Closed Bug 1025170 Opened 6 years ago Closed 6 years ago
Selection::Modify fails to return with unimplemented cases
This method does an aRv.Throw(NS_ERROR_NOT_IMPLEMENTED), but then does not return. Coverity points out that this means that |amount| and |keycode| are used uninitialized, but presumably all sorts of other badness might be in play here. regression from bug 949445: 1.1702 - return NS_ERROR_NOT_IMPLEMENTED; 1.1703 + aRv.Throw(NS_ERROR_NOT_IMPLEMENTED); 1.1704 }
Whiteboard: [CID 1221242] → [CID 1221242][CID 1221243]
Well, I can just fix this silly thing. But if you have an opinion of what sec rating this should get, it would be appreciated.
Assignee: nobody → continuation
Attachment #8440146 - Flags: review?(bzbarsky)
Looking at nsFrameSelection::MoveCaret, it seems like an uninitialized aKeycode should cause us to return here <http://mxr.mozilla.org/mozilla-central/source/layout/generic/nsSelection.cpp#895> and aAmount is used after this point, so I don't think this is security sensitive at all.
Comment on attachment 8440146 [details] [diff] [review] Selection::Modify should return on failure. r=me, fwiw
It sounds like this isn't really worth backporting then.
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla33
You need to log in before you can comment on or make changes to this bug.