Closed
Bug 162417
Opened 22 years ago
Closed 21 years ago
JSContext::CallEventHandler does not always set aBoolResult
Categories
(Core :: DOM: Events, defect, P2)
Core
DOM: Events
Tracking
()
RESOLVED
DUPLICATE
of bug 217562
People
(Reporter: ajschult784, Assigned: jst)
Details
Valgrind complains about this: http://lxr.mozilla.org/mozilla/source/dom/src/base/nsJSEnvironment.cpp#1003 JSContext::CallEventHandler is expected to set aBoolResult or return failure. Looking at the code, this will not happen if: 1. it gets to securityManager->CheckFunctionAccess, but that does not succeed 2. stack->Pop(nsnull) does not fail what I did to trigger this was: mozilla about:blank and selected a profile. Valgrind stated that jsBoolResult was used uninitialized here: http://lxr.mozilla.org/mozilla/source/dom/src/events/nsJSEventListener.cpp#192
|
||
Comment 1•22 years ago
|
||
This is a code level bug, not sure if it is still present, and not sure how important this is. CCing developers.
|
||
Comment 2•22 years ago
|
||
Looks pretty important to me.. shouldn't we throw a security exception if CheckFunctionAccess() throws one?? At the very least the existing code will lead to unpredictable results in the case when the CheckFunctionAccess() fails....
Assignee: joki → jst
|
|
||
Updated•22 years ago
|
Priority: -- → P2
|
||
Comment 3•21 years ago
|
||
*** This bug has been marked as a duplicate of 217562 ***
Status: NEW → RESOLVED
Closed: 21 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•