Closed Bug 1025170 Opened 6 years ago Closed 6 years ago

Selection::Modify fails to return with unimplemented cases

Categories

(Core :: DOM: Selection, defect)

defect
Not set

Tracking

()

RESOLVED FIXED
mozilla33
Tracking Status
firefox30 --- affected
firefox31 --- affected
firefox32 --- affected
firefox33 --- affected
firefox-esr24 --- unaffected

People

(Reporter: mccr8, Assigned: mccr8)

References

(Blocks 1 open bug)

Details

(Keywords: coverity, csectype-uninitialized, Whiteboard: [CID 1221242][CID 1221243])

Attachments

(1 file)

This method does an aRv.Throw(NS_ERROR_NOT_IMPLEMENTED), but then does not return.  Coverity points out that this means that |amount| and |keycode| are used uninitialized, but presumably all sorts of other badness might be in play here.

regression from bug 949445:
  1.1702 -    return NS_ERROR_NOT_IMPLEMENTED;
  1.1703 +    aRv.Throw(NS_ERROR_NOT_IMPLEMENTED);
  1.1704    }
Whiteboard: [CID 1221242] → [CID 1221242][CID 1221243]
Flags: needinfo?(ehsan)
Well, I can just fix this silly thing.  But if you have an opinion of what sec rating this should get, it would be appreciated.
Assignee: nobody → continuation
Flags: needinfo?(ehsan)
Attachment #8440146 - Flags: review?(bzbarsky) → review+
Looking at nsFrameSelection::MoveCaret, it seems like an uninitialized aKeycode should cause us to return here <http://mxr.mozilla.org/mozilla-central/source/layout/generic/nsSelection.cpp#895> and aAmount is used after this point, so I don't think this is security sensitive at all.
Comment on attachment 8440146 [details] [diff] [review]
Selection::Modify should return on failure.

r=me, fwiw
It sounds like this isn't really worth backporting then.
https://hg.mozilla.org/mozilla-central/rev/82418d47c497
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla33
You need to log in before you can comment on or make changes to this bug.