Closed Bug 571823 Opened 15 years ago Closed 15 years ago

UMR [@ nsHTMLSelectOptionAccessible::GetStateInternal]

Categories

(Core :: Disability Access APIs, defect)

Product:
Core
Component:
Disability Access APIs
Platform:
x86_64
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: jruderman, Assigned: davidb)

References

Details

(Keywords: testcase, valgrind)

Attachments

(3 files, 2 obsolete files)

testcase (requires accessibility service to be enabled)
275 bytes, application/xhtml+xml
Details
details from valgrind (--num-callers=50 --track-origins=yes)
5.04 KB, text/plain
Details
patch 2
2.62 KB, patch
surkov
: review+
Details | Diff | Splinter Review
1. Run Firefox under Valgrind. 2. Enable accessibility, e.g. by pasting the following into the js console Components.classes["@mozilla.org/accessibilityService;1"] .getService(Components.interfaces.nsIAccessibleRetrieval); 3. Load the testcase Result: Valgrind complains of a UMR [@ nsHTMLSelectOptionAccessible::GetStateInternal] Looks like GetStateInternal expects nsHTMLSelectOptionAccessible::GetSelectState to always set its out-params, and that isn't happening in this case.
Attached patch reflex WIP (obsolete) — Splinter Review
Assignee: nobody → bolterbugz
Attachment #451106 - Flags: feedback?(jruderman)
Attachment #451106 - Flags: feedback?(jruderman) → feedback+
Comment on attachment 451106 [details] [diff] [review] reflex WIP This patch fixes the Valgrind warning for me :)
Please initialize local variables passed into GetSelectState.
Attached patch patch (obsolete) — Splinter Review
This patch makes it clear that we expect these args to be init to 0. Also fixed a typo while I'm here.
Attachment #451106 - Attachment is obsolete: true
Attachment #451286 - Flags: review?(surkov.alexander)
Comment on attachment 451286 [details] [diff] [review] patch > nsIFrame* nsHTMLSelectOptionAccessible::GetBoundsFrame() > { >- PRUint32 state; >+ PRUint32 state = 0; > nsCOMPtr<nsIContent> content = GetSelectState(&state); > > nsIContent* nsHTMLSelectOptionAccessible::GetSelectState(PRUint32* aState, > PRUint32* aExtraState) > { >+ *aState = *aExtraState = 0; this is a crash
> this is a crash Why?
It didn't crash for me when I tried it last night.
because aExtraState is null in the case of GetBoundsFrame().
(In reply to comment #8) > It didn't crash for me when I tried it last night. probably you didn't trigger this code.
Attached patch patch 2Splinter Review
Attachment #451286 - Attachment is obsolete: true
Attachment #451297 - Flags: review?(surkov.alexander)
Attachment #451286 - Flags: review?(surkov.alexander)
Attachment #451297 - Flags: review?(surkov.alexander) → review+
http://hg.mozilla.org/mozilla-central/rev/b24c59785359 (Thanks guys)
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: