Closed Bug 180789 Opened 22 years ago Closed 22 years ago

nsPrefBranch::GetChildList can call PL_DHashTableEnumerate with an uninitialized gHashTable

Categories

(Core :: Preferences: Backend, defect)

Product:
Core
Component:
Preferences: Backend
Platform:
x86
Windows 2000
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
VERIFIED FIXED

People

(Reporter: timeless, Assigned: timeless)

References

Details

(Keywords: crash)

Attachments

(1 file, 1 obsolete file)

compiling patch
629 bytes, patch
dbradley
: review+
dveditz
: superreview+
Details | Diff | Splinter Review 
-	gHashTable	{...}
+	ops	0x00000000

PL_DHashTableEnumerate(PLDHashTable * 0x01db96f8 struct PLDHashTable 
gHashTable, int (PLDHashTable *, PLDHashEntryHdr *, unsigned int, void *)*
0x01daa7b0 pref_enumChild(PLDHashTable *, PLDHashEntryHdr *, unsigned int, void
*), void * 0x0012c350) line 602 + 3 bytes
nsPrefBranch::GetChildList(nsPrefBranch * const 0x01bd6590, const char *
0x02ba8d00, unsigned int * 0x0012c578, char * * * 0x0012c588) line 610 + 19 bytes
nsPrefService::GetChildList(nsPrefService * const 0x01bd6608, const char *
0x02ba8d00, unsigned int * 0x0012c578, char * * * 0x0012c588) line 57 + 42 bytes
XPTC_InvokeByIndex(nsISupports * 0x01bd6608, unsigned int 19, unsigned int 3,
nsXPTCVariant * 0x0012c568) line 106
XPCWrappedNative::CallMethod(XPCCallContext & {...}, XPCWrappedNative::CallMode
CALL_METHOD) line 2016 + 42 bytes
XPC_WN_CallMethod(JSContext * 0x004f0c20, JSObject * 0x014a9698, unsigned int 2,
long * 0x0107917c, long * 0x0012c80c) line 1283 + 14 bytes
js_Invoke(JSContext * 0x004f0c20, unsigned int 2, unsigned int 0) line 839 + 23
bytes
js_Interpret(JSContext * 0x004f0c20, long * 0x0012d128) line 2803 + 15 bytes
js_Invoke(JSContext * 0x004f0c20, unsigned int 0, unsigned int 1) line 856 + 13
bytes
js_Interpret(JSContext * 0x004f0c20, long * 0x0012d9f8) line 2415 + 15 bytes
js_Invoke(JSContext * 0x004f0c20, unsigned int 2, unsigned int 2) line 856 + 13
bytes
nsXPCWrappedJSClass::CallMethod(nsXPCWrappedJSClass * const 0x02a8cab0,
nsXPCWrappedJS * 0x02ba0f30, unsigned short 3, const nsXPTMethodInfo *
0x01355658, nsXPTCMiniVariant * 0x0012df3c) line 1200 + 22 bytes
nsXPCWrappedJS::CallMethod(nsXPCWrappedJS * const 0x02ba0f30, unsigned short 3,
const nsXPTMethodInfo * 0x01355658, nsXPTCMiniVariant * 0x0012df3c) line 430
PrepareAndDispatch(nsXPTCStubBase * 0x02ba0f30, unsigned int 3, unsigned int *
0x0012dfec, unsigned int * 0x0012dfdc) line 115 + 31 bytes
SharedStub() line 139
nsComponentManagerImpl::CreateInstance(nsComponentManagerImpl * const
0x004a6a40, const nsID & {...}, nsISupports * 0x00000000, const nsID & {...},
void * * 0x0012e0bc) line 1817 + 24 bytes
nsComponentManager::CreateInstance(const nsID & {...}, nsISupports * 0x00000000,
const nsID & {...}, void * * 0x0012e0bc) line 103
nsJSCID::CreateInstance(nsJSCID * const 0x02b9de30, nsISupports * * 0x0012e288)
line 793 + 48 bytes
XPTC_InvokeByIndex(nsISupports * 0x02b9de30, unsigned int 10, unsigned int 1,
nsXPTCVariant * 0x0012e288) line 106
XPCWrappedNative::CallMethod(XPCCallContext & {...}, XPCWrappedNative::CallMode
CALL_METHOD) line 2016 + 42 bytes
XPC_WN_CallMethod(JSContext * 0x004f0c20, JSObject * 0x014a3e08, unsigned int 0,
long * 0x01079068, long * 0x0012e52c) line 1283 + 14 bytes
js_Invoke(JSContext * 0x004f0c20, unsigned int 0, unsigned int 0) line 839 + 23
bytes
js_Interpret(JSContext * 0x004f0c20, long * 0x0012fe50) line 2803 + 15 bytes
js_Execute(JSContext * 0x004f0c20, JSObject * 0x0108e4c0, JSScript * 0x004fce40,
JSStackFrame * 0x00000000, unsigned int 0, long * 0x0012fe50) line 1020 + 13 bytes
JS_ExecuteScript(JSContext * 0x004f0c20, JSObject * 0x0108e4c0, JSScript *
0x004fce40, long * 0x0012fe50) line 3277 + 25 bytes
Process(JSContext * 0x004f0c20, JSObject * 0x0108e4c0, char * 0x004a4416, _iobuf
* 0x00000000) line 479 + 22 bytes
ProcessArgs(JSContext * 0x004f0c20, JSObject * 0x0108e4c0, char * * 0x004a43c4,
int 3) line 655 + 33 bytes
main(int 3, char * * 0x004a43c4) line 912 + 21 bytes
mainCRTStartup() line 338 + 17 bytes
KERNEL32! 77e87903()
Component: Preferences → Preferences: Backend
Keywords: crash
Attached patch patch (obsolete) — Splinter Review 

    
    

    
  

      
      
      
      

        Attached patch
          
          
        compiling patchSplinter Review
      

    


  

        Attachment #106799 -
        Attachment is obsolete: true

    
  

        Attachment #106811 -
        Flags: superreview?(dveditz)

        Attachment #106811 -
        Flags: review?(dbradley)

    
    

    
  
Comment on attachment 106811 [details] [diff] [review]
compiling patch

r=dbradley

        Attachment #106811 -
        Flags: review?(dbradley) → review+

    
    

    
  
Comment on attachment 106811 [details] [diff] [review]
compiling patch

Return NS_ERROR_NOT_INITIALIZED (as nsPrefService does) instead of NS_OK --
this is an error case.

sr=dveditz with that change.

        Attachment #106811 -
        Flags: superreview?(dveditz) → superreview+

    
    

    
  
checked in
Status: NEW → RESOLVED
Closed: 22 years ago
Resolution: --- → FIXED

    
  
Blocks: 181491

    
  
Blocks: 181494

    
  
Blocks: 181496

    
  
Blocks: 181498

    
  
Blocks: 181500

    
  
Blocks: 181503

    
  
Blocks: 181505

    
  
Blocks: 181507

    
  
Blocks: 181509

    
  
Blocks: 181512

    
  
No longer blocks: 181512

    
  
No longer blocks: 181509

    
  
No longer blocks: 181507

    
  
No longer blocks: 181505

    
  
No longer blocks: 181500

    
  
No longer blocks: 181498

    
  
No longer blocks: 181496

    
  
No longer blocks: 181494

    
  
No longer blocks: 181503

    
    

    
  
rs vrfy.
Status: RESOLVED → VERIFIED

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: