Bug 462728 crash when using alert from docloaderservice onStateChange listener [@ nsJARChannel::OnStartRequest]
authortimeless <timeless@mozdev.org>
Thu, 05 Mar 2009 13:27:48 +0100
changeset 25186 10b548fd8c74fe49a095166bbacf59aba74f6f09
parent 25185 03488659774a70bf4ed6a7bba695885f8c4dd059
child 25187 cfbbfb8b4d531f7dfe37b8658204baf968ae6cc5
push id1411
push userdgottwald@mozilla.com
push dateFri, 15 May 2009 07:32:30 +0000
bugs462728
milestone1.9.1b5pre
Bug 462728 crash when using alert from docloaderservice onStateChange listener [@ nsJARChannel::OnStartRequest] r=biesi
modules/libjar/nsJARChannel.cpp
--- a/modules/libjar/nsJARChannel.cpp
+++ b/modules/libjar/nsJARChannel.cpp
@@ -688,31 +688,40 @@ nsJARChannel::AsyncOpen(nsIStreamListene
     mIsUnsafe = PR_TRUE;
 
     // Initialize mProgressSink
     NS_QueryNotificationCallbacks(mCallbacks, mLoadGroup, mProgressSink);
 
     nsresult rv = EnsureJarInput(PR_FALSE);
     if (NS_FAILED(rv)) return rv;
 
+    // These variables must only be set if we're going to trigger an
+    // OnStartRequest, either from AsyncRead or OnDownloadComplete.
+    mListener = listener;
+    mListenerContext = ctx;
+    mIsPending = PR_TRUE;
     if (mJarInput) {
-        // create input stream pump
+        // create input stream pump and call AsyncRead as a block
         rv = NS_NewInputStreamPump(getter_AddRefs(mPump), mJarInput);
-        if (NS_FAILED(rv)) return rv;
+        if (NS_SUCCEEDED(rv))
+            rv = mPump->AsyncRead(this, nsnull);
 
-        rv = mPump->AsyncRead(this, nsnull);
-        if (NS_FAILED(rv)) return rv;
+        // If we failed to create the pump or initiate the AsyncRead,
+        // then we need to clear these variables.
+        if (NS_FAILED(rv)) {
+            mIsPending = PR_FALSE;
+            mListenerContext = nsnull;
+            mListener = nsnull;
+            return rv;
+        }
     }
 
     if (mLoadGroup)
         mLoadGroup->AddRequest(this, nsnull);
 
-    mListener = listener;
-    mListenerContext = ctx;
-    mIsPending = PR_TRUE;
     return NS_OK;
 }
 
 //-----------------------------------------------------------------------------
 // nsIJARChannel
 //-----------------------------------------------------------------------------
 NS_IMETHODIMP
 nsJARChannel::GetIsUnsafe(PRBool *isUnsafe)