Closed Bug 231141 Opened 22 years ago Closed 20 years ago

NS_GetSpecialDirectory rv isn't checked in nsDownloadsDataSource::LoadDataSource

Categories

(Toolkit :: Downloads API, defect)

Product:
Toolkit
Component:
Downloads API
Version:
1.8 Branch
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla1.8.1alpha2

People

(Reporter: timeless, Assigned: philor)

References

(
URL
)

Details

(Keywords: crash, fixed1.8.1)

Attachments

(1 file, 1 obsolete file)

In the style of the file
1.24 KB, patch
mconnor
: review+
mconnor
: approval-branch-1.8.1+
Details | Diff | Splinter Review
1542 nsresult 1543 nsDownloadsDataSource::LoadDataSource() 1544 { 1545 nsCOMPtr<nsIFile> downloadsFile; 1546 NS_GetSpecialDirectory(NS_APP_DOWNLOADS_50_FILE, getter_AddRefs(downloadsFile)); 1547 1548 nsCAutoString downloadsDB; 1549 NS_GetURLSpecFromFile(downloadsFile, downloadsDB); NS_GetSpecialDirectory can fail, when it fails then downloadsFile will be null, and 1549 will crash. The crash looks like this: necko.dll!net_GetURLSpecFromFile(nsIFile * aFile=0x00000000, nsACString & result={...}) Line 54 + 0x7 C++ necko.dll!nsFileProtocolHandler::GetURLSpecFromFile(nsIFile * file=0x00000000, nsACString & result={...}) Line 165 + 0xd C++ tkitcmps.dll!NS_GetURLSpecFromFile(nsIFile * aFile=0x00000000, nsACString & aUrl={...}, nsIIOService * ioService=0x00000000) Line 616 + 0x1f C++ > tkitcmps.dll!nsDownloadsDataSource::LoadDataSource() Line 1549 + 0x14 C++ tkitcmps.dll!nsDownloadManager::Init() Line 193 + 0x15 C++ tkitcmps.dll!nsDownloadManagerConstructor(nsISupports * aOuter=0x00000000, const nsID & aIID={...}, void * * aResult=0x0012e19c) Line 62 + 0x7d C++ xpcom.dll!nsGenericFactory::CreateInstance(nsISupports * aOuter=0x00000000, const nsID & aIID={...}, void * * aResult=0x0012e19c) Line 86 + 0x15 C++ stack from Mozilla1.6/Firebird0.8 branch (code matches trunk) checkout from ~wednesday
QA Contact: aebrahim
<mconnor> NEW <mconnor> he's saying that we're not ensuring that the function returns a value, and as a result we can crash since we pass null to the function --> NEW --> critical (crasher)
Severity: normal → critical
Status: UNCONFIRMED → NEW
Ever confirmed: true
Assignee: bugs → nobody
QA Contact: aebrahim-bmo-507 → download.manager
Attached patch Do the obvious thing (obsolete) — Splinter Review
Untested, since I don't know how to make NS_GetSpecialDirectory fail, but doing what all its other callers, including the analogous code in SeaMonkey's version, do must be the right thing.
Assignee: nobody → philringnalda
Status: NEW → ASSIGNED
Attachment #217715 - Flags: review?(mconnor)
Oops, apparently we prefer single-line returns here.
Attachment #217715 - Attachment is obsolete: true
Attachment #217716 - Flags: review?(mconnor)
Attachment #217715 - Flags: review?(mconnor)
Attachment #217716 - Flags: review?(mconnor)
Attachment #217716 - Flags: review+
Attachment #217716 - Flags: approval-branch-1.8.1+
Whiteboard: [checkin needed]
mozilla/toolkit/components/downloads/src/nsDownloadManager.cpp 1.61 mozilla/toolkit/components/downloads/src/nsDownloadManager.cpp 1.53.2.6
Status: ASSIGNED → RESOLVED
Closed: 20 years ago
Keywords: fixed1.8.1
OS: Windows XP → All
Hardware: PC → All
Resolution: --- → FIXED
Whiteboard: [checkin needed]
Target Milestone: --- → Firefox 2 alpha2
Version: unspecified → 2.0 Branch
Product: Firefox → Toolkit
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: