Closed
Bug 317959
Opened 19 years ago
Closed 19 years ago
nsTArray crashes when dealing with 0-sized arrays
Categories
(Core :: XPCOM, defect)
Core
XPCOM
Tracking
()
RESOLVED
FIXED
mozilla1.9alpha1
People
(Reporter: bryner, Assigned: darin.moz)
Details
Attachments
(1 file, 1 obsolete file)
5.10 KB,
patch
|
bryner
:
review+
bryner
:
superreview+
|
Details | Diff | Splinter Review |
nsTArray's Replace/InsertElementsAt and AppendElements unconditionally dereference [0] on the array that's passed to the method. This isn't safe if the other array has 0 elements. Patch coming up.
Reporter | ||
Comment 1•19 years ago
|
||
Attachment #204317 -
Flags: review?(darin)
Assignee | ||
Comment 2•19 years ago
|
||
Comment on attachment 204317 [details] [diff] [review] patch >Index: nsTArray.h > PRBool ReplaceElementsAt(index_type start, size_type count, > const self_type& a) { >- return ReplaceElementsAt(start, count, &a[0], a.Length()); >+ PRUint32 length = a.Length(); >+ return (length == 0) ? PR_TRUE >+ : ReplaceElementsAt(start, count, &a[0], length); > } If |a| is empty (see .IsEmpty() method), then that doesn't make ReplaceElementsAt a no-op. Instead, it means that we need to remove |count| elements from the offset |start|. It'd be nice if there was a way to avoid the branches checking for an empty string. Perhaps the solution is to use |a.Elements()| instead of "&a[0]".
Attachment #204317 -
Flags: review?(darin) → review-
Assignee | ||
Comment 3•19 years ago
|
||
Assignee: bryner → darin
Attachment #204317 -
Attachment is obsolete: true
Status: NEW → ASSIGNED
Attachment #204372 -
Flags: superreview?(bryner)
Attachment #204372 -
Flags: review?(bryner)
Reporter | ||
Updated•19 years ago
|
Attachment #204372 -
Flags: superreview?(bryner)
Attachment #204372 -
Flags: superreview+
Attachment #204372 -
Flags: review?(bryner)
Attachment #204372 -
Flags: review+
Reporter | ||
Comment 4•19 years ago
|
||
checked in
Status: ASSIGNED → RESOLVED
Closed: 19 years ago
Resolution: --- → FIXED
Assignee | ||
Updated•19 years ago
|
Target Milestone: --- → mozilla1.9alpha
You need to log in
before you can comment on or make changes to this bug.
Description
•