Closed
Bug 98841
Opened 23 years ago
Closed 23 years ago
UMR: Uninitialized memory read in nsPrefBranch::getValidatedPrefName
Categories
(SeaMonkey :: MailNews: Address Book & Contacts, defect)
Tracking
(Not tracked)
VERIFIED
DUPLICATE
of bug 103134
People
(Reporter: stephend, Assigned: chuang)
Details
[W] UMR: Uninitialized memory read in nsPrefBranch::getValidatedPrefName(char
const*,char const* *) {6 occurrences}
Reading 1 byte from 0x0013defc (1 byte at 0x0013defc uninitialized)
Address 0x0013defc points into a thread's stack
Address 0x0013defc is the local variable 'tempstring' in
DIR_GetPrefsForOneServer(DIR_Server *,int,int)
Thread ID: 0x524
Error location
nsPrefBranch::getValidatedPrefName(char const*,char const* *)+0x1fe
[c:\moz_src\mozilla\modules\libpref\src\nsPrefBranch.cpp:717 ip=0x048fcafe]
nsPrefBranch::PrefIsLocked(char const*,int *)+0xfd
[c:\moz_src\mozilla\modules\libpref\src\nsPrefBranch.cpp:478 ip=0x048faaed]
nsPrefService::PrefIsLocked(char const*,int *)+0x8b
[c:\moz_src\mozilla\modules\libpref\src\nsPrefService.h:42 ip=0x0490175b]
nsPref::PrefIsLocked(char const*,int *)+0x114
[c:\moz_src\mozilla\modules\libpref\src\nsPref.cpp:293 ip=0x048ef624]
DIR_GetPrefsForOneServer(DIR_Server *,int,int)+0x2ad
[c:\moz_src\mozilla\mailnews\addrbook\src\nsDirPrefs.cpp:3056 ip=0x0fc2944d]
dir_GetPrefsFrom45Branch+0x559
[c:\moz_src\mozilla\mailnews\addrbook\src\nsDirPrefs.cpp:3264 ip=0x0fc2f2d9]
DIR_GetServerPreferences(nsVoidArray * *)+0x3f3
[c:\moz_src\mozilla\mailnews\addrbook\src\nsDirPrefs.cpp:3332 ip=0x0fc2d753]
DIR_GetDirServers(void)+0x141
[c:\moz_src\mozilla\mailnews\addrbook\src\nsDirPrefs.cpp:349 ip=0x0fc1d461]
DIR_GetDirectories(void)+0x34
[c:\moz_src\mozilla\mailnews\addrbook\src\nsDirPrefs.cpp:334 ip=0x0fc1d2f4]
nsAbBSDirectory::GetDirList(void)+0x34
[c:\moz_src\mozilla\mailnews\addrbook\src\nsAbBSDirectory.h:51 ip=0x0fb943a4]
|
Reporter | |
Comment 1•23 years ago
|
||
Sorry, switching to prefs:backend.
Component: Preferences → Preferences: Backend
|
|
Reporter | |
Comment 2•23 years ago
|
||
Bug 98843, bug 98847, bug 98848, bug 98849, bug 98850, bug 98846 and bug 98841 all were a result of: Launching mozilla.exe -compose, typing stephe (letting it search from a local addressbook for <stephend@netscape.com>, moving the selection down 3 times to highlight the above email address, hitting return 3 times, typing nothing in the message body, nothing in the subject, and simply hitting OK to send the message.
|
|
Reporter | |
Comment 3•23 years ago
|
||
s/dialog/message
|
||
Comment 5•23 years ago
|
||
If you pass uninitialized buffers to prefs, it won't work :) Declaration of tempstring: http://lxr.mozilla.org/seamonkey/source/mailnews/addrbook/src/nsDirPrefs.cpp#3038 Passed to prefs (uninitialized): http://lxr.mozilla.org/seamonkey/source/mailnews/addrbook/src/nsDirPrefs.cpp#3056 Probably supposed to be passing |prefstring| instead(?)
Component: Preferences: Backend → Address Book
Product: Browser → MailNews
|
|
Reporter | |
Updated•23 years ago
|
QA Contact: nbaca → stephend
|
|
||
Comment 7•23 years ago
|
||
After looking at it a little closer, it looks like the lines (now at line 3072): pPref->PrefIsLocked(tempstring, &bIsLocked); server->position = DIR_GetIntPref (prefstring, "position", tempstring, kDefaultPosition); Should be reversed to: server->position = DIR_GetIntPref (prefstring, "position", tempstring, kDefaultPosition); pPref->PrefIsLocked(tempstring, &bIsLocked); It appears that DIR_GetIntPref() sets |tempstring| to the name of the preference which it obtains the value of.
|
|
Reporter | |
Comment 8•23 years ago
|
||
Always happy to dup to one with a patch... *** This bug has been marked as a duplicate of 103134 ***
Status: NEW → RESOLVED
Closed: 23 years ago
Resolution: --- → DUPLICATE
|
||
Updated•20 years ago
|
Product: Browser → Seamonkey
You need to log in
before you can comment on or make changes to this bug.
Description
•