783431 - Fix js array initialization for bluetooth and telephony

Status: RESOLVED FIXED

(Core :: DOM: Device Interfaces, defect)

Description

[Kyle Machulis [:qdot] [:kmachulis] (INACTIVE)]

from bug 777671:

---

::: dom/bluetooth/BluetoothUtils.cpp
@@ +82,5 @@
> +    arrayObj = JS_NewArrayObject(aCx, 0, nullptr);
> +  } else {
> +    uint32_t valLength = aSourceArray.Length();
> +    mozilla::ScopedDeleteArray<jsval> valArray(new jsval[valLength]);
> +    JS::AutoArrayRooter tvr(aCx, valLength, valArray);

I think this was copied from elsewhere, but there's a small problem. valArray's
elements are uninitialized, so if there's a GC during the loop, we'll mark a
bunch of uninitialized values. So, either we need to memset valArray to 0
(JSVAL_NULL) or pass 0 for the length and use changeLength(index + 1) each time
through the loop (see
http://hg.mozilla.org/mozilla-central/file/57e59b2e017e/dom/base/nsDOMClassInfo
.cpp#l5773 for an example).

---

This happens elsewhere in bt and telephony, so we should fix it everywhere. And really figure out something about centralizing these functions. :/

Comment 1

[Blake Kaplan (:mrbkap) (inactive)]

How about nsContentUtils or nsJSUtils?

Comment 2

[Kyle Machulis [:qdot] [:kmachulis] (INACTIVE)]

bent was saying this got kicked out of ContentUtils for some reason? I'd be happy to have it there otherwise.

Comment 3

[Kyle Machulis [:qdot] [:kmachulis] (INACTIVE)]

Attachment: Patch 1 (v1): Fix js array initialization for bluetooth and telephony

Leaving functions where they are for the moment. Moving these to nsContentUtils would require templatizing, and there's nothing in there currently that does that. Would rather get these fixed and file followup where positional bikeshedding can happen.

Comment 4

[Kyle Machulis [:qdot] [:kmachulis] (INACTIVE)]

 https://hg.mozilla.org/integration/mozilla-inbound/rev/587ab949e65a

Comment 5

[Ed Morley [:emorley]]

https://hg.mozilla.org/mozilla-central/rev/587ab949e65a