Bug 705875 - Check for null IID pointers and references in XPCConvert. r=khuey
authorBobby Holley <bobbyholley@gmail.com>
Thu, 01 Dec 2011 18:24:28 -0800
changeset 81134 59fe691e50d3d1bfae9e7f41f7b1828ada4df77f
parent 81133 d896a4fb99f78400c27dc1c0a95a77c0aa6e4f01
child 81135 f1c49a3b76e76c571ac12e66535aecb14d434b4d
push id21559
push usermak77@bonardo.net
push dateFri, 02 Dec 2011 11:12:13 +0000
treeherdermozilla-central@1c13e42d24fa [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerskhuey
bugs705875
milestone11.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 705875 - Check for null IID pointers and references in XPCConvert. r=khuey This is a regression from http://hg.mozilla.org/mozilla-central/rev/c428312abbc7 . The rest of the changes in that patch should be fine.
js/xpconnect/crashtests/705875.html
js/xpconnect/crashtests/crashtests.list
js/xpconnect/src/XPCConvert.cpp
new file mode 100644
--- /dev/null
+++ b/js/xpconnect/crashtests/705875.html
@@ -0,0 +1,7 @@
+<!DOCTYPE html>
+<script>
+
+window.QueryInterface(Components.interfaces.nsIInterfaceRequestor);
+window.getInterface(null);
+
+</script>
--- a/js/xpconnect/crashtests/crashtests.list
+++ b/js/xpconnect/crashtests/crashtests.list
@@ -29,8 +29,9 @@ load 558979.html
 load 582649.html
 load 601284-1.html
 load 603146-1.html
 load 603858-1.html
 load 608963.html
 load 616930-1.html
 load 639737-1.html
 load 648206-1.html
+load 705875.html
--- a/js/xpconnect/src/XPCConvert.cpp
+++ b/js/xpconnect/src/XPCConvert.cpp
@@ -596,19 +596,21 @@ XPCConvert::JSData2Native(XPCCallContext
             XPC_LOG_ERROR(("XPCConvert::JSData2Native : void* params not supported"));
             NS_ERROR("void* params not supported");
             return false;
         case nsXPTType::T_IID:
         {
             JSObject* obj;
             const nsID* pid=nsnull;
 
+            // There's no good reason to pass a null IID.
             if (JSVAL_IS_VOID(s) || JSVAL_IS_NULL(s)) {
-                *((const nsID**)d) = nsnull;
-                return true;
+                if (pErr)
+                  *pErr = NS_ERROR_XPC_BAD_CONVERT_JS;
+                return false;
             }
 
             if (!JSVAL_IS_OBJECT(s) ||
                 (!(obj = JSVAL_TO_OBJECT(s))) ||
                 (!(pid = xpc_JSObjectToID(cx, obj))) ||
                 (!(pid = (const nsID*) nsMemory::Clone(pid, sizeof(nsID))))) {
                 return false;
             }