Bug 662126 - Audit ConfirmEx callers to ensure that aCheckState is not an uninitialized PRBool r=bz

2011-06-07 20:06:12 +02:00 · 2011-06-07 20:06:12 +02:00 · 471035dfb8
--- a/caps/src/nsScriptSecurityManager.cpp
+++ b/caps/src/nsScriptSecurityManager.cpp
@ -2799,7 +2799,9 @@ nsScriptSecurityManager::RequestCapability(nsIPrincipal* aPrincipal,
    {
        // Prompt user for permission to enable capability.
        JSContext* cx = GetCurrentJSContext();
-        PRBool remember;
+        // The actual value is irrelevant but we shouldn't be handing out
+        // malformed JSBools to XPConnect.
+        PRBool remember = PR_FALSE;
        if (CheckConfirmDialog(cx, aPrincipal, capability, &remember))
            *canEnable = nsIPrincipal::ENABLE_GRANTED;
        else
--- a/netwerk/protocol/http/nsHttpChannelAuthProvider.cpp
+++ b/netwerk/protocol/http/nsHttpChannelAuthProvider.cpp
@ -1182,7 +1182,9 @@ nsHttpChannelAuthProvider::ConfirmAuth(const nsString &bundleKey,
    PRBool confirmed;
    if (doYesNoPrompt) {
        PRInt32 choice;
-        PRBool checkState;
+        // The actual value is irrelevant but we shouldn't be handing out
+        // malformed JSBools to XPConnect.
+        PRBool checkState = PR_FALSE;
        rv = prompt->ConfirmEx(nsnull, msg,
                               nsIPrompt::BUTTON_POS_1_DEFAULT +
                               nsIPrompt::STD_YES_NO_BUTTONS,
--- a/security/manager/ssl/src/nsCrypto.cpp
+++ b/security/manager/ssl/src/nsCrypto.cpp
@ -2937,7 +2937,9 @@ confirm_user(const PRUnichar *message)
  if (prompter) {
    nsPSMUITracker tracker;
    if (!tracker.isUIForbidden()) {
-      PRBool checkState;
+      // The actual value is irrelevant but we shouldn't be handing out
+      // malformed JSBools to XPConnect.
+      PRBool checkState = PR_FALSE;
      prompter->ConfirmEx(0, message,
                          (nsIPrompt::BUTTON_DELAY_ENABLE) +
                          (nsIPrompt::BUTTON_POS_1_DEFAULT) +
--- a/toolkit/xre/nsAppRunner.cpp
+++ b/toolkit/xre/nsAppRunner.cpp
@ -1809,7 +1809,9 @@ ProfileLockedDialog(nsILocalFile* aProfileDir, nsILocalFile* aProfileLocalDir,
    }

    PRInt32 button;
-    PRBool checkState;
+    // The actual value is irrelevant but we shouldn't be handing out
+    // malformed JSBools to XPConnect.
+    PRBool checkState = PR_FALSE;
    rv = ps->ConfirmEx(nsnull, killTitle, killMessage, flags,
                       killTitle, nsnull, nsnull, nsnull, &checkState, &button);
    NS_ENSURE_SUCCESS_LOG(rv, rv);