Closed Bug 317959 Opened 19 years ago Closed 19 years ago

nsTArray crashes when dealing with 0-sized arrays

Categories

(Core :: XPCOM, defect)

Product:
Core
Component:
XPCOM
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla1.9alpha1

People

(Reporter: bryner, Assigned: darin.moz)

Details

Attachments

(1 file, 1 obsolete file)

v1 patch
5.10 KB, patch
bryner
: review+
bryner
: superreview+
Details | Diff | Splinter Review 
nsTArray's Replace/InsertElementsAt and AppendElements unconditionally dereference [0] on the array that's passed to the method.  This isn't safe if the other array has 0 elements.  Patch coming up.
Attached patch patch (obsolete) — Splinter Review 

        Attachment #204317 -
        Flags: review?(darin)

    
    

    
  
Comment on attachment 204317 [details] [diff] [review]
patch

>Index: nsTArray.h

>     PRBool ReplaceElementsAt(index_type start, size_type count,
>                              const self_type& a) {
>-      return ReplaceElementsAt(start, count, &a[0], a.Length());
>+      PRUint32 length = a.Length();
>+      return (length == 0) ? PR_TRUE
>+        : ReplaceElementsAt(start, count, &a[0], length);
>     }

If |a| is empty (see .IsEmpty() method), then that doesn't make
ReplaceElementsAt a no-op.  Instead, it means that we need to 
remove |count| elements from the offset |start|.

It'd be nice if there was a way to avoid the branches checking
for an empty string.  Perhaps the solution is to use |a.Elements()|
instead of "&a[0]".

        Attachment #204317 -
        Flags: review?(darin) → review-

    
    

    
  

      
      
      
      

        Attached patch
          
          
        v1 patchSplinter Review
      

    


  
Assignee: bryner → darin

        Attachment #204317 -
        Attachment is obsolete: true
Status: NEW → ASSIGNED

        Attachment #204372 -
        Flags: superreview?(bryner)

        Attachment #204372 -
        Flags: review?(bryner)

    
  

        Attachment #204372 -
        Flags: superreview?(bryner)

        Attachment #204372 -
        Flags: superreview+

        Attachment #204372 -
        Flags: review?(bryner)

        Attachment #204372 -
        Flags: review+

    
    

    
  
checked in
Status: ASSIGNED → RESOLVED
Closed: 19 years ago
Resolution: --- → FIXED

    
  
Target Milestone: --- → mozilla1.9alpha

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: