Closed Bug 298420 Opened 20 years ago Closed 20 years ago

nsHTMLDocument::mDomainWasSet may be uninitialized

Categories

(Core :: DOM: Core & HTML, defect)

Product:
Core
Component:
DOM: Core & HTML
Type:
defect
Priority:
Not set
Severity:
major

Tracking

()

Status:
RESOLVED INVALID

People

(Reporter: darin.moz, Unassigned)

Details

While working on a patch in nsHTMLDocument, I noticed that many of its member
variables appear to be uninitialized after the constructor runs.  In most cases,
this is not a problem since member variables are set before they are read, but
in at least the case of mDomainWasSet, it appears that it may be read before it
is set.  The DocShell seems to use this information in a security check, yet
nsHTMLDocument::WasDomainSet may return a random value unless SetDomain was
called.  It seems that this code was part of a patch to fix a frameset spoofing
bug (see bug 13871).  The original patch included code to initialize
mDomainWasSet, but for some reason that got lost over time.  I think that the
current code would just cause us to be overly restrictive in some random cases,
so it does not appear to be a security concern.
Crap!  You'd think this would be hard to miss:
http://lxr.mozilla.org/mozilla/source/content/html/document/src/nsHTMLDocument.cpp#285

INVALID
Status: NEW → RESOLVED
Closed: 20 years ago
Resolution: --- → INVALID
Component: DOM: HTML → DOM: Core & HTML
QA Contact: ian → general
You need to log in before you can comment on or make changes to this bug.