Closed Bug 162417 Opened 23 years ago Closed 22 years ago

JSContext::CallEventHandler does not always set aBoolResult

Categories

(Core :: DOM: Events, defect, P2)

Product:
Core
Component:
DOM: Events
Type:
defect

Tracking

()

Status:
RESOLVED DUPLICATE of bug 217562

People

(Reporter: ajschult784, Assigned: jst)

Details

Valgrind complains about this: http://lxr.mozilla.org/mozilla/source/dom/src/base/nsJSEnvironment.cpp#1003 JSContext::CallEventHandler is expected to set aBoolResult or return failure. Looking at the code, this will not happen if: 1. it gets to securityManager->CheckFunctionAccess, but that does not succeed 2. stack->Pop(nsnull) does not fail what I did to trigger this was: mozilla about:blank and selected a profile. Valgrind stated that jsBoolResult was used uninitialized here: http://lxr.mozilla.org/mozilla/source/dom/src/events/nsJSEventListener.cpp#192
This is a code level bug, not sure if it is still present, and not sure how important this is. CCing developers.
Looks pretty important to me.. shouldn't we throw a security exception if CheckFunctionAccess() throws one?? At the very least the existing code will lead to unpredictable results in the case when the CheckFunctionAccess() fails....
Assignee: joki → jst
Priority: -- → P2
*** This bug has been marked as a duplicate of 217562 ***
Status: NEW → RESOLVED
Closed: 22 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.