Closed
Bug 334712
Opened 18 years ago
Closed 18 years ago
Possible null pointer dereference in nsAFMObject.cpp
Categories
(Core :: Printing: Output, defect)
Tracking
()
RESOLVED
FIXED
People
(Reporter: kherron+mozilla, Assigned: srini)
References
(Blocks 1 open bug, )
Details
(Keywords: coverity, Whiteboard: [good first bug])
Attachments
(1 file)
|
676 bytes,
patch
|
roc
:
review+
roc
:
superreview+
|
Details | Diff | Splinter Review |
This was found through a coverity scan of the mozilla source. Please refer to the sample URL. The nsAFMObject dtor is as follows:
217 nsAFMObject :: ~nsAFMObject()
218 {
219
220 if(mPSFontInfo->mAFMCharMetrics){
221 delete [] mPSFontInfo->mAFMCharMetrics;
222 }
223
224 if(mPSFontInfo){
225 delete mPSFontInfo;
226 }
227 }
mPSFontInfo is set to null in the ctor so it could be null at line 220. In any event, it makes no sense to test mPSFontInfo for null at line 224 after dereferencing it at line 220.
|
Reporter | |
Updated•18 years ago
|
Whiteboard: [good first bug]
|
Assignee | |
Comment 1•18 years ago
|
||
A safe fix would be to change this to:
nsAFMObject :: ~nsAFMObject()
{
if (mPSFontInfo){
if(mPSFontInfo->mAFMCharMetrics){
delete [] mPSFontInfo->mAFMCharMetrics;
}
delete MPSFontInfo;
}
}|
|
Assignee | |
Comment 2•18 years ago
|
||
(In reply to comment #1) > A safe fix would be to change this to: Oops, not that safe... > delete MPSFontInfo; ... should be: delete mPSFontInfo; Sorry for the case typo.
|
|
Assignee | |
Comment 3•18 years ago
|
||
First go at a patch.
Attachment #221561 -
Flags: superreview+
Attachment #221561 -
Flags: review+
|
||
Updated•18 years ago
|
Assignee: printing → srini
|
|
||
Comment 4•18 years ago
|
||
Checked in to trunk. Thanks for the patch!
Status: NEW → RESOLVED
Closed: 18 years ago
Resolution: --- → FIXED
|
||
Updated•6 years ago
|
Blocks: coverity-analysis
You need to log in
before you can comment on or make changes to this bug.
Description
•