Closed
Bug 1275184
Opened 8 years ago
Closed 8 years ago
Uninitialised value use in nsDocShellTreeOwner::HandleEvent
Categories
(Core :: DOM: Navigation, defect)
Core
DOM: Navigation
Tracking
()
RESOLVED
FIXED
mozilla49
Tracking | Status | |
---|---|---|
firefox49 | --- | fixed |
People
(Reporter: jseward, Unassigned)
Details
Attachments
(2 files, 1 obsolete file)
2.51 KB,
text/plain
|
Details | |
1.08 KB,
patch
|
smaug
:
review+
|
Details | Diff | Splinter Review |
Valgrind complains about this fragment in nsDocShellTreeOwner::HandleEvent: bool canDropLink; handler->CanDropLink(dragEvent, false, &canDropLink); if (canDropLink) { aEvent->PreventDefault(); } It seems that |handler->CanDropLink| can return without writing any value into |canDropLink|. A bit of grepping for the possible call target produces this, in <objdir>/dist/include/nsIDroppedLinkHandler.h as the only call target, so perhaps this is not surprising: /* boolean canDropLink (in nsIDOMDragEvent aEvent, in boolean aAllowSameDocument); */ NS_IMETHODIMP nsDroppedLinkHandler::CanDropLink(nsIDOMDragEvent *aEvent, bool aAllowSameDocument, bool *_retval) { return NS_ERROR_NOT_IMPLEMENTED; } Maybe the call in nsDocShellTreeOwner::HandleEvent should check the return value before looking at |canDropLink| ? STR: DISPLAY=:1.0 ./mach mochitest -f plain --keep-open=no \ --valgrind=/home/sewardj/VgTRUNK/asert/Inst/bin/valgrind \ --valgrind-args=--show-mismatched-frees=no,--track-origins=yes \ dom/events/test/test_bug1264380.html 2>&1 | tee spew-29-05-mc
Reporter | ||
Comment 1•8 years ago
|
||
Reporter | ||
Comment 2•8 years ago
|
||
A possible fix.
Comment 3•8 years ago
|
||
That code ends up calling JS implemented nsIDroppedLinkHandler. http://mxr.mozilla.org/mozilla-central/source/dom/base/contentAreaDropListener.js#93
Reporter | ||
Comment 4•8 years ago
|
||
Attachment #8755728 -
Attachment is obsolete: true
Reporter | ||
Updated•8 years ago
|
Attachment #8755874 -
Flags: review?(bugs)
Updated•8 years ago
|
Attachment #8755874 -
Flags: review?(bugs) → review+
Comment 6•8 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/83a0dff3856c
Status: NEW → RESOLVED
Closed: 8 years ago
status-firefox49:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla49
You need to log in
before you can comment on or make changes to this bug.
Description
•