Closed
Bug 1096329
Opened 10 years ago
Closed 10 years ago
unchecked call to ToJSValue without checking the result
Categories
(DevTools :: Performance Tools (Profiler/Timeline), defect)
DevTools
Performance Tools (Profiler/Timeline)
Tracking
(firefox35+ wontfix, firefox36+ fixed)
RESOLVED
FIXED
Firefox 36
People
(Reporter: tromey, Assigned: tromey)
References
Details
Attachments
(1 file, 2 obsolete files)
|
995 bytes,
patch
|
Details | Diff | Splinter Review |
nsDocShell::PopProfileTimelineMarkers calls ToJSValue without
checking the result. This is a no-no.
See bug 1095728.
|
||
Comment 1•10 years ago
|
||
[Tracking Requested - why for this release]:
|
Assignee | |
Comment 2•10 years ago
|
||
I could not think of a reasonable way to write a test for this, so
tested just by rebuilding.
|
|
Assignee | |
Updated•10 years ago
|
Attachment #8519957 -
Flags: review?(bugs)
|
||
Comment 3•10 years ago
|
||
Comment on attachment 8519957 [details] [diff] [review]
check ToJSValue result in PopProfileTimelineMarkers
Always {} with 'if', and I would return an error value if ToJSValue fails.
But it is not too clear whether ClearProfileTimelineMarkers() and
mProfileTimelineMarkers.SwapElements(keptMarkers); should be called in that case.
Probably yes.
Attachment #8519957 -
Flags: review?(bugs) → review-
|
|
Assignee | |
Comment 4•10 years ago
|
||
Here's an updated version that returns an error and still arranges to
clear the markers, etc.
Attachment #8519957 -
Attachment is obsolete: true
|
|
Assignee | |
Updated•10 years ago
|
Attachment #8520754 -
Flags: review?(bugs)
|
|
||
Comment 5•10 years ago
|
||
Comment on attachment 8520754 [details] [diff] [review]
check ToJSValue result in PopProfileTimelineMarkers
And still keep the JS_ClearException thing inside the if.
I think that would give the sanest behavior, given that this xpidl method.
Attachment #8520754 -
Flags: review?(bugs) → review+
|
|
Assignee | |
Comment 6•10 years ago
|
||
Third time's the charm. Carrying over the r+ & marking for checkin.
|
|
Assignee | |
Updated•10 years ago
|
Attachment #8520754 -
Attachment is obsolete: true
|
|
Assignee | |
Updated•10 years ago
|
Keywords: checkin-needed
|
||
Updated•10 years ago
|
status-firefox35:
--- → affected
status-firefox36:
--- → affected
|
||
Comment 7•10 years ago
|
||
Hi, could you provide a try link ? Thanks!
Flags: needinfo?(ttromey)
Keywords: checkin-needed
|
|
Assignee | |
Comment 8•10 years ago
|
||
|
|
Assignee | |
Comment 9•10 years ago
|
||
(In reply to Carsten Book [:Tomcat] from comment #7)
> Hi, could you provide a try link ? Thanks!
Sorry about that. I will learn, I promise!
I've started it now.
Flags: needinfo?(ttromey)
|
|
Assignee | |
Comment 10•10 years ago
|
||
It's done now and the results look reasonable to me.
Keywords: checkin-needed
|
||
Comment 11•10 years ago
|
||
Keywords: checkin-needed
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Target Milestone: --- → Firefox 36
|
|
||
Comment 13•10 years ago
|
||
Please nominate for beta uplift approval consideration if low risk. We'd need to take this in Monday Dec 22 beta otherwise it will have to wait and ship with FF36.
Flags: needinfo?(ttromey)
|
|
Assignee | |
Comment 14•10 years ago
|
||
I think this probably isn't important enough to nominate.
Also I think the ToJSValue issue can probably only occur on out-of-memory,
so neither the original code nor the patched code paths are readily
testable.
Flags: needinfo?(ttromey)
|
|
||
Updated•10 years ago
|
|
||
Comment 15•10 years ago
|
||
Sorry for the spam. Moving bugs to Firefox :: Developer Tools: Performance Tools (Profiler/Timeline).
dkl
Component: Developer Tools: Timeline → Developer Tools: Performance Tools (Profiler/Timeline)
|
||
Updated•6 years ago
|
Product: Firefox → DevTools
You need to log in
before you can comment on or make changes to this bug.
Description
•