Bug 562866 - StatementParams::NewResolve mishandles JSVAL_IS_STRING(aId). r=sdwilsh.
authortimeless@mozdev.org, Jason Orendorff <jorendorff@mozilla.com>
Thu, 06 May 2010 13:56:39 -0500
changeset 42003 47d79146b3c238c2ccddc3752012234b6660f5f3
parent 42002 86af015da3fcc870d7a55e23d1d8cee043db0769
child 42004 4b40d5ef55a888678b1b53971a0f54a3d796a8e0
push id13171
push userjorendorff@mozilla.com
push dateThu, 06 May 2010 19:18:23 +0000
treeherdermozilla-central@47d79146b3c2 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerssdwilsh
bugs562866
milestone1.9.3a5pre
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
Bug 562866 - StatementParams::NewResolve mishandles JSVAL_IS_STRING(aId). r=sdwilsh.
storage/src/mozStorageAsyncStatementParams.cpp
storage/src/mozStorageStatementParams.cpp
--- a/storage/src/mozStorageAsyncStatementParams.cpp
+++ b/storage/src/mozStorageAsyncStatementParams.cpp
@@ -121,45 +121,41 @@ AsyncStatementParams::NewResolve(
   JSObject *aScopeObj,
   jsval aId,
   PRUint32 aFlags,
   JSObject **_objp,
   PRBool *_retval
 )
 {
   NS_ENSURE_TRUE(mStatement, NS_ERROR_NOT_INITIALIZED);
-  // We do not throw at any point after this unless our index is out of range
-  // because we want to allow the prototype chain to be checked for the
-  // property.
+  // We do not throw at any point after this because we want to allow the
+  // prototype chain to be checked for the property.
 
-  PRUint32 idx;
-
+  bool resolved = false;
+  PRBool ok = PR_TRUE;
   if (JSVAL_IS_INT(aId)) {
-    idx = JSVAL_TO_INT(aId);
+    PRUint32 idx = JSVAL_TO_INT(aId);
     // All indexes are good because we don't know how many parameters there
     // really are.
+    ok = ::JS_DefineElement(aCtx, aScopeObj, idx, JSVAL_VOID, nsnull,
+                            nsnull, 0);
+    resolved = true;
   }
   else if (JSVAL_IS_STRING(aId)) {
     JSString *str = JSVAL_TO_STRING(aId);
     jschar *nameChars = ::JS_GetStringChars(str);
     size_t nameLength = ::JS_GetStringLength(str);
 
     // We are unable to tell if there's a parameter with this name and so
     // we must assume that there is.  This screws the rest of the prototype
     // chain, but people really shouldn't be depending on this anyways.
-    *_retval = ::JS_DefineUCProperty(aCtx, aScopeObj, nameChars, nameLength,
-                                     JSVAL_VOID, nsnull, nsnull, 0);
-    NS_ENSURE_TRUE(*_retval, NS_OK);
-  }
-  else {
-    // We do not handle other types.
-    return NS_OK;
+    ok = ::JS_DefineUCProperty(aCtx, aScopeObj, nameChars, nameLength,
+                               JSVAL_VOID, nsnull, nsnull, 0);
+    resolved = true;
   }
 
-  *_retval = ::JS_DefineElement(aCtx, aScopeObj, idx, JSVAL_VOID, nsnull,
-                                nsnull, 0);
-  if (*_retval)
-    *_objp = aScopeObj;
+  *_retval = ok;
+  *_objp = resolved && ok ? aScopeObj : nsnull;
   return NS_OK;
 }
 
 } // namespace storage
 } // namespace mozilla
--- a/storage/src/mozStorageStatementParams.cpp
+++ b/storage/src/mozStorageStatementParams.cpp
@@ -189,51 +189,47 @@ StatementParams::NewResolve(nsIXPConnect
                             JSObject **_objp,
                             PRBool *_retval)
 {
   NS_ENSURE_TRUE(mStatement, NS_ERROR_NOT_INITIALIZED);
   // We do not throw at any point after this unless our index is out of range
   // because we want to allow the prototype chain to be checked for the
   // property.
 
-  PRUint32 idx;
-
+  bool resolved = false;
+  PRBool ok = PR_TRUE;
   if (JSVAL_IS_INT(aId)) {
-    idx = JSVAL_TO_INT(aId);
+    PRUint32 idx = JSVAL_TO_INT(aId);
 
     // Ensure that our index is within range.  We do not care about the
     // prototype chain being checked here.
     if (idx >= mParamCount)
       return NS_ERROR_INVALID_ARG;
+
+    ok = ::JS_DefineElement(aCtx, aScopeObj, idx, JSVAL_VOID, nsnull,
+                            nsnull, 0);
+    resolved = true;
   }
   else if (JSVAL_IS_STRING(aId)) {
     JSString *str = JSVAL_TO_STRING(aId);
     jschar *nameChars = ::JS_GetStringChars(str);
     size_t nameLength = ::JS_GetStringLength(str);
 
     // Check to see if there's a parameter with this name, and if not, let
     // the rest of the prototype chain be checked.
     NS_ConvertUTF16toUTF8 name(reinterpret_cast<const PRUnichar *>(nameChars),
                                nameLength);
+    PRUint32 idx;
     nsresult rv = mStatement->GetParameterIndex(name, &idx);
-    if (NS_FAILED(rv)) {
-      *_objp = NULL;
-      return NS_OK;
+    if (NS_SUCCEEDED(rv)) {
+      ok = ::JS_DefineUCProperty(aCtx, aScopeObj, nameChars, nameLength,
+                                 JSVAL_VOID, nsnull, nsnull, 0);
+      resolved = true;
     }
-
-    *_retval = ::JS_DefineUCProperty(aCtx, aScopeObj, nameChars, nameLength,
-                                     JSVAL_VOID, nsnull, nsnull, 0);
-    NS_ENSURE_TRUE(*_retval, NS_OK);
-  }
-  else {
-    // We do not handle other types.
-    return NS_OK;
   }
 
-  *_retval = ::JS_DefineElement(aCtx, aScopeObj, idx, JSVAL_VOID, nsnull,
-                                nsnull, 0);
-  if (*_retval)
-    *_objp = aScopeObj;
+  *_retval = ok;
+  *_objp = resolved && ok ? aScopeObj : nsnull;
   return NS_OK;
 }
 
 } // namespace storage
 } // namespace mozilla