunnel,*/bin/uname,*/bin/which,*/bin/ps,*/bin/grep' --tool=memcheck --track-origins=yes --stats=yes"') 2>&1 | tee spew-mc-tmp The uninitialised value(s) propagate to a whole bunch of use points, not just this one. At least judging by the cascade of errors that is reported. Conditional jump or move depends on uninitialised value(s) at 0x6DFD3FE: gfxUtils::GetYCbCrToRGBDestFormatAndSize(mozilla::layers::PlanarYCbCrImage::Data const&, gfxASurface::gfxImageFormat&, nsIntSize&) (gfxUtils.cpp:541) by 0x6E0EB94: mozilla::layers::BasicPlanarYCbCrImage::SetData(mozilla::layers::PlanarYCbCrImage::Data const&) (BasicImages.cpp:126) by 0x67D8156: VideoData::Create(nsVideoInfo&, mozilla::layers::ImageContainer*, long, long, long, VideoData::YCbCrBuffer const&, bool, long, nsIntRect) (nsBuiltinDecoderReader.cpp:188) by 0x67DD17E: nsOggReader::DecodeTheora(ogg_packet*, long) (nsOggReader.cpp:473) by 0x67DE171: nsOggReader::DecodeVideoFrame(bool&, long) (nsOggReader.cpp:518) by 0x67D5D73: nsBuiltinDecoderStateMachine::DecodeLoop() (nsBuiltinDecoderStateMachine.cpp:630) by 0x67D70EF: nsBuiltinDecoderStateMachine::DecodeThreadRun() (nsBuiltinDecoderStateMachine.cpp:526) by 0x60AAF2D: nsRunnableMethodImpl<void (nsPACMan::*)(), true>::Run() (nsThreadUtils.h:345) by 0x6D90E7D: nsThread::ProcessNextEvent(bool, bool*) (nsThread.cpp:657) by 0x6D58D59: NS_ProcessNextEvent_P(nsIThread*, bool) (nsThreadUtils.cpp:245) by 0x6D90BE4: nsThread::ThreadFunc(void*) (nsThread.cpp:289) by 0x41AD102: _pt_root (ptthread.c:187) Uninitialised value was created by a heap allocation at 0x4029B9A: malloc (vg_replace_malloc.c:263) by 0x403DF5B: moz_xmalloc (mozalloc.cpp:103) by 0x6E0EE8D: mozilla::layers::BasicImageFactory::CreateImage(mozilla::layers::Image::Format const*, unsigned int, nsIntSize const&, mozilla::layers::BufferRecycleBin*) (mozalloc.h:229) by 0x6E359CC: mozilla::layers::ImageContainer::CreateImage(mozilla::layers::Image::Format const*, unsigned int) (ImageLayers.cpp:114) by 0x67D808F: VideoData::Create(nsVideoInfo&, mozilla::layers::ImageContainer*, long, long, long, VideoData::YCbCrBuffer const&, bool, long, nsIntRect) (nsBuiltinDecoderReader.cpp:167) by 0x67DD17E: nsOggReader::DecodeTheora(ogg_packet*, long) (nsOggReader.cpp:473) by 0x67DE171: nsOggReader::DecodeVideoFrame(bool&, long) (nsOggReader.cpp:518) by 0x67D5D73: nsBuiltinDecoderStateMachine::DecodeLoop() (nsBuiltinDecoderStateMachine.cpp:630) by 0x67D70EF: nsBuiltinDecoderStateMachine::DecodeThreadRun() (nsBuiltinDecoderStateMachine.cpp:526) by 0x60AAF2D: nsRunnableMethodImpl<void (nsPACMan::*)(), true>::Run() (nsThreadUtils.h:345) by 0x6D90E7D: nsThread::ProcessNextEvent(bool, bool*) (nsThread.cpp:657) by 0x6D58D59: NS_ProcessNextEvent_P(nsIThread*, bool) (nsThreadUtils.cpp:245)
Keywords: valgrind
It looks like bug 715785 added a redundant mOffscreenFormat member in both PlanarYCbCrImage and BasicPlanarYCbCrImage. The GetOffscreenFormat() accessor reads the former, but the BasicPlanarYCbCrImage constructor only initializes the latter. This patch just removes the one in BasicPlanarYCbCrImage.
Assignee: nobody → tterribe
Status: NEW → ASSIGNED
Attachment #597216 - Flags: review?(bas.schouten)
Blocks: 715785
OS: Linux → All
Hardware: x86_64 → All
Attachment #597216 - Flags: review?(bas.schouten) → review+
Comment on attachment 597281 [details] [diff] [review] Test for shadow clips working correctly on non-rectangular canvases Attached to the wrong bug, sorry :)
Attachment #597281 - Attachment is obsolete: true
Attachment #597281 - Flags: review?(jmuizelaar)
https://hg.mozilla.org/mozilla-central/rev/007fc5981fc3
Status: ASSIGNED → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: