Closed Bug 1275184 Opened 3 years ago Closed 3 years ago

Uninitialised value use in nsDocShellTreeOwner::HandleEvent

Categories

(Core :: Document Navigation, defect)

defect
Not set

Tracking

()

RESOLVED FIXED
mozilla49
Tracking Status
firefox49 --- fixed

People

(Reporter: jseward, Unassigned)

Details

Attachments

(2 files, 1 obsolete file)

Valgrind complains about this fragment in nsDocShellTreeOwner::HandleEvent:

      bool canDropLink;
      handler->CanDropLink(dragEvent, false, &canDropLink);
      if (canDropLink) {
        aEvent->PreventDefault();
      }

It seems that |handler->CanDropLink| can return without writing any value
into |canDropLink|.  A bit of grepping for the possible call target produces
this, in <objdir>/dist/include/nsIDroppedLinkHandler.h as the only call
target, so perhaps this is not surprising:

/* boolean canDropLink (in nsIDOMDragEvent aEvent, in boolean aAllowSameDocument); */
NS_IMETHODIMP nsDroppedLinkHandler::CanDropLink(nsIDOMDragEvent *aEvent,
                                bool aAllowSameDocument, bool *_retval)
{
    return NS_ERROR_NOT_IMPLEMENTED;
}

Maybe the call in nsDocShellTreeOwner::HandleEvent should check the return
value before looking at |canDropLink| ?

STR:

DISPLAY=:1.0 ./mach mochitest -f plain --keep-open=no \
  --valgrind=/home/sewardj/VgTRUNK/asert/Inst/bin/valgrind \
  --valgrind-args=--show-mismatched-frees=no,--track-origins=yes \
  dom/events/test/test_bug1264380.html  2>&1 | tee spew-29-05-mc
Attached file valgrind complaint
Attached patch bug1275184-1.cset (obsolete) — Splinter Review
A possible fix.
That code ends up calling JS implemented nsIDroppedLinkHandler.
http://mxr.mozilla.org/mozilla-central/source/dom/base/contentAreaDropListener.js#93
Attachment #8755728 - Attachment is obsolete: true
Attachment #8755874 - Flags: review?(bugs)
Attachment #8755874 - Flags: review?(bugs) → review+
https://hg.mozilla.org/mozilla-central/rev/83a0dff3856c
Status: NEW → RESOLVED
Closed: 3 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla49
You need to log in before you can comment on or make changes to this bug.