Closed Bug 4836 Opened 26 years ago Closed 26 years ago

UMR: nsBlockFrame::ComputeLineMaxElementSize()

Categories

(Core :: Layout, defect, P1)

Sun
Solaris
defect

Tracking

()

VERIFIED FIXED

People

(Reporter: bruce, Assigned: buster)

References

()

Details

Pull/build from April 8, 1999. Solaris 2.6, gcc 2.7.2.3, Purify. Going to the given URL will cause this to happen many many times. Might be related to bug #1431. cc'ing karnaze as he owns bug #1431. **** Purify instrumented ./apprunner.pure (pid 10892) **** UMR: Uninitialized memory read (15 times): * This is occurring while in: nsBlockFrame::ComputeLineMaxElementSize(nsBlockReflowState&,nsLineBox*,nsSize*) [nsBlockFrame.cpp:3290] nsBlockFrame::ReflowBlockFrame(nsBlockReflowState&,nsLineBox*,int*) [nsBlockFrame.cpp:2617] nsBlockFrame::ReflowLine(nsBlockReflowState&,nsLineBox*,int*) [nsBlockFrame.cpp:1961] nsBlockFrame::ReflowDirtyLines(nsBlockReflowState&) [nsBlockFrame.cpp:1769] nsBlockFrame::Reflow(nsIPresContext&,nsHTMLReflowMetrics&,const nsHTMLReflowState&,unsigned int&) [nsBlockFrame.cpp:1206] nsBlockReflowContext::ReflowBlock(nsIFrame*,const nsRect&,int,int,int,nsMargin&,unsigned int&) [nsBlockReflowContext.cpp:225] nsBlockFrame::ReflowBlockFrame(nsBlockReflowState&,nsLineBox*,int*) [nsBlockFrame.cpp:2527] nsBlockFrame::ReflowLine(nsBlockReflowState&,nsLineBox*,int*) [nsBlockFrame.cpp:1961] nsBlockFrame::ReflowDirtyLines(nsBlockReflowState&) [nsBlockFrame.cpp:1769] nsBlockFrame::Reflow(nsIPresContext&,nsHTMLReflowMetrics&,const nsHTMLReflowState&,unsigned int&) [nsBlockFrame.cpp:1206] nsBlockReflowContext::ReflowBlock(nsIFrame*,const nsRect&,int,int,int,nsMargin&,unsigned int&) [nsBlockReflowContext.cpp:225] nsBlockFrame::ReflowBlockFrame(nsBlockReflowState&,nsLineBox*,int*) [nsBlockFrame.cpp:2527] nsBlockFrame::ReflowLine(nsBlockReflowState&,nsLineBox*,int*) [nsBlockFrame.cpp:1961] nsBlockFrame::ReflowDirtyLines(nsBlockReflowState&) [nsBlockFrame.cpp:1769] nsBlockFrame::Reflow(nsIPresContext&,nsHTMLReflowMetrics&,const nsHTMLReflowState&,unsigned int&) [nsBlockFrame.cpp:1206] nsAreaFrame::Reflow(nsIPresContext&,nsHTMLReflowMetrics&,const nsHTMLReflowState&,unsigned int&) [nsAreaFrame.cpp:465] nsContainerFrame::ReflowChild(nsIFrame*,nsIPresContext&,nsHTMLReflowMetrics&,con st nsHTMLReflowState&,unsigned int&) [nsContainerFrame.cpp:388] RootFrame::Reflow(nsIPresContext&,nsHTMLReflowMetrics&,const nsHTMLReflowState&,unsigned int&) [nsHTMLFrame.cpp:231] nsContainerFrame::ReflowChild(nsIFrame*,nsIPresContext&,nsHTMLReflowMetrics&,con st nsHTMLReflowState&,unsigned int&) [nsContainerFrame.cpp:388] ViewportFrame::Reflow(nsIPresContext&,nsHTMLReflowMetrics&,const nsHTMLReflowState&,unsigned int&) [nsViewportFrame.cpp:432] nsHTMLReflowCommand::Dispatch(nsIPresContext&,nsHTMLReflowMetrics&,const nsSize&,nsIRenderingContext&) [nsHTMLReflowCommand.cpp:165] PresShell::ProcessReflowCommands() [nsPresShell.cpp:1242] PresShell::ExitReflowLock() [nsPresShell.cpp:668] PresShell::ContentAppended(nsIDocument*,nsIContent*,int) [nsPresShell.cpp:1748] nsDocument::ContentAppended(nsIContent*,int) [nsDocument.cpp:1456] nsHTMLDocument::ContentAppended(nsIContent*,int) [nsHTMLDocument.cpp:631] HTMLContentSink::DidBuildModel(int) [nsHTMLContentSink.cpp:1536] CNavDTD::DidBuildModel(unsigned int,int,nsIParser*,nsIContentSink*) [CNavDTD.cpp:577] nsParser::DidBuildModel(unsigned int) [nsParser.cpp:447] nsParser::ResumeParse(nsIDTD*) [nsParser.cpp:803] * Reading 4 bytes from 0xefff6850 on the stack. * Address 0xefff6850 is 240 bytes below frame pointer in function nsBlockFrame::ReflowBlockFrame(nsBlockReflowState&,nsLineBox*,int*). This happens because nsBlockFrame::ReflowBlockFrame() is passing it &maxElementSize, which is calculates from the nsBlockReflowContext.GetMaxElementSize(). the 'mMaxElementSize' value on nsBlockReflowContext is never initialized at all that I can see.
Assignee: troy → kipp
Severity: normal → critical
Status: NEW → ASSIGNED
Priority: P3 → P1
Status: ASSIGNED → RESOLVED
Closed: 26 years ago
Resolution: --- → FIXED
Fixed as of now.
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.