Uninitialised value use in mozilla::layers::BasicShadowLayerManager::EndTransaction

RESOLVED DUPLICATE of bug 775848

Status

()

RESOLVED DUPLICATE of bug 775848
6 years ago
6 years ago

People

(Reporter: jseward, Unassigned)

Tracking

Trunk
x86_64
Linux
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

6 years ago
Seen on all startups on x86_64-Linux now.  Stack trace below.

void
BasicShadowLayerManager::EndTransaction(DrawThebesLayerCallback aCallback,
                                        void* aCallbackData,
                                        EndTransactionFlags aFlags)
  ...
  if (mRepeatTransaction) {

mRepeatTransaction isn't initialised (I suppose), and
BasicShadowLayerManager::BasicShadowLayerManager doesn't assign
anything to it.


Conditional jump or move depends on uninitialised value(s)
   at 0x7147ABF: mozilla::layers::BasicShadowLayerManager::EndTransaction(void (*)(mozilla::layers::ThebesLayer*, gfxContext*, nsIntRegion const&, nsIntRegion const&, void*), void*, mozilla::layers::LayerManager::EndTransactionFlags) (BasicLayerManager.cpp:1025)
   by 0x649FC54: nsDisplayList::PaintForFrame(nsDisplayListBuilder*, nsRenderingContext*, nsIFrame*, unsigned int) const (nsDisplayList.cpp:655)
   by 0x649FF16: nsDisplayList::PaintRoot(nsDisplayListBuilder*, nsRenderingContext*, unsigned int) const (nsDisplayList.cpp:552)
   by 0x64BA649: nsLayoutUtils::PaintFrame(nsRenderingContext*, nsIFrame*, nsRegion const&, unsigned int, unsigned int) (nsLayoutUtils.cpp:1786)
   by 0x64D23D8: PresShell::Paint(nsIView*, nsIWidget*, nsRegion const&, nsIntRegion const&, bool) (nsPresShell.cpp:5290)
   by 0x6893B9C: nsViewManager::Refresh(nsView*, nsIWidget*, nsIntRegion const&, bool) (nsViewManager.cpp:339)
   by 0x6894F7F: nsViewManager::DispatchEvent(nsGUIEvent*, nsIView*, nsEventStatus*) (nsViewManager.cpp:763)
   by 0x68918D8: HandleEvent(nsGUIEvent*) (nsView.cpp:127)
   by 0x6E966D3: nsWindow::DispatchEvent(nsGUIEvent*, nsEventStatus&) (nsWindow.cpp:474)
   by 0x6EA084F: nsWindow::OnExposeEvent(_GdkEventExpose*) (nsWindow.cpp:2210)
   by 0x6EA0C04: expose_event_cb(_GtkWidget*, _GdkEventExpose*) (nsWindow.cpp:5088)
   by 0xA97C187: _gtk_marshal_BOOLEAN__BOXED (gtkmarshalers.c:84)

 Uninitialised value was created by a heap allocation
   at 0x402AD1C: malloc (vg_replace_malloc.c:267)
   by 0x403E038: moz_xmalloc (mozalloc.cpp:54)
   by 0x6EBF992: nsBaseWidget::CreateBasicLayerManager() (mozalloc.h:200)
   by 0x6EBFB60: nsBaseWidget::GetLayerManager(mozilla::layers::PLayersChild*, mozilla::layers::LayersBackend, nsIWidget::LayerManagerPersistence, bool*) (nsBaseWidget.cpp:949)
   by 0x6EA01FA: nsWindow::OnExposeEvent(_GdkEventExpose*) (nsWindow.cpp:2123)
   by 0x6EA0C04: expose_event_cb(_GtkWidget*, _GdkEventExpose*) (nsWindow.cpp:5088)
   by 0xA97C187: _gtk_marshal_BOOLEAN__BOXED (gtkmarshalers.c:84)
   by 0x90CC5DD: g_closure_invoke (gclosure.c:767)
   by 0x90E0597: signal_emit_unlocked_R (gsignal.c:3248)
   by 0x90E18B8: g_signal_emit_valist (gsignal.c:2991)
   by 0x90E2032: g_signal_emit (gsignal.c:3038)
   by 0xAA930CE: gtk_widget_event_internal (gtkwidget.c:4951)

Updated

6 years ago
Status: NEW → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 775848
You need to log in before you can comment on or make changes to this bug.