If you think a bug might affect users in the 57 release, please set the correct tracking and status flags for Release Management.

JSContext::CallEventHandler does not always set aBoolResult

RESOLVED DUPLICATE of bug 217562

Status

()

Core
DOM: Events
P2
normal
RESOLVED DUPLICATE of bug 217562
15 years ago
14 years ago

People

(Reporter: Andrew Schultz, Assigned: jst)

Tracking

Trunk
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

15 years ago
Valgrind complains about this:

http://lxr.mozilla.org/mozilla/source/dom/src/base/nsJSEnvironment.cpp#1003
JSContext::CallEventHandler is expected to set aBoolResult or return failure. 
Looking at the code, this will not happen if:
1. it gets to securityManager->CheckFunctionAccess, but that does not succeed
2. stack->Pop(nsnull) does not fail

what I did to trigger this was:
mozilla about:blank
and selected a profile.

Valgrind stated that jsBoolResult was used uninitialized here:
http://lxr.mozilla.org/mozilla/source/dom/src/events/nsJSEventListener.cpp#192

Comment 1

15 years ago
This is a code level bug, not sure if it is still present, and not sure how
important this is. CCing developers. 
Looks pretty important to me.. shouldn't we throw a security exception if 
CheckFunctionAccess() throws one??

At the very least the existing code will lead to unpredictable results in the 
case when the CheckFunctionAccess() fails....
Assignee: joki → jst

Updated

15 years ago
Priority: -- → P2

Comment 3

14 years ago

*** This bug has been marked as a duplicate of 217562 ***
Status: NEW → RESOLVED
Last Resolved: 14 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.