Closed Bug 4796 Opened 26 years ago Closed 25 years ago

UMR: nsEditor::JoinNodesImpl()

Categories

(Core :: DOM: Editor, defect, P3)

Sun
Solaris
defect

Tracking

()

VERIFIED FIXED

People

(Reporter: bruce, Assigned: kinmoz)

Details

Pull/build from April 8, 1999. Solaris 2.6, Purify, gcc 2.7.2.3. Launch apprunner, pull up editor, i selected some text, made it bold, italics, etc. each undo thereafter (not sure about the very first undo, maybe each after the first undo) caused this UMR. **** Purify instrumented ./apprunner.pure (pid 16118) **** UMR: Uninitialized memory read (3 times): * This is occurring while in: nsEditor::JoinNodesImpl(nsIDOMNode*,nsIDOMNode*,nsIDOMNode*,int) [nsEditor.cpp:1998] SplitElementTxn::Undo() [SplitElementTxn.cpp:112] nsTransactionItem::Undo() [nsTransactionItem.cpp:125] nsTransactionItem::UndoChildren() [nsTransactionItem.cpp:168] nsTransactionItem::Undo() [nsTransactionItem.cpp:109] nsTransactionManager::Undo() [nsTransactionManager.cpp:145] nsEditor::Undo(unsigned int) [nsEditor.cpp:721] nsTextEditor::Undo(unsigned int) [nsTextEditor.cpp:728] nsHTMLEditor::Undo(unsigned int) [nsHTMLEditor.cpp:224] nsEditorAppCore::Undo() [nsEditorAppCore.cpp:712] EditorAppCoreUndo(JSContext*,JSObject*,unsigned int,long*,long*) [nsJSEditorAppCore.cpp:338] js_Invoke [jsinterp.c:650] js_Interpret [jsinterp.c:2183] js_Invoke [jsinterp.c:666] js_Interpret [jsinterp.c:2183] js_Invoke [jsinterp.c:666] js_CallFunctionValue [jsinterp.c:735] JS_CallFunctionValue [jsapi.c:2369] nsJSEventListener::HandleEvent(nsIDOMEvent*) [nsJSEventListener.cpp:93] nsEventListenerManager::HandleEvent(nsIPresContext&,nsEvent*,nsIDOMEvent**,unsig ned int,nsEventStatus&) [nsEventListenerManager.cpp:555] RDFElementImpl::HandleDOMEvent(nsIPresContext&,nsEvent*,nsIDOMEvent**,unsigned int,nsEventStatus&) [nsRDFElement.cpp:2200] nsXULCommand::DoCommand() [nsXULCommand.cpp:174] nsXULCommand::MenuSelected(const nsMenuEvent&) [nsXULCommand.cpp:205] nsMenuItem::MenuSelected(const nsMenuEvent&) [nsMenuItem.cpp:327] menu_item_activate_handler(_GtkWidget*,void*) [nsGtkEventHandler.cpp:625] gtk_marshal_NONE__NONE [gtkmarshal.c:363] gtk_handlers_run [gtksignal.c:1909] gtk_signal_real_emit [gtksignal.c:1469] gtk_signal_emit [gtksignal.c:552] gtk_widget_activate [gtkwidget.c:2810] * Reading 4 bytes from 0xefffcc14 on the stack. * Address 0xefffcc14 is local variable "result" in function nsEditor::JoinNodesImpl(nsIDOMNode*,nsIDOMNode*,nsIDOMNode*,int).
Status: NEW → ASSIGNED
Target Milestone: M6
Set milestone to M6, I'll be running purify and fixing all UMRs that come up in the editor. This is pretty easy to fix ... looks like the variable result might be used before it is initialized.
I have a fix for this. I'll check it in when the tree opens.
Status: ASSIGNED → RESOLVED
Closed: 25 years ago
Resolution: --- → FIXED
Checked in fix to nsEditor.cpp (revision 1.90).
Status: RESOLVED → VERIFIED
Looks good!
You need to log in before you can comment on or make changes to this bug.