Closed Bug 795310 Opened 13 years ago Closed 13 years ago

Uninitialised value use in mozilla::layers::BasicTiledThebesLayer::PaintThebes

Categories

(Core :: Graphics: Layers, defect)

Product:
Core
Component:
Graphics: Layers
Platform:
ARM
Android
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla18

People

(Reporter: jseward, Assigned: BenWa)

Details

(Keywords: valgrind)

Attachments

(1 file)

init mLastPaintOpaque
777 bytes, patch
cwiiis
: review+
Details | Diff | Splinter Review
Appears on every startup of Fennec, running on Xoom w/ ICS (4.0). Thread 12: Conditional jump or move depends on uninitialised value(s) at 0x305D0E92: mozilla::layers::BasicTiledThebesLayer::PaintThebes(gfxContext*, mozilla::layers::Layer*, void (*)(mozilla::layers::ThebesLayer*, gfxContext*, nsIntRegion const&, nsIntRegion const&, void*), void*, mozilla::layers::ReadbackProcessor*) (gfx/layers/basic/BasicTiledThebesLayer.cpp:234) by 0x305C7F1F: mozilla::layers::BasicLayerManager::PaintSelfOrChildren(mozilla::layers::PaintContext&, gfxContext*) (gfx/layers/basic/BasicLayerManager.cpp:825) by 0x305C7315: mozilla::layers::BasicLayerManager::PaintLayer(gfxContext*, mozilla::layers::Layer*, void (*)(mozilla::layers::ThebesLayer*, gfxContext*, nsIntRegion const&, nsIntRegion const&, void*), void*, mozilla::layers::ReadbackProcessor*) (gfx/layers/basic/BasicLayerManager.cpp:932) by 0x305C7EA5: mozilla::layers::BasicLayerManager::PaintSelfOrChildren(mozilla::layers::PaintContext&, gfxContext*) (gfx/layers/basic/BasicLayerManager.cpp:840) by 0x305C7315: mozilla::layers::BasicLayerManager::PaintLayer(gfxContext*, mozilla::layers::Layer*, void (*)(mozilla::layers::ThebesLayer*, gfxContext*, nsIntRegion const&, nsIntRegion const&, void*), void*, mozilla::layers::ReadbackProcessor*) (gfx/layers/basic/BasicLayerManager.cpp:932) by 0x305C810B: mozilla::layers::BasicLayerManager::EndTransactionInternal(void (*)(mozilla::layers::ThebesLayer*, gfxContext*, nsIntRegion const&, nsIntRegion const&, void*), void*, mozilla::layers::LayerManager::EndTransactionFlags) (gfx/layers/basic/BasicLayerManager.cpp:584) by 0x305C832B: mozilla::layers::BasicLayerManager::EndTransaction(void (*)(mozilla::layers::ThebesLayer*, gfxContext*, nsIntRegion const&, nsIntRegion const&, void*), void*, mozilla::layers::LayerManager::EndTransactionFlags) (gfx/layers/basic/BasicLayerManager.cpp:509) by 0x305C8343: mozilla::layers::BasicShadowLayerManager::EndTransaction(void (*)(mozilla::layers::ThebesLayer*, gfxContext*, nsIntRegion const&, nsIntRegion const&, void*), void*, mozilla::layers::LayerManager::EndTransactionFlags) (gfx/layers/basic/BasicLayerManager.cpp:1129) by 0x2FC2192D: nsDisplayList::PaintForFrame(nsDisplayListBuilder*, nsRenderingContext*, nsIFrame*, unsigned int) const (layout/base/nsDisplayList.cpp:1068) by 0x2FC21BE9: nsDisplayList::PaintRoot(nsDisplayListBuilder*, nsRenderingContext*, unsigned int) const (layout/base/nsDisplayList.cpp:956) by 0x2FC343AB: nsLayoutUtils::PaintFrame(nsRenderingContext*, nsIFrame*, nsRegion const&, unsigned int, unsigned int) (layout/base/nsLayoutUtils.cpp:1743) by 0x2FC3FF3B: PresShell::Paint(nsIView*, nsRegion const&, nsIPresShell::PaintType, bool) (layout/base/nsPresShell.cpp:5271) by 0x2FF0FA89: nsViewManager::ProcessPendingUpdatesForView(nsView*, bool) (view/src/nsViewManager.cpp:438) by 0x2FF0FB47: nsViewManager::ProcessPendingUpdates() (view/src/nsViewManager.cpp:1217) by 0x2FC4AFA3: nsRefreshDriver::Notify(nsITimer*) (layout/base/nsRefreshDriver.cpp:421) by 0x3054217B: nsTimerImpl::Fire() (xpcom/threads/nsTimerImpl.cpp:476) by 0x3054232B: nsTimerEvent::Run() (xpcom/threads/nsTimerImpl.cpp:556) by 0x3053FB97: nsThread::ProcessNextEvent(bool, bool*) (xpcom/threads/nsThread.cpp:612) by 0x30515F75: NS_ProcessNextEvent_P(nsIThread*, bool) (ff-opt/xpcom/build/nsThreadUtils.cpp:220) by 0x3040E307: mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) (ipc/glue/MessagePump.cpp:82) Uninitialised value was created by a heap allocation at 0x4806920: malloc (coregrind/m_replacemalloc/vg_replace_malloc.c:270) by 0x226BE645: moz_xmalloc (memory/mozalloc/mozalloc.cpp:57) by 0x305C60D7: mozilla::layers::BasicShadowLayerManager::CreateThebesLayer() (ff-opt/gfx/layers/../../dist/include/mozilla/mozalloc.h:200) by 0x2FBF6DD7: mozilla::(anonymous namespace)::ContainerState::ProcessDisplayItems(nsDisplayList const&, mozilla::FrameLayerBuilder::Clip&, unsigned int) (layout/base/FrameLayerBuilder.cpp:1189) by 0x2FBF7777: mozilla::FrameLayerBuilder::BuildContainerLayerFor(nsDisplayListBuilder*, mozilla::layers::LayerManager*, nsIFrame*, nsDisplayItem*, nsDisplayList const&, mozilla::FrameLayerBuilder::ContainerParameters const&, gfx3DMatrix const*) (layout/base/FrameLayerBuilder.cpp:2555) by 0x2FC217CF: nsDisplayList::PaintForFrame(nsDisplayListBuilder*, nsRenderingContext*, nsIFrame*, unsigned int) const (layout/base/nsDisplayList.cpp:1019) by 0x2FC21BE9: nsDisplayList::PaintRoot(nsDisplayListBuilder*, nsRenderingContext*, unsigned int) const (layout/base/nsDisplayList.cpp:956) by 0x2FC343AB: nsLayoutUtils::PaintFrame(nsRenderingContext*, nsIFrame*, nsRegion const&, unsigned int, unsigned int) (layout/base/nsLayoutUtils.cpp:1743) by 0x2FC3FF3B: PresShell::Paint(nsIView*, nsRegion const&, nsIPresShell::PaintType, bool) (layout/base/nsPresShell.cpp:5271) by 0x2FF0FA89: nsViewManager::ProcessPendingUpdatesForView(nsView*, bool) (view/src/nsViewManager.cpp:438) by 0x2FF0FB47: nsViewManager::ProcessPendingUpdates() (view/src/nsViewManager.cpp:1217) by 0x2FC4AFA3: nsRefreshDriver::Notify(nsITimer*) (layout/base/nsRefreshDriver.cpp:421) by 0x3054217B: nsTimerImpl::Fire() (xpcom/threads/nsTimerImpl.cpp:476) by 0x3054232B: nsTimerEvent::Run() (xpcom/threads/nsTimerImpl.cpp:556) by 0x3053FB97: nsThread::ProcessNextEvent(bool, bool*) (xpcom/threads/nsThread.cpp:612) by 0x30515F75: NS_ProcessNextEvent_P(nsIThread*, bool) (ff-opt/xpcom/build/nsThreadUtils.cpp:220) by 0x3040E307: mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) (ipc/glue/MessagePump.cpp:82) by 0x3056AB2D: MessageLoop::RunInternal() (ipc/chromium/src/base/message_loop.cc:208) by 0x3056AB3B: MessageLoop::RunHandler() (ipc/chromium/src/base/message_loop.cc:201) by 0x3056AC3B: MessageLoop::Run() (ipc/chromium/src/base/message_loop.cc:175)
Keywords: valgrind
Assignee: nobody → bgirard
Attachment #667034 - Flags: review?(chrislord.net)
Note that whether we took the branch or not based on an uninitialized value would be a no-op since we would set the valid region to be empty which it already was.
Comment on attachment 667034 [details] [diff] [review] init mLastPaintOpaque Review of attachment 667034 [details] [diff] [review]: ----------------------------------------------------------------- Looks good to me.
Attachment #667034 - Flags: review?(chrislord.net) → review+
Keywords: checkin-needed
Please post a changeset link and update the bug when landing things on inbound...
Flags: in-testsuite+
Keywords: checkin-needed
https://hg.mozilla.org/mozilla-central/rev/a0ee436cc856
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla18
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: