Closed Bug 3774 Opened 26 years ago Closed 25 years ago

UMR: nsSelectControlFrame::GetNamesValues()

Categories

(Core :: DOM: Core & HTML, defect, P3)

Sun
Solaris
defect

Tracking

()

VERIFIED WONTFIX

People

(Reporter: bruce, Assigned: pollmann)

Details

GTK 1.2.0, Solaris 2.6, gcc 2.7.2.3, pull from March 14, 1999. Go to demo/sample 8 and submit. **** Purify instrumented ./viewer.pure (pid 27448) **** UMR: Uninitialized memory read: * This is occurring while in: nsSelectControlFrame::GetNamesValues(int,int&,nsString*,nsString*) [nsSelectControlFrame.cpp:662] nsFormFrame::ProcessAsURLEncoded(int,nsString&,nsIFormControlFrame*) [nsFormFrame.cpp:798] nsFormFrame::OnSubmit(nsIPresContext*,nsIFrame*) [nsFormFrame.cpp:555] nsButtonControlFrame::MouseClicked(nsIPresContext*) [nsButtonControlFrame.cpp:335] nsButtonControlFrame::HandleEvent(nsIPresContext&,nsGUIEvent*,nsEventStatus&) [nsButtonControlFrame.cpp:514] PresShell::HandleEvent(nsIView*,nsGUIEvent*,nsEventStatus&) [nsPresShell.cpp:1930] nsView::HandleEvent(nsGUIEvent*,unsigned int,nsEventStatus&) [nsView.cpp:824] nsViewManager::DispatchEvent(nsGUIEvent*,nsEventStatus&) [nsViewManager.cpp:1707] HandleEvent(nsGUIEvent*) [nsView.cpp:63] nsWidget::DispatchEvent(nsGUIEvent*,nsEventStatus&) [nsWidget.cpp:817] nsWidget::DispatchWindowEvent(nsGUIEvent*) [nsWidget.cpp:777] nsWidget::DispatchMouseEvent(nsMouseEvent&) [nsWidget.cpp:843] handle_button_release_event(_GtkWidget*,_GdkEventButton*,void*) [nsGtkEventHandler.cpp:590] gtk_marshal_BOOL__POINTER [gtkmarshal.c:32] gtk_handlers_run [gtksignal.c:1909] gtk_signal_real_emit [gtksignal.c:1469] gtk_signal_emit [gtksignal.c:552] gtk_widget_event [gtkwidget.c:2784] gtk_propagate_event [gtkmain.c:1295] gtk_main_do_event [gtkmain.c:752] gdk_event_dispatch [gdkevents.c:2086] g_main_dispatch [gmain.c:647] g_main_iterate [gmain.c:854] g_main_run [gmain.c:912] gtk_main [gtkmain.c:475] nsAppShell::Run() [nsAppShell.cpp:152] nsNativeViewerApp::Run() [nsGTKMain.cpp:42] main [nsGTKMain.cpp:97] _start [crt1.o] * Reading 4 bytes from 0x761090 in the heap. * Address 0x761090 is at the beginning of a malloc'd block of 4 bytes. * This block was allocated from: *unknown func* [pc=0x2] __bUiLtIn_nEw [libgcc.a] __builtin_new [rtlib.o] __bUiLtIn_vEc_nEw [libgcc.a] __builtin_vec_new [rtlib.o] nsSelectControlFrame::GetNamesValues(int,int&,nsString*,nsString*) [nsSelectControlFrame.cpp:657] nsFormFrame::ProcessAsURLEncoded(int,nsString&,nsIFormControlFrame*) [nsFormFrame.cpp:798] nsFormFrame::OnSubmit(nsIPresContext*,nsIFrame*) [nsFormFrame.cpp:555] nsButtonControlFrame::MouseClicked(nsIPresContext*) [nsButtonControlFrame.cpp:335] nsButtonControlFrame::HandleEvent(nsIPresContext&,nsGUIEvent*,nsEventStatus&) [nsButtonControlFrame.cpp:514] PresShell::HandleEvent(nsIView*,nsGUIEvent*,nsEventStatus&) [nsPresShell.cpp:1930] nsView::HandleEvent(nsGUIEvent*,unsigned int,nsEventStatus&) [nsView.cpp:824] nsViewManager::DispatchEvent(nsGUIEvent*,nsEventStatus&) [nsViewManager.cpp:1707] HandleEvent(nsGUIEvent*) [nsView.cpp:63] nsWidget::DispatchEvent(nsGUIEvent*,nsEventStatus&) [nsWidget.cpp:817] nsWidget::DispatchWindowEvent(nsGUIEvent*) [nsWidget.cpp:777] nsWidget::DispatchMouseEvent(nsMouseEvent&) [nsWidget.cpp:843] handle_button_release_event(_GtkWidget*,_GdkEventButton*,void*) [nsGtkEventHandler.cpp:590] gtk_marshal_BOOL__POINTER [gtkmarshal.c:32] gtk_handlers_run [gtksignal.c:1909] gtk_signal_real_emit [gtksignal.c:1469] gtk_signal_emit [gtksignal.c:552] gtk_widget_event [gtkwidget.c:2784] gtk_propagate_event [gtkmain.c:1295] gtk_main_do_event [gtkmain.c:752] gdk_event_dispatch [gdkevents.c:2086] g_main_dispatch [gmain.c:647] g_main_iterate [gmain.c:854] g_main_run [gmain.c:912] gtk_main [gtkmain.c:475]
Looking in nsSelectControlFrame::GetNamesValues() and being somewhat ignorant of how some of this code works, it seems odd that it checks for if (numSelections >= 0). If there are no selections, listBox->GetSelectedIndices() will not have put any data into the 'selections' variable (since there weren't any), and so when we go and iterate through it, boom. UMR. Unless I'm missing something?
Assignee: karnaze → pollmann
I believe you are correct. (This should read "numSelection > 0", no?) I'll try to get this checked in ASAP!
Target Milestone: M7
Status: NEW → ASSIGNED
I'm arbitrarily declaring M8 my UMR/MLK milestone. :)
I still haven't got Purify working on Solaris, and won't receive Purify for NT for a few weeks. Marking these M10
After careful consideration, I've decided that I probably won't get this bug in for M12. Currently I have nearly 50 bugs scheduled for M13, so there is a possibility that this bug may need to be moved out farther still.
QA Contact update.
Target Milestone: M13 → M14
Triaged to M14
Moving off to M16 - please speak up of you need this for M14, thanks!
Target Milestone: M14 → M16
Rescheduling (*sigh*) Some of these are from M4. I wonder if they are all still valid?
Target Milestone: M16 → M17
nsSelectControlFrame (which used native widgets) is no longer compiled as part of Mozilla. Removing this bug as it is undoubtedly out of date.
Status: ASSIGNED → RESOLVED
Closed: 25 years ago
Resolution: --- → WONTFIX
Updating QA contact.
QA Contact: ckritzer → vladimire
Verifying Wontfix
Status: RESOLVED → VERIFIED
Component: HTML: Form Submission → DOM: Core & HTML
You need to log in before you can comment on or make changes to this bug.