Closed Bug 3705 Opened 26 years ago Closed 26 years ago

Uninitialized memory read in nsParser::ResumeParser()

Categories

(Core :: DOM: HTML Parser, defect, P3)

defect

Tracking

()

VERIFIED FIXED

People

(Reporter: bruce, Assigned: rickg)

Details

Solaris 2.6, gcc 2.7.2.3, pull from 2pm PST on March 12, 1999. UMR: Uninitialized memory read: * This is occurring while in: nsParser::ResumeParse(nsIDTD*) [nsParser.cpp:754] nsParser::Parse(nsString&,void*,const nsString&,int,int) [nsParser.cpp:719] PresShell::DoCopy(nsISelectionMgr*) [nsPresShell.cpp:1528] nsBrowserWindow::DoCopy() [nsBrowserWindow.cpp:1975] nsBrowserWindow::DispatchMenuItem(int) [nsBrowserWindow.cpp:520] nsNativeBrowserWindow::DispatchMenuItem(int) [nsGTKMain.cpp:84] gtk_ifactory_cb(void*,unsigned int,_GtkWidget*) [nsGTKMenu.cpp:35] gtk_item_factory_callback_marshal [gtkitemfactory.c:274] gtk_marshal_NONE__NONE [gtkmarshal.c:363] gtk_handlers_run [gtksignal.c:1909] gtk_signal_real_emit [gtksignal.c:1469] gtk_signal_emit [gtksignal.c:552] gtk_widget_activate [gtkwidget.c:2810] gtk_menu_shell_activate_item [gtkmenushell.c:834] gtk_menu_shell_button_release [gtkmenushell.c:497] gtk_marshal_BOOL__POINTER [gtkmarshal.c:32] gtk_signal_real_emit [gtksignal.c:1484] gtk_signal_emit [gtksignal.c:552] gtk_widget_event [gtkwidget.c:2784] gtk_propagate_event [gtkmain.c:1295] gtk_main_do_event [gtkmain.c:752] gdk_event_dispatch [gdkevents.c:2086] g_main_dispatch [gmain.c:647] g_main_iterate [gmain.c:854] g_main_run [gmain.c:912] gtk_main [gtkmain.c:475] nsAppShell::Run() [nsAppShell.cpp:152] nsNativeViewerApp::Run() [nsGTKMain.cpp:42] main [nsGTKMain.cpp:97] _start [crt1.o] * Reading 4 bytes from 0x773898 in the heap. * Address 0x773898 is 56 bytes into a malloc'd block at 0x773860 of 80 bytes. * This block was allocated from: malloc [rtlib.o] __bUiLtIn_nEw [libgcc.a] __builtin_new [rtlib.o] nsParserFactory::CreateInstance(nsISupports*,const nsID&,void**) [nsParserFactory.cpp:124] nsComponentManagerImpl::CreateInstance(const nsID&,nsISupports*,const nsID&,void**) [nsComponentManager.cpp:1123] nsComponentManager::CreateInstance(const nsID&,nsISupports*,const nsID&,void**) [nsRepository.cpp:67] PresShell::DoCopy(nsISelectionMgr*) [nsPresShell.cpp:1496] nsBrowserWindow::DoCopy() [nsBrowserWindow.cpp:1975] nsBrowserWindow::DispatchMenuItem(int) [nsBrowserWindow.cpp:520] nsNativeBrowserWindow::DispatchMenuItem(int) [nsGTKMain.cpp:84] gtk_ifactory_cb(void*,unsigned int,_GtkWidget*) [nsGTKMenu.cpp:35] gtk_item_factory_callback_marshal [gtkitemfactory.c:274] gtk_marshal_NONE__NONE [gtkmarshal.c:363] gtk_handlers_run [gtksignal.c:1909] gtk_signal_real_emit [gtksignal.c:1469] gtk_signal_emit [gtksignal.c:552] gtk_widget_activate [gtkwidget.c:2810] gtk_menu_shell_activate_item [gtkmenushell.c:834] gtk_menu_shell_button_release [gtkmenushell.c:497] gtk_marshal_BOOL__POINTER [gtkmarshal.c:32] gtk_signal_real_emit [gtksignal.c:1484] gtk_signal_emit [gtksignal.c:552] gtk_widget_event [gtkwidget.c:2784] gtk_propagate_event [gtkmain.c:1295] gtk_main_do_event [gtkmain.c:752] gdk_event_dispatch [gdkevents.c:2086] g_main_dispatch [gmain.c:647] g_main_iterate [gmain.c:854] g_main_run [gmain.c:912] gtk_main [gtkmain.c:475]
I posted another stack trace and a possible fix for this in netscape.public.mozilla.patches (and emailed to owners/peers of the htmlparser).
Status: NEW → ASSIGNED
Status: ASSIGNED → RESOLVED
Closed: 26 years ago
Resolution: --- → FIXED
Fixed by simply initializing the variable. No risk.
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.