As a security precaution, we have turned on the setting "Require API key authentication for API requests" for everyone. If this has broken something, please contact
Last Comment Bug 505738 - nsScriptableRegion::GetRects doesn't handle failure from JS_NewArrayObject [@ JS_DefineElement - nsScriptableRegion::GetRects]
: nsScriptableRegion::GetRects doesn't handle failure from JS_NewArrayObject [@...
: coverity, crash
Product: Core
Classification: Components
Component: Graphics (show other bugs)
: Trunk
: All All
: -- critical (vote)
: mozilla11
Assigned To: timeless
: Milan Sreckovic [:milan]
Depends on:
  Show dependency treegraph
Reported: 2009-07-22 06:49 PDT by timeless
Modified: 2011-12-04 14:17 PST (History)
2 users (show)
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---

patch (641 bytes, patch)
2009-07-23 01:41 PDT, timeless
no flags Details | Diff | Splinter Review
updated reviewer (647 bytes, patch)
2009-07-30 08:50 PDT, timeless
gal: review+
Details | Diff | Splinter Review

Description User image timeless 2009-07-22 06:49:47 PDT
188   JSObject *destArray = JS_NewArrayObject(cx, mRectSet->mNumRects*4, NULL);
JS_NewArrayObject will return null on oom

and you'll crash here:
196     JS_DefineElement(cx, destArray, n, INT_TO_JSVAL(rect.x), NULL, NULL, JSPROP_ENUMERATE);
Comment 1 User image timeless 2009-07-23 01:41:32 PDT
Created attachment 390177 [details] [diff] [review]
Comment 2 User image timeless 2009-07-30 08:50:01 PDT
Created attachment 391615 [details] [diff] [review]
updated reviewer
Comment 3 User image Jeff Muizelaar [:jrmuizel] 2010-03-02 12:50:00 PST
Comment on attachment 391615 [details] [diff] [review]
updated reviewer

I'm not a good reviewer for this.
Comment 4 User image :Ms2ger (⌚ UTC+1/+2) 2011-12-04 14:17:31 PST

Note You need to log in before you can comment on or make changes to this bug.