Closed Bug 563303 Opened 15 years ago Closed 15 years ago

useless check of !data.index in nsContentUtils::ReparentClonedObjectToScope

Tracking

()

Status:

RESOLVED FIXED

People

(Reporter: timeless, Assigned: timeless)

References

(Blocks 1 open bug)

Details

(Keywords: coverity, Whiteboard: [build_warning])

Attachments

(1 file, 1 obsolete file)

patch 15 years ago timeless (deleted), patch	bent.mozilla : review+	Details \| Diff \| Splinter Review
patch 15 years ago timeless (deleted), patch	timeless : review+	Details \| Diff \| Splinter Review

timeless

Assignee

Description

•

15 years ago

5822 nsContentUtils::ReparentClonedObjectToScope(JSContext* cx, 5833 while (!objectData.IsEmpty()) { 5836 if (!data.ids && !data.index) { 5874 } 5878 if (data.index == data.ids->length) {

Ben Turner (not reading bugmail, use the needinfo flag!)

Comment 1

•

15 years ago

http://mxr.mozilla.org/mozilla-central/source/content/base/src/nsContentUtils.cpp#5871 Sets data.ids or exits if it fails. INVALID.

Status: NEW → RESOLVED

Closed: 15 years ago

Resolution: --- → INVALID

timeless

Assignee

Comment 2

•

15 years ago

you're assuming data.index == 0, what if data.index isn't 0?

Status: RESOLVED → REOPENED

Resolution: INVALID → ---

Ben Turner (not reading bugmail, use the needinfo flag!)

Comment 3

•

15 years ago

data.index is initialized to 0 and it's only ever set to a nonzero value if data.ids is nonzero. Since it's impossible to have a null data.ids without failing I don't see any bug here. Please correct me or close this bug as appropriate.

timeless

Assignee

Updated

•

15 years ago

Assignee: nobody → timeless

Severity: critical → trivial

Status: REOPENED → ASSIGNED

Keywords: crash

Summary: crash [@ nsContentUtils::ReparentClonedObjectToScope] if !data.ids → useless check of !data.index in nsContentUtils::ReparentClonedObjectToScope

timeless

Assignee

Comment 4

•

15 years ago

Attached patch patch (obsolete) (deleted) — Details — Splinter Review

Attachment #443371 - Flags: review?(bent.mozilla)

Ben Turner (not reading bugmail, use the needinfo flag!)

Comment 5

•

15 years ago

Comment on attachment 443371 [details] [diff] [review] patch >- if (!data.ids && !data.index) { >+ if (!data.ids) { Can you add NS_ASSERTION(!data.index, "Shouldn't have index here") right here? r=me with that.

Attachment #443371 - Flags: review?(bent.mozilla) → review+

timeless

Assignee

Comment 6

•

15 years ago

Attached patch patch (deleted) — Details — Splinter Review

Attachment #443371 - Attachment is obsolete: true

Attachment #443459 - Flags: review+

Phil Ringnalda (:philor)

Updated

•

15 years ago

Keywords: checkin-needed

Daniel Holbert [:dholbert]

Comment 7

•

15 years ago

http://hg.mozilla.org/mozilla-central/rev/7c01659eb8d9

Status: ASSIGNED → RESOLVED

Closed: 15 years ago → 15 years ago

Keywords: checkin-needed

Resolution: --- → FIXED

Whiteboard: [build_warning]

Sylvestre Ledru [:Sylvestre]

Updated

•

6 years ago

Blocks: coverity-analysis

Nobody; OK to take it and work on it

Updated

•

6 years ago

Component: DOM → DOM: Core & HTML

You need to log in before you can comment on or make changes to this bug.

Bugzilla

useless check of !data.index in nsContentUtils::ReparentClonedObjectToScope

Categories

(Core :: DOM: Core & HTML, defect)

Tracking

()

People

(Reporter: timeless, Assigned: timeless)

References

(Blocks 1 open bug)

Details

(Keywords: coverity, Whiteboard: [build_warning])

Crash Data

Security

(public)

User Story

Attachments

(1 file, 1 obsolete file)

Description

Comment 1

Comment 2

Comment 3

Updated

Comment 4

Comment 5

Comment 6

Updated

Comment 7

Updated

Updated

Attachment

General

Description

File Name

Content Type