Bug 1349187 - Ensure the Rollup implementations clear the out-pointer even upon returning false. r?enndeakin
This ensures that the pointer is always either null or a valid nsIContent after
the call to Rollup returns, and avoids potentially leaving it as garbage. An
alternative approach would be to make the call sites responsible for ensuring it
is set to nullptr if the function returns false, but this seems safer.
MozReview-Commit-ID: BXxPBgs6MZL
--- a/layout/forms/nsComboboxControlFrame.cpp
+++ b/layout/forms/nsComboboxControlFrame.cpp
@@ -1462,16 +1462,20 @@ nsComboboxControlFrame::SetInitialChildL
//----------------------------------------------------------------------
//nsIRollupListener
//----------------------------------------------------------------------
bool
nsComboboxControlFrame::Rollup(uint32_t aCount, bool aFlush,
const nsIntPoint* pos, nsIContent** aLastRolledUp)
{
+ if (aLastRolledUp) {
+ *aLastRolledUp = nullptr;
+ }
+
if (!mDroppedDown) {
return false;
}
bool consume = !!COMBOBOX_ROLLUP_CONSUME_EVENT;
AutoWeakFrame weakFrame(this);
mListControlFrame->AboutToRollup(); // might destroy us
if (!weakFrame.IsAlive()) {
--- a/layout/xul/nsXULPopupManager.cpp
+++ b/layout/xul/nsXULPopupManager.cpp
@@ -200,16 +200,20 @@ nsXULPopupManager::GetInstance()
MOZ_ASSERT(sInstance);
return sInstance;
}
bool
nsXULPopupManager::Rollup(uint32_t aCount, bool aFlush,
const nsIntPoint* pos, nsIContent** aLastRolledUp)
{
+ if (aLastRolledUp) {
+ *aLastRolledUp = nullptr;
+ }
+
// We can disable the autohide behavior via a pref to ease debugging.
if (nsXULPopupManager::sDevtoolsDisableAutoHide) {
// Required on linux to allow events to work on other targets.
if (mWidget) {
mWidget->CaptureRollupEvents(nullptr, false);
}
return false;
}