gcc 4.7 is complaining that policy may be used uninitialized in InternetHostSecurityManager_QueryCustomPolicy() and indeed there are many error cases in confirm_safety_load() and confirm_safety() where the policy is not set. The patch belowe seems to plug all these holes but I don't know if it really makes sense.
diff --git a/dlls/mshtml/secmgr.c b/dlls/mshtml/secmgr.c index ff349ac..3f64a42 100644 --- a/dlls/mshtml/secmgr.c +++ b/dlls/mshtml/secmgr.c @@ -104,10 +104,9 @@ static HRESULT confirm_safety_load(HTMLDocumentNode *This, struct CONFIRMSAFETY CATID init_catid = CATID_SafeForInitializing;
hres = ICatInformation_IsClassOfCategories(This->catmgr, &cs->clsid, 1, &init_catid, 0, NULL); + *ret = hres == S_OK ? URLPOLICY_ALLOW : URLPOLICY_DISALLOW; if(FAILED(hres)) return hres; - - *ret = hres == S_OK ? URLPOLICY_ALLOW : URLPOLICY_DISALLOW; }
return S_OK; @@ -157,13 +156,17 @@ static HRESULT confirm_safety(HTMLDocumentNode *This, const WCHAR *url, struct C if(!This->catmgr) { hres = CoCreateInstance(&CLSID_StdComponentCategoriesMgr, NULL, CLSCTX_INPROC_SERVER, &IID_ICatInformation, (void**)&This->catmgr); - if(FAILED(hres)) + if(FAILED(hres)) { + *ret = URLPOLICY_DISALLOW; return hres; + } }
hres = ICatInformation_IsClassOfCategories(This->catmgr, &cs->clsid, 1, &scripting_catid, 0, NULL); - if(FAILED(hres)) + if(FAILED(hres)) { + *ret = URLPOLICY_DISALLOW; return hres; + }
if(hres != S_OK) { *ret = URLPOLICY_DISALLOW;