Closed Bug 433528 Opened 16 years ago Closed 13 years ago

Null pointer dereference in failure cases under _newJSDContext

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED INCOMPLETE

People

(Reporter: timeless, Unassigned)

References

(
URL
)

Details

(Keywords: crash) 

assume this succeeds:
125                 if( ! jsd_CreateAtomTable(jsdc) )
assume this fails:
128 jband  3.2      if( ! jsd_InitObjectManager(jsdc) )
129                     goto label_newJSDContext_failure;
158 jband  3.2  label_newJSDContext_failure:
159 timeless 3.13     if( jsdc ) {
160                       jsd_DestroyObjectManager(jsdc);

http://bonsai.mozilla.org/cvsblame.cgi?file=/mozilla/js/jsd/jsd_obj.c&mark=233,245&rev=3.8#228
basically the alloc fails and we'll call

240            jsd_DestroyObjectManager(JSDContext* jsdc)
245                JS_HashTableDestroy(jsdc->objectsTable);

which should be unhappy.

ryan: this isn't your fault, but wanna work on it anyway? :)
Assignee: rflint → nobody
Component: Venkman JS Debugger → JavaScript Debugging APIs
Product: Other Applications → Core
QA Contact: venkman → jsd
Component: JavaScript Debugging/Profiling APIs → JavaScript Engine
Closing JSD bugs in anticipation of obsolescence.
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.