Bug 1026761 - CID 749761: nsAStreamCopier::Process can use sourceCondition, sinkCondition uninitialized. r=froydnj
authorChris Peterson <cpeterson@mozilla.com>
Sat, 06 Jun 2015 12:35:37 -0700
changeset 247887 89fff7bb133efc4cdaea0cdbf605c6c6b78a3780
parent 247886 0685087a4c4b19faac2d336e35462183f957ac83
child 247888 43e94edb750b06552493d837619e69dbdb7a2c38
push id28885
push usercbook@mozilla.com
push dateWed, 10 Jun 2015 13:18:59 +0000
treeherderautoland@e101c589c242 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersfroydnj
bugs1026761, 749761
milestone41.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1026761 - CID 749761: nsAStreamCopier::Process can use sourceCondition, sinkCondition uninitialized. r=froydnj
xpcom/io/nsStreamUtils.cpp
--- a/xpcom/io/nsStreamUtils.cpp
+++ b/xpcom/io/nsStreamUtils.cpp
@@ -269,25 +269,31 @@ public:
                           nsresult* aSinkCondition) = 0;
 
   void Process()
   {
     if (!mSource || !mSink) {
       return;
     }
 
-    nsresult sourceCondition, sinkCondition;
     nsresult cancelStatus;
     bool canceled;
     {
       MutexAutoLock lock(mLock);
       canceled = mCanceled;
       cancelStatus = mCancelStatus;
     }
 
+    // If the copy was canceled before Process() was even called, then
+    // sourceCondition and sinkCondition should be set to error results to
+    // ensure we don't call Finish() on a canceled nsISafeOutputStream.
+    MOZ_ASSERT(NS_FAILED(cancelStatus) == canceled, "cancel needs an error");
+    nsresult sourceCondition = cancelStatus;
+    nsresult sinkCondition = cancelStatus;
+
     // Copy data from the source to the sink until we hit failure or have
     // copied all the data.
     for (;;) {
       // Note: copyFailed will be true if the source or the sink have
       //       reported an error, or if we failed to write any bytes
       //       because we have consumed all of our data.
       bool copyFailed = false;
       if (!canceled) {