Mercurial > mozilla-central / changeset / 59fe691e50d3d1bfae9e7f41f7b1828ada4df77f
summary | shortlog | changelog | pushlog | graph | tags | bookmarks | branches | files | changeset | raw | zip | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Bug 705875 - Check for null IID pointers and references in XPCConvert. r=khuey
authorBobby Holley <bobbyholley@gmail.com>
Thu, 01 Dec 2011 18:24:28 -0800
changeset 81134 59fe691e50d3d1bfae9e7f41f7b1828ada4df77f
parent 81133 d896a4fb99f78400c27dc1c0a95a77c0aa6e4f01
child 81135 f1c49a3b76e76c571ac12e66535aecb14d434b4d
push id21559
push usermak77@bonardo.net
push dateFri, 02 Dec 2011 11:12:13 +0000
treeherdermozilla-central@1c13e42d24fa [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerskhuey
bugs705875
milestone11.0a1
first release with
nightly linux32
9740118b9dcc / 11.0a1 / 20111203031109 / files
nightly linux64
9740118b9dcc / 11.0a1 / 20111203031109 / files
nightly mac
9740118b9dcc / 11.0a1 / 20111203031109 / files
nightly win32
9740118b9dcc / 11.0a1 / 20111203031109 / files
nightly win64
1c13e42d24fa / 11.0a1 / 20111202031055 / files
last release without
nightly linux32
e9686560b98d / 11.0a1 / 20111201031025 / files
nightly linux64
e9686560b98d / 11.0a1 / 20111201031025 / files
nightly mac
e9686560b98d / 11.0a1 / 20111201031025 / files
nightly win32
e9686560b98d / 11.0a1 / 20111201031025 / files
nightly win64
e9686560b98d / 11.0a1 / 20111201031025 / files
Bug 705875 - Check for null IID pointers and references in XPCConvert. r=khuey This is a regression from http://hg.mozilla.org/mozilla-central/rev/c428312abbc7 . The rest of the changes in that patch should be fine.
js/xpconnect/crashtests/705875.html file | annotate | diff | comparison | revisions
js/xpconnect/crashtests/crashtests.list file | annotate | diff | comparison | revisions
js/xpconnect/src/XPCConvert.cpp file | annotate | diff | comparison | revisions 
new file mode 100644
--- /dev/null
+++ b/js/xpconnect/crashtests/705875.html
@@ -0,0 +1,7 @@
+<!DOCTYPE html>
+<script>
+
+window.QueryInterface(Components.interfaces.nsIInterfaceRequestor);
+window.getInterface(null);
+
+</script>
--- a/js/xpconnect/crashtests/crashtests.list
+++ b/js/xpconnect/crashtests/crashtests.list
@@ -29,8 +29,9 @@ load 558979.html
 load 582649.html
 load 601284-1.html
 load 603146-1.html
 load 603858-1.html
 load 608963.html
 load 616930-1.html
 load 639737-1.html
 load 648206-1.html
+load 705875.html
--- a/js/xpconnect/src/XPCConvert.cpp
+++ b/js/xpconnect/src/XPCConvert.cpp
@@ -596,19 +596,21 @@ XPCConvert::JSData2Native(XPCCallContext
             XPC_LOG_ERROR(("XPCConvert::JSData2Native : void* params not supported"));
             NS_ERROR("void* params not supported");
             return false;
         case nsXPTType::T_IID:
         {
             JSObject* obj;
             const nsID* pid=nsnull;
 
+            // There's no good reason to pass a null IID.
             if (JSVAL_IS_VOID(s) || JSVAL_IS_NULL(s)) {
-                *((const nsID**)d) = nsnull;
-                return true;
+                if (pErr)
+                  *pErr = NS_ERROR_XPC_BAD_CONVERT_JS;
+                return false;
             }
 
             if (!JSVAL_IS_OBJECT(s) ||
                 (!(obj = JSVAL_TO_OBJECT(s))) ||
                 (!(pid = xpc_JSObjectToID(cx, obj))) ||
                 (!(pid = (const nsID*) nsMemory::Clone(pid, sizeof(nsID))))) {
                 return false;
             }
mozilla-central
Deployed from 18d8b634a3eb at 2022-06-27T19:41:42Z.