Bug 334195 XPCWrappedNative::HandlePossibleNameCaseError dereferences an unitialized value if !set r=dbradley sr=jst a=mtschrep
authortimeless@mozdev.org
Sun, 20 Jan 2008 03:21:36 -0800
changeset 10467 a61fcf408f66d87e144725d7f3d7fc9f7974847f
parent 10466 b556ff5b01a85619f3ec85f6f1d8b17fdf760aa6
child 10468 86d34314b6901d6bb353d3fa466491d425788b4b
push id1
push userbsmedberg@mozilla.com
push dateThu, 20 Mar 2008 16:49:24 +0000
treeherderautoland@61007906a1f8 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersdbradley, jst, mtschrep
bugs334195
milestone1.9b3pre
Bug 334195 XPCWrappedNative::HandlePossibleNameCaseError dereferences an unitialized value if !set r=dbradley sr=jst a=mtschrep
js/src/xpconnect/src/xpcwrappednative.cpp
--- a/js/src/xpconnect/src/xpcwrappednative.cpp
+++ b/js/src/xpconnect/src/xpcwrappednative.cpp
@@ -862,18 +862,18 @@ XPCWrappedNative::Init(XPCCallContext& c
                  jsclazz->getProperty &&
                  jsclazz->setProperty &&
                  jsclazz->enumerate &&
                  jsclazz->resolve &&
                  jsclazz->convert &&
                  jsclazz->finalize, "bad class");
 
     JSObject* protoJSObject = HasProto() ?
-                                GetProto()->GetJSProtoObject() :
-                                GetScope()->GetPrototypeJSObject();
+            GetProto()->GetJSProtoObject() :
+            GetScope()->GetPrototypeJSObject();
 
     mFlatJSObject = xpc_NewSystemInheritingJSObject(ccx, jsclazz, protoJSObject,
                                                     parent);
     if(!mFlatJSObject)
         return JS_FALSE;
 
     // In the current JS engine JS_SetPrivate can't fail. But if it *did*
     // fail then we would not receive our finalizer call and would not be
@@ -2835,17 +2835,19 @@ XPCWrappedNative::HandlePossibleNameCase
         newStr[0] = (PRUnichar) nsCRT::ToLower((char)newStr[0]);
         newJSStr = JS_NewUCStringCopyZ(ccx, (const jschar*)newStr);
         nsCRT::free(newStr);
         if(newJSStr && (set ?
              set->FindMember(STRING_TO_JSVAL(newJSStr), &member, &localIface) :
                         (JSBool)NS_PTR_TO_INT32(iface->FindMember(STRING_TO_JSVAL(newJSStr)))))
         {
             // found it!
-            const char* ifaceName = localIface->GetNameString();
+            const char* ifaceName = set ?
+                    localIface->GetNameString() :
+                    iface->GetNameString();
             const char* goodName = JS_GetStringBytes(newJSStr);
             const char* badName = JS_GetStringBytes(oldJSStr);
             char* locationStr = nsnull;
 
             nsIException* e = nsnull;
             nsXPCException::NewException("", NS_OK, nsnull, nsnull, &e);
 
             if(e)