Closed
Bug 98841
Opened 23 years ago
Closed 23 years ago
UMR: Uninitialized memory read in nsPrefBranch::getValidatedPrefName
Categories
(SeaMonkey :: MailNews: Address Book & Contacts, defect)
Tracking
(Not tracked)
VERIFIED
DUPLICATE
of bug 103134
People
(Reporter: stephend, Assigned: chuang)
Details
[W] UMR: Uninitialized memory read in nsPrefBranch::getValidatedPrefName(char const*,char const* *) {6 occurrences} Reading 1 byte from 0x0013defc (1 byte at 0x0013defc uninitialized) Address 0x0013defc points into a thread's stack Address 0x0013defc is the local variable 'tempstring' in DIR_GetPrefsForOneServer(DIR_Server *,int,int) Thread ID: 0x524 Error location nsPrefBranch::getValidatedPrefName(char const*,char const* *)+0x1fe [c:\moz_src\mozilla\modules\libpref\src\nsPrefBranch.cpp:717 ip=0x048fcafe] nsPrefBranch::PrefIsLocked(char const*,int *)+0xfd [c:\moz_src\mozilla\modules\libpref\src\nsPrefBranch.cpp:478 ip=0x048faaed] nsPrefService::PrefIsLocked(char const*,int *)+0x8b [c:\moz_src\mozilla\modules\libpref\src\nsPrefService.h:42 ip=0x0490175b] nsPref::PrefIsLocked(char const*,int *)+0x114 [c:\moz_src\mozilla\modules\libpref\src\nsPref.cpp:293 ip=0x048ef624] DIR_GetPrefsForOneServer(DIR_Server *,int,int)+0x2ad [c:\moz_src\mozilla\mailnews\addrbook\src\nsDirPrefs.cpp:3056 ip=0x0fc2944d] dir_GetPrefsFrom45Branch+0x559 [c:\moz_src\mozilla\mailnews\addrbook\src\nsDirPrefs.cpp:3264 ip=0x0fc2f2d9] DIR_GetServerPreferences(nsVoidArray * *)+0x3f3 [c:\moz_src\mozilla\mailnews\addrbook\src\nsDirPrefs.cpp:3332 ip=0x0fc2d753] DIR_GetDirServers(void)+0x141 [c:\moz_src\mozilla\mailnews\addrbook\src\nsDirPrefs.cpp:349 ip=0x0fc1d461] DIR_GetDirectories(void)+0x34 [c:\moz_src\mozilla\mailnews\addrbook\src\nsDirPrefs.cpp:334 ip=0x0fc1d2f4] nsAbBSDirectory::GetDirList(void)+0x34 [c:\moz_src\mozilla\mailnews\addrbook\src\nsAbBSDirectory.h:51 ip=0x0fb943a4]
Reporter | ||
Comment 1•23 years ago
|
||
Sorry, switching to prefs:backend.
Component: Preferences → Preferences: Backend
Reporter | ||
Comment 2•23 years ago
|
||
Bug 98843, bug 98847, bug 98848, bug 98849, bug 98850, bug 98846 and bug 98841 all were a result of: Launching mozilla.exe -compose, typing stephe (letting it search from a local addressbook for <stephend@netscape.com>, moving the selection down 3 times to highlight the above email address, hitting return 3 times, typing nothing in the message body, nothing in the subject, and simply hitting OK to send the message.
Reporter | ||
Comment 3•23 years ago
|
||
s/dialog/message
Comment 5•23 years ago
|
||
If you pass uninitialized buffers to prefs, it won't work :) Declaration of tempstring: http://lxr.mozilla.org/seamonkey/source/mailnews/addrbook/src/nsDirPrefs.cpp#3038 Passed to prefs (uninitialized): http://lxr.mozilla.org/seamonkey/source/mailnews/addrbook/src/nsDirPrefs.cpp#3056 Probably supposed to be passing |prefstring| instead(?)
Component: Preferences: Backend → Address Book
Product: Browser → MailNews
Reporter | ||
Updated•23 years ago
|
QA Contact: nbaca → stephend
Comment 7•23 years ago
|
||
After looking at it a little closer, it looks like the lines (now at line 3072): pPref->PrefIsLocked(tempstring, &bIsLocked); server->position = DIR_GetIntPref (prefstring, "position", tempstring, kDefaultPosition); Should be reversed to: server->position = DIR_GetIntPref (prefstring, "position", tempstring, kDefaultPosition); pPref->PrefIsLocked(tempstring, &bIsLocked); It appears that DIR_GetIntPref() sets |tempstring| to the name of the preference which it obtains the value of.
Reporter | ||
Comment 8•23 years ago
|
||
Always happy to dup to one with a patch... *** This bug has been marked as a duplicate of 103134 ***
Status: NEW → RESOLVED
Closed: 23 years ago
Resolution: --- → DUPLICATE
Updated•20 years ago
|
Product: Browser → Seamonkey
You need to log in
before you can comment on or make changes to this bug.
Description
•