Closed Bug 250493 Opened 21 years ago Closed 20 years ago

nsHTMLFramesetFrame::Init doesn't check for failure

Categories

(Core :: DOM: Core & HTML, defect)

Product:
Core
Component:
DOM: Core & HTML
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: timeless, Assigned: zbraniecki)

References

(
URL
)

Details

(Whiteboard: [good first bug])

Attachments

(1 file, 8 obsolete files)

final patch
4.60 KB, patch
zbraniecki
: review+
zbraniecki
: superreview+
Details | Diff | Splinter Review
Whiteboard: [good first bug]
Attached patch first patch (obsolete) — Splinter Review
ok. first try.
Assignee: general → gandalf
Status: NEW → ASSIGNED
Attached patch second try (obsolete) — Splinter Review
a few fixes and one good feature - it compiles now.
Attachment #164132 - Attachment is obsolete: true
Attached patch third (obsolete) — Splinter Review
third. Addresing biesi's notices.
Attachment #164136 - Attachment is obsolete: true
Attachment #164137 - Flags: review?(bzbarsky)
Attachment #164137 - Flags: superreview?(bzbarsky)
Comment on attachment 164137 [details] [diff] [review] third It'll take me a bit of time to get to this... In the meantime, do frames document whether callers need to Destroy() when Init() fails? Have you checked whether the caller of Init() here even checks the return value?
I wouldn't base this sort of thing on anything else in layout... chances are, the thing you're basing on is wrong. ;)
Attached patch fixed (obsolete) — Splinter Review
Ouch! There was a mistake in if (!mHorBorders) - fixed.
Attachment #164137 - Attachment is obsolete: true
Attachment #164346 - Flags: superreview?(bzbarsky)
Attachment #164346 - Flags: review?(bzbarsky)
Also i'd like to notice that this patch for some reason breaks http://www.24fun.com/downloadcenter/benchjs/benchjs.html because of this checks: } else { // frame result = NS_NewSubDocumentFrame(shell, &frame); - frame->Init(aPresContext, child, this, kidSC, nsnull); + if (!result) + return NS_ERROR_OUT_OF_MEMORY; + + result = frame->Init(aPresContext, child, this, kidSC, nsnull); + if (NS_FAILED(result)) { + frame->Destroy(aPresContext); + return result; + } it looks that result = NS_NewSubDocumentFrame(shell, &frame); fails on this site. I can predict it's a NS_NewSubDocumentFrame fault and fill a bug for it, but i'm not sure...
Attached patch better patch (obsolete) — Splinter Review
Ok. This fixes the bug i mentioned above. Now we check if NS_FAILED(result) rather than if !result. Thanks biesi
Attachment #164346 - Attachment is obsolete: true
Attachment #164137 - Flags: superreview?(bzbarsky)
Attachment #164137 - Flags: review?(bzbarsky)
Attachment #164346 - Flags: superreview?(bzbarsky)
Attachment #164346 - Flags: review?(bzbarsky)
Attachment #164395 - Flags: superreview?(bzbarsky)
Attachment #164395 - Flags: review?(bzbarsky)
Comment on attachment 164395 [details] [diff] [review] better patch For future reference, more context (at least -u6, possibly more depending on the code) usually makes patches easier to review... >Index: nsFrameSetFrame.cpp > nsresult result = CallCreateInstance(kViewCID, &view); >+ if (NS_FAILED(result)) >+ return result; >+ Note that this needs to be merged to trunk (which now error-checks view creation). > mChildTypes = new PRInt32[numCells]; > mChildFrameborder = new nsFrameborder[numCells]; > mChildBorderColors = new nsBorderColor[numCells]; >+ if (!mChildTypes || !mChildFrameborder || !mChildBorderColors) >+ return NS_ERROR_OUT_OF_MEMORY; This leaks if some of those things got allocated... Please add code to the destructor to delete them, and set them to null where they are currently deleted (in reflow). >@@ -397,18 +414,32 @@ nsHTMLFramesetFrame::Init(nsPresContext* > mChildBorderColors[mChildCount].Set(childFrame->GetBorderColor()); >+ Don't add that blank line, please. >@@ -435,18 +466,24 @@ nsHTMLFramesetFrame::Init(nsPresContext* > pseudoStyleContext = shell->StyleSet()->ResolvePseudoStyleFor(nsnull, > nsCSSAnonBoxes::framesetBlank, > mStyleContext); >+ if (!pseudoStyleContext) >+ return NS_ERROR_OUT_OF_MEMORY; Don't you need to deallocate blankFrame here? > blankFrame->Init(aPresContext, mContent, this, pseudoStyleContext, nsnull); And error-check that? >- >+ Please don't make random whitespace changes like that (there are a few others in this patch too); they just make the cvs blame harder to read. r- because of the leak issue and the blank frame issues... sorry this took so long; the next iteration will be much much faster, I promise.
Attachment #164395 - Flags: superreview?(bzbarsky)
Attachment #164395 - Flags: superreview-
Attachment #164395 - Flags: review?(bzbarsky)
Attachment #164395 - Flags: review-
Attached patch fixing issues from Comment 10 (obsolete) — Splinter Review
Attachment #164395 - Attachment is obsolete: true
Attachment #164395 - Flags: superreview-
Attachment #164395 - Flags: review-
Attachment #166985 - Flags: superreview?(bzbarsky)
Attachment #166985 - Flags: review?(bzbarsky)
Attachment #166985 - Attachment is obsolete: true
Attachment #166985 - Flags: superreview?(bzbarsky)
Attachment #166985 - Flags: review?(bzbarsky)
Comment on attachment 166987 [details] [diff] [review] removing some comment lines from patch sorry for spam
Attachment #166987 - Flags: superreview?(bzbarsky)
Attachment #166987 - Flags: review?(bzbarsky)
Comment on attachment 166987 [details] [diff] [review] removing some comment lines from patch >@@ -1209,6 +1246,10 @@ > } > } > >+ mChildTypes = null; >+ mChildFrameborder = null; >+ mChildBorderColors = null; >+ > delete[] verBordersVis; > delete[] verBorderColors; > delete[] horBordersVis; This is pretty obviously wrong, since you're assigning null to something that's delete[]d just 10 lines below. Either the delete[]s should be removed or these belong somewhere else (such as *after* the delete[]s).
Attachment #166987 - Flags: superreview?(bzbarsky)
Attachment #166987 - Flags: superreview-
Attachment #166987 - Flags: review?(bzbarsky)
Attachment #166987 - Flags: review-
(Judging from comment 10, what bz intended to add those assignments to null *after* the deletes.)
Attachment #166987 - Attachment is obsolete: true
Attachment #167891 - Flags: superreview?(bzbarsky)
Attachment #167891 - Flags: review?(bzbarsky)
Comment on attachment 167891 [details] [diff] [review] fixes bug mentioned in Comment 14 >@@ -395,18 +408,31 @@ >nsHTMLFramesetFrame::Init(nsPresContext* > kidSC = shell->StyleSet()->ResolveStyleFor(child, mStyleContext); > if (tag == nsHTMLAtoms::frameset) { > result = NS_NewHTMLFramesetFrame(shell, &frame); >- >+ if (NS_FAILED(result)) >+ return result; >+ Please don't add a space on that blank line. r+sr=bzbarsky with that one char removed.
Attachment #167891 - Flags: superreview?(bzbarsky)
Attachment #167891 - Flags: superreview+
Attachment #167891 - Flags: review?(bzbarsky)
Attachment #167891 - Flags: review+
Attached patch final patchSplinter Review
removed white spaces in blank lines. taking r/sr from previous.
Attachment #167891 - Attachment is obsolete: true
Attachment #169506 - Flags: superreview+
Attachment #169506 - Flags: review+
gandalf: check this in?
Checking in layout/generic/nsFrameSetFrame.cpp; /cvsroot/mozilla/layout/generic/nsFrameSetFrame.cpp,v <-- nsFrameSetFrame.cpp new revision: 3.157; previous revision: 3.156 done
Status: ASSIGNED → RESOLVED
Closed: 20 years ago
Resolution: --- → FIXED
Component: DOM: HTML → DOM: Core & HTML
QA Contact: ian → general
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: