Closed Bug 723510 Opened 13 years ago Closed 13 years ago

Workers: double-error reporting in location.toString and incorrect assumption about JS_GetInstancePrivate

Categories

(Core :: DOM: Core & HTML, defect)

Product:
Core
Component:
DOM: Core & HTML
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla13

People

(Reporter: igor, Assigned: igor)

Details

Attachments

(1 file)

v1
21.67 KB, patch
bent.mozilla
: review+
Details | Diff | Splinter Review
ToString from https://hg.mozilla.org/mozilla-central/file/005980552224/dom/workers/Location.cpp#l147 contains: JSObject* obj = JS_THIS_OBJECT(aCx, aVp); JSClass* classPtr; if (!obj || ((classPtr = JS_GET_CLASS(aCx, obj)) != &sClass)) { JS_ReportErrorNumber(aCx, js_GetErrorMessage, NULL, JSMSG_INCOMPATIBLE_PROTO, sClass.name, "toString", classPtr ? classPtr->name : "object"); return false; } As JS_THIS_OBJECT reports errors (OOM) on its own, reporting JSMSG_INCOMPATIBLE_PROTO again is wrong after JS_THIS_OBJECT fails. Another issue that I sported when looking for a similar pattern is the following comment in many GetInstancePrivate implementations: // JS_GetInstancePrivate is ok to be called with a null aObj, so this should // be too. The implication is the comment is wrong. JS_GetInstancePrivate allows null aObj only for compatibility. The new code should never pass null there. As in all cases workers' GetInstancePrivate are not used with null aObj, for code simplicity the implementation should assume that aObj is not null.
Attached patch v1Splinter Review
The patch fixes ToString implementation and changes GetInstancePrivate to assume that obj is not null. The patch also removed few checks for null result of JS_GET_CLASS(obj). That is not possible.
Attachment #594125 - Flags: review?(bent.mozilla)
Comment on attachment 594125 [details] [diff] [review] v1 Review of attachment 594125 [details] [diff] [review]: ----------------------------------------------------------------- Thanks for cleaning this up! ::: dom/workers/Location.cpp @@ +148,5 @@ > ToString(JSContext* aCx, uintN aArgc, jsval* aVp) > { > JSObject* obj = JS_THIS_OBJECT(aCx, aVp); > + if (!obj) > + return false; Nit: Please add braces.
Attachment #594125 - Flags: review?(bent.mozilla) → review+
https://hg.mozilla.org/mozilla-central/rev/fbd68d8e15b9
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla13
Component: DOM → DOM: Core & HTML
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: