Closed Bug 3704 Opened 26 years ago Closed 26 years ago

UMR: nsSelectionMgr::SelectionRequestor()

Categories

(Core :: DOM: Selection, defect, P3)

Sun
All
defect

Tracking

()

VERIFIED INVALID

People

(Reporter: bruce, Assigned: mcafee)

Details

Solaris 2.6, gcc 2.7.2.3, purify. GTK 1.2. Pull from around 2pm PST on Friday, March 12, 1999. UMR: Uninitialized memory read: * This is occurring while in: strlen [rtlib.o] nsSelectionMgr::SelectionRequestor(_GtkWidget*,_GtkSelectionData*) [nsSelectionMgr.cpp:252] nsSelectionMgr::SelectionRequestCB(_GtkWidget*,_GtkSelectionData*,unsigned int,unsigned int,void*) [nsSelectionMgr.cpp:233] gtk_marshal_NONE__POINTER_INT_INT [gtkmarshal.c:436] gtk_handlers_run [gtksignal.c:1909] gtk_signal_real_emit [gtksignal.c:1469] gtk_signal_emit_by_name [gtksignal.c:618] gtk_selection_invoke_handler [gtkselection.c:1450] gtk_selection_convert [gtkselection.c:639] nsSelectionMgr::PasteTextBlocking(nsString*) [nsSelectionMgr.cpp:291] nsBrowserWindow::DoPaste() [nsBrowserWindow.cpp:1989] nsBrowserWindow::DispatchMenuItem(int) [nsBrowserWindow.cpp:524] nsNativeBrowserWindow::DispatchMenuItem(int) [nsGTKMain.cpp:84] gtk_ifactory_cb(void*,unsigned int,_GtkWidget*) [nsGTKMenu.cpp:35] gtk_item_factory_callback_marshal [gtkitemfactory.c:274] gtk_marshal_NONE__NONE [gtkmarshal.c:363] gtk_handlers_run [gtksignal.c:1909] gtk_signal_real_emit [gtksignal.c:1469] gtk_signal_emit [gtksignal.c:552] gtk_widget_activate [gtkwidget.c:2810] gtk_menu_shell_activate_item [gtkmenushell.c:834] gtk_menu_shell_button_release [gtkmenushell.c:497] gtk_marshal_BOOL__POINTER [gtkmarshal.c:32] gtk_signal_real_emit [gtksignal.c:1484] gtk_signal_emit [gtksignal.c:552] gtk_widget_event [gtkwidget.c:2784] gtk_propagate_event [gtkmain.c:1295] gtk_main_do_event [gtkmain.c:752] gdk_event_dispatch [gdkevents.c:2086] g_main_dispatch [gmain.c:647] * Reading 6 bytes from 0x77cee0 in the heap (1 byte at 0x77cee5 uninit). * Address 0x77cee0 is at the beginning of a malloc'd block of 100 bytes. * This block was allocated from: malloc [rtlib.o] __bUiLtIn_nEw [libgcc.a] __builtin_new [rtlib.o] __bUiLtIn_vEc_nEw [libgcc.a] __builtin_vec_new [rtlib.o] default_alloc(unsigned int) [strstream.cc:36] _IO_str_overflow [strops.c:136] strstreambuf::overflow(int) [strstream.cc:66] __overflow [genops.c:162] _IO_default_xsputn [genops.c:351] streambuf::xsputn(const char*,int) [streambuf.cc:69] ostream::operator <<(const char*) [iostream.cc:649] nsHTMLContentSinkStream::AddLeaf(const nsIParserNode&,ostream&) [nsHTMLContentSinkStream.cpp:809] nsHTMLContentSinkStream::AddLeaf(const nsIParserNode&) [nsHTMLContentSinkStream.cpp:982] nsXIFDTD::AddLeaf(const nsIParserNode&) [nsXIFDTD.cpp:1431] nsXIFDTD::HandleTextToken(CToken*) [nsXIFDTD.cpp:589] XIFDispatchTokenHandler(CToken*,nsIDTD*) [nsXIFDTD.cpp:268] CTokenHandler::operator ()(CToken*,nsIDTD*) [nsTokenHandler.cpp:80] nsXIFDTD::HandleToken(CToken*,nsIParser*) [nsXIFDTD.cpp:504] nsXIFDTD::BuildModel(nsIParser*,nsITokenizer*,nsITokenObserver*,nsIContentSink*) [nsXIFDTD.cpp:444] nsParser::BuildModel() [nsParser.cpp:799] nsParser::ResumeParse(nsIDTD*) [nsParser.cpp:751] nsParser::Parse(nsString&,void*,const nsString&,int,int) [nsParser.cpp:719] PresShell::DoCopy(nsISelectionMgr*) [nsPresShell.cpp:1528] nsBrowserWindow::DoCopy() [nsBrowserWindow.cpp:1975] nsBrowserWindow::DispatchMenuItem(int) [nsBrowserWindow.cpp:520] nsNativeBrowserWindow::DispatchMenuItem(int) [nsGTKMain.cpp:84] gtk_ifactory_cb(void*,unsigned int,_GtkWidget*) [nsGTKMenu.cpp:35] gtk_item_factory_callback_marshal [gtkitemfactory.c:274] gtk_marshal_NONE__NONE [gtkmarshal.c:363]
Changed to M3
Assignee: mjudge → akkana
Changing to akkana: error happens in PasteTextBlocking. Akkana: please verify the problem and re-assign if the error is in gtk
Target Milestone: M3
Target Milestone: M3 → M4
Changing to M4
Status: NEW → ASSIGNED
Hmm, that's weird. We're getting str from mCopyStream->str(), which I wouldn't think would be uninitialized. One thing that's probably a good idea anyway might be to change if(str) on line 250 to if (str && str[0]) I can't check this in right now since it's not approved for M3, but I'll check it in after the M3 freeze is over and we can see if it helps the UMR.
Assignee: akkana → mcafee
Status: ASSIGNED → NEW
nsSelectionMgr is going away any minute now, and I think Chris has already moved the important code over to the new class. Reassigning to mcafee, who owns the new code -- Chris, I'd suggest adding the check I mentioned to your equivalent of the selection request callback, or if you'd prefer, point me at your code once it's in and I'll make the check.
Target Milestone: M4 → M5
moving to m5
Status: NEW → RESOLVED
Closed: 26 years ago
Resolution: --- → INVALID
code removed, this is now an invalid bug. QA should just close this.
Status: RESOLVED → VERIFIED
ok. marking VERIFIED
Per a request from Selection and Search component eng (mjudge) and qa (elig), moving all "Selection and Search" bugs to new "Selection" component. Original "Selection and Search" component will be retired.
You need to log in before you can comment on or make changes to this bug.