Closed Bug 334290 Opened 14 years ago Closed 14 years ago
JSEvent Listener::Handle Event inconsistently uses &stack Ptr/stack Ptr for JS _(Push|Pop)Arguments
i'm filing this is as a security bug because i'm not sure if content code could coerce us to take this path. i don't think anything bad will happen if we do happen to use it uninitialized, but i don't want to think about it either.
Comment on attachment 218628 [details] [diff] [review] pass pointer to pop r+sr=jst
Comment on attachment 218628 [details] [diff] [review] pass pointer to pop mozilla/dom/src/events/nsJSEventListener.cpp 1.52
Comment on attachment 218628 [details] [diff] [review] pass pointer to pop this is wrong. i think the prototype is bad.
invalid. coverity took a path that doesn't make sense and i failed (again i believe!) to verify that the api really isn't this inconsistent, because had i checked, i'd have seen that it really is. the push uses an extra pointer so that it can out the value, and the pop doesn't need that extra pointer, so it doesn't use it. the result is ime lame experience as a terrible coder, that i screw this up fairly often and wish that the api had not been written this way. i'm very very very very sorry that i ever touch this api and wish i could make myself never see it again :(. i'd also almost like to make this bug permanently invisible if people don't mind, because i'm so embarassed by it. :( note that i fully expect everyone in the world to read this comment, such is the life of a public bugzilla.
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.