Closed Bug 345761 Opened 15 years ago Closed 15 years ago

jsfile.c: incorrect parameter passing to js_InflateString()

Categories

(Core :: JavaScript Engine, defect)

defect
Not set
normal

Tracking

()

RESOLVED FIXED

People

(Reporter: rse, Assigned: mrbkap)

Details

(Keywords: fixed1.8.1)

Attachments

(1 file, 2 obsolete files)

User-Agent:       Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.8.0.4) Gecko/20060630 Firefox/1.5.0.4
Build Identifier: 

In jsfile.c, function file_toURL(), there is a call to
js_InflateString() with a "size_t" argument, but the
function requires an argument of "size_t *".

Reproducible: Always




This patch fixes the code:
Index: jsfile.c
===================================================================
RCS file: /cvsroot/mozilla/js/src/jsfile.c,v
retrieving revision 3.44
diff -u -d -r3.44 jsfile.c
--- jsfile.c    28 Jun 2006 19:49:39 -0000  3.44
+++ jsfile.c    24 Jul 2006 19:28:37 -0000
@@ -2043,15 +2043,18 @@
     JSFile *file = JS_GetInstancePrivate(cx, obj, &file_class, NULL);
     char url[MAX_PATH_LENGTH];
     jschar *urlChars;
+    size_t len;
+
 
    JSFILE_CHECK_NATIVE("toURL");
    
     sprintf(url, "file://%s", file->path);
     /* TODO: js_escape in jsstr.h may go away at some point */
    
-    urlChars = js_InflateString(cx, url, strlen(url));
+    len = strlen(url);
+    urlChars = js_InflateString(cx, url, &len);
     if (urlChars == NULL) return JS_FALSE;
-    *rval = STRING_TO_JSVAL(js_NewString(cx, urlChars, strlen(url), 0));
+    *rval = STRING_TO_JSVAL(js_NewString(cx, urlChars, len, 0));
     if (!js_str_escape(cx, obj, 0, rval, rval)) return JS_FALSE;
    
     return JS_TRUE;
Attached patch code fix for jsfile.c (obsolete) — Splinter Review
Status: UNCONFIRMED → NEW
Ever confirmed: true
Attached patch Bigger patch (obsolete) — Splinter Review
Thanks for the patch! Every time I look at this code, I see more and more bugs, though, so I tend to clean up as I go. This patch also fixes a couple of cases where we'd fail to deal with an object that we couldn't convert to a string. Unfortunately, I can't compile jsfile.c terribly easily at the moment, so Ralf, could you tell me if this still compiles?
Sorry, I cannot answer this. I've not tried to build the TRUNK version
of jsfile.c at all as the newer series of SpiderMonkey have lots of
other problems for me, too. I've discovered the bug in the 1.6 series
(where it is also existing) as I'm using this version only. The 1.6
series builds fine for me (with and without the patch). 
Looking for rs=brendan ;-).
Assignee: general → mrbkap
Attachment #230471 - Attachment is obsolete: true
Attachment #230474 - Attachment is obsolete: true
Status: NEW → ASSIGNED
Attachment #230626 - Flags: review?(brendan)
Comment on attachment 230626 [details] [diff] [review]
Even bigger patch

I closed my eyes and stamped my left hand by mistake, but rs=me.

/be
Attachment #230626 - Flags: review?(brendan) → review+
Done.
Status: ASSIGNED → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
NPOB, should land on 1.8 branch too.

/be
Comment on attachment 230626 [details] [diff] [review]
Even bigger patch

This is NPOTB, but some SpiderMonkey embedders love it.
Attachment #230626 - Flags: approval1.8.1?
Comment on attachment 230626 [details] [diff] [review]
Even bigger patch

a=drivers. Please land this on the MOZILLA_1_8_BRANCH.
Attachment #230626 - Flags: approval1.8.1? → approval1.8.1+
Fix checked into the 1.8 branch.
Keywords: fixed1.8.1
Flags: in-testsuite-
You need to log in before you can comment on or make changes to this bug.