Closed Bug 620275 Opened 9 years ago Closed 5 years ago

remove inconsistent null check of aContent from nsSubDocumentFrame::Init

Categories

(Core :: Layout, defect, critical)

defect
Not set
critical

Tracking

()

RESOLVED FIXED
mozilla36

People

(Reporter: timeless, Assigned: timeless)

References

(Blocks 1 open bug)

Details

(Keywords: coverity, crash)

Attachments

(2 files, 1 obsolete file)

161 nsSubDocumentFrame::Init(nsIContent*     aContent,
162                          nsIFrame*       aParent,
163                          nsIFrame*       aPrevInFlow)
164 {
i'm not sure you actually need an if here anyway, since do_QI is null safe, and perhaps you want to pick a value if !aContent since you're Init()ing something...
165   // determine if we are a <frame> or <iframe>
166   if (aContent) {
167     nsCOMPtr<nsIDOMHTMLFrameElement> frameElem = do_QueryInterface(aContent);
168     mIsInline = frameElem ? PR_FALSE : PR_TRUE;
169   }

this is actually null safe:
171   nsresult rv =  nsLeafFrame::Init(aContent, aParent, aPrevInFlow);

we'll crash here:
191   aContent->SetPrimaryFrame(this);
Attached patch proposal (obsolete) — Splinter Review
Assignee: nobody → timeless
Status: NEW → ASSIGNED
Attachment #498679 - Flags: review?(dbaron)
Attachment #498679 - Flags: approval2.0?
Comment on attachment 498679 [details] [diff] [review]
proposal

I don't think it's valid to create any frame other than the root frame with a null content node (or *maybe* part of the root scrollframe construction).  I think the right thing here is to remove the other null-check, but bzbarsky is probably a better reviewer than I am.
Attachment #498679 - Flags: review?(dbaron)
Attachment #498679 - Flags: review-
Attachment #498679 - Flags: approval2.0?
Attached patch alternativeSplinter Review
Attachment #498679 - Attachment is obsolete: true
Attachment #498909 - Flags: review?(bzbarsky)
Attachment #498909 - Flags: approval2.0?
Comment on attachment 498909 [details] [diff] [review]
alternative

That null-check is bogus.  Just remove it.
Attachment #498909 - Flags: review?(bzbarsky)
Attachment #498909 - Flags: review-
Attachment #498909 - Flags: approval2.0?
Attachment #498909 - Flags: approval2.0-
Summary: crash [@ nsSubDocumentFrame::Init] if !aContent → remove inconsistent null check of aContent from nsSubDocumentFrame::Init
Comment on attachment 498909 [details] [diff] [review]
alternative

(In reply to Boris Zbarsky [:bz] from comment #4)
> Comment on attachment 498909 [details] [diff] [review]
> alternative
> 
> That null-check is bogus.  Just remove it.


This patch looks fine to me (with a little unbitrotting applied), so I'm
not sure which null-check you were referring to.  The 'frameElem'
null-check is still needed to check if it's a <frame> or <iframe>
as the comment says.  I don't see any other null-checks.
Flags: needinfo?(bzbarsky)
Er, I have no idea what I was thinking then, sorry.  I agree that the patch looks right.
Flags: needinfo?(bzbarsky)
Attachment #8511400 - Flags: review+
https://hg.mozilla.org/mozilla-central/rev/e122c5300afc
Status: ASSIGNED → RESOLVED
Closed: 5 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla36
You need to log in before you can comment on or make changes to this bug.