Closed Bug 620165 Opened 9 years ago Closed 2 months ago

[@ nsSHEntry::AddChild] should handle aChild more consistently

Categories

(Core :: DOM: Navigation, defect)

x86
Windows 7
defect
Not set

Tracking

()

RESOLVED WORKSFORME

People

(Reporter: timeless, Unassigned)

References

(Blocks 1 open bug)

Details

(Keywords: coverity, crash)

Crash Data

612 nsSHEntry::AddChild(nsISHEntry * aChild, PRInt32 aOffset)
613 {

let aChild be null.
skip this path:
614   if (aChild) {
615     NS_ENSURE_SUCCESS(aChild->SetParent(this), NS_ERROR_FAILURE);
616   }

let aOffset be >= 0.
skip this path:
618   if (aOffset < 0) {
619     mChildren.AppendObject(aChild);
620     return NS_OK;
621   }
632   NS_ASSERTION(aOffset < (mChildren.Count()+1023), "Large frames array!\n");

the code here is going to do silly things, if it manages to fail here:
652   if (!mChildren.InsertObjectAt(aChild, aOffset)) {
it crashes here:
654     aChild->SetParent(nsnull);
Crash Signature: [@ nsSHEntry::AddChild]
Component: History: Global → Document Navigation

Closing because no crashes reported for 12 weeks.

Status: NEW → RESOLVED
Closed: 2 months ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.