Closed
Bug 162417
Opened 23 years ago
Closed 22 years ago
JSContext::CallEventHandler does not always set aBoolResult
Categories
(Core :: DOM: Events, defect, P2)
Core
DOM: Events
Tracking
()
RESOLVED
DUPLICATE
of bug 217562
People
(Reporter: ajschult784, Assigned: jst)
Details
Valgrind complains about this:
http://lxr.mozilla.org/mozilla/source/dom/src/base/nsJSEnvironment.cpp#1003
JSContext::CallEventHandler is expected to set aBoolResult or return failure.
Looking at the code, this will not happen if:
1. it gets to securityManager->CheckFunctionAccess, but that does not succeed
2. stack->Pop(nsnull) does not fail
what I did to trigger this was:
mozilla about:blank
and selected a profile.
Valgrind stated that jsBoolResult was used uninitialized here:
http://lxr.mozilla.org/mozilla/source/dom/src/events/nsJSEventListener.cpp#192
Comment 1•23 years ago
|
||
This is a code level bug, not sure if it is still present, and not sure how
important this is. CCing developers.
![]() |
||
Comment 2•23 years ago
|
||
Looks pretty important to me.. shouldn't we throw a security exception if
CheckFunctionAccess() throws one??
At the very least the existing code will lead to unpredictable results in the
case when the CheckFunctionAccess() fails....
Assignee: joki → jst
Updated•23 years ago
|
Priority: -- → P2
Comment 3•22 years ago
|
||
*** This bug has been marked as a duplicate of 217562 ***
Status: NEW → RESOLVED
Closed: 22 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•