Closed Bug 767370 Opened 13 years ago Closed 13 years ago

Uninitialised value use in nsIDOMKeyEvent_GetCharCode

Categories

(Core :: DOM: Events, defect)

Product:
Core
Component:
DOM: Events
Platform:
x86_64
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla16

People

(Reporter: jseward, Assigned: jseward)

Details

Attachments

(1 file, 1 obsolete file)

as previous patch, with proper hg admin stuff
820 bytes, patch
Details | Diff | Splinter Review
TEST_PATH=content/events/test/test_dom_keyboard_event.html nsIDOMKeyEvent_GetCharCode(JSContext*, JS::Handle<JSObject*>, JS::Handle<long>, JS::Value*) has this PRUint32 result; rv = self->GetCharCode(&result); if (NS_FAILED(rv)) return xpc_qsThrowGetterSetterFailed(cx, rv, JSVAL_TO_OBJECT(*vp), id); GetCharCode can return a non-NS_FAILED |rv| without assigning anything to |result|. The resulting uninitialised values get copied far and wide throughout the system and result in dozens of error reports from Valgrind. The first one is shown below. Conditional jump or move depends on uninitialised value(s) at 0x6BF5B74: nsIDOMKeyEvent_GetCharCode(JSContext*, JS::Handle<JSObject*>, JS::Handle<long>, JS::Value*) (jsapi.h:1849) by 0x7489207: js::baseops::GetProperty(JSContext*, JS::Handle<JSObject*>, JS::Handle<JSObject*>, JS::Handle<long>, JS::Value*) (jscntxtinlines.h:444) by 0x7471E9B: js::Interpret(JSContext*, js::StackFrame*, js::InterpMode) (jsobjinlines.h:162) by 0x7473BCE: js::RunScript(JSContext*, JSScript*, js::StackFrame*) (jsinterp.cpp:267) by 0x74741A8: js::InvokeKernel(JSContext*, js::CallArgs, js::MaybeConstruct) (jsinterp.cpp:322) by 0x74746FA: js::Invoke(JSContext*, JS::Value const&, JS::Value const&, unsigned int, JS::Value*, JS::Value*) (jsinterp.h:100) by 0x7403EFD: JS_CallFunctionValue (jsapi.cpp:5489) by 0x689F2C9: nsJSContext::CallEventHandler(nsISupports*, JSObject*, JSObject*, nsIArray*, nsIVariant**) [clone .part.80] (nsJSEnvironment.cpp:1910) by 0x68BF291: nsGlobalWindow::RunTimeoutHandler(nsTimeout*, nsIScriptContext*) (nsGlobalWindow.cpp:9066) by 0x68BFF7F: nsGlobalWindow::RunTimeout(nsTimeout*) (nsGlobalWindow.cpp:9320) by 0x68C0088: nsGlobalWindow::TimerCallback(nsITimer*, void*) (nsGlobalWindow.cpp:9591) by 0x70BB351: nsTimerImpl::Fire() (nsTimerImpl.cpp:473) Uninitialised value was created by a stack allocation at 0x6BF5AC0: nsIDOMKeyEvent_GetCharCode(JSContext*, JS::Handle<JSObject*>, JS::Handle<long>, JS::Value*) (dom_quickstubs.cpp:10965)
Attached patch fix (obsolete) — Splinter Review
Attachment #635733 - Flags: review?(peterv)
Attachment #635733 - Flags: review?(peterv) → review+
Keywords: checkin-needed
I'll check the patch in for you, but could you please export a proper hg patch with attribution, comment message, etc.?
Clearing c-n while the patch gets tidied.
Keywords: checkin-needed
Attachment #635733 - Attachment is obsolete: true
https://hg.mozilla.org/integration/mozilla-inbound/rev/31cf3f1603d7
Assignee: nobody → jseward
Status: NEW → ASSIGNED
https://hg.mozilla.org/mozilla-central/rev/31cf3f1603d7
Status: ASSIGNED → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla16
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: