Closed Bug 790699 Opened 12 years ago Closed 9 years ago

Security Coverage: Inspect editor/libeditor/html/nsHTMLEditor.cpp

Categories

(Core :: DOM: Editor, defect)

Product:
Core
Component:
DOM: Editor
Platform:
x86_64
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED INCOMPLETE

People

(Reporter: decoder, Unassigned)

References

Details

(Keywords: sec-audit) 

According to our analysis, the file editor/libeditor/html/nsHTMLEditor.cpp has untested portions of code/functions and has been patched one or more times in the last 6 months due to security problems. The coverage data for this file (from a try run with our main test suites) is here:

http://people.mozilla.org/~choller/coverage/mc-tests-all-20120903/editor/libeditor/html/nsHTMLEditor.cpp.gcov.html

(Assertions, warnings and errors like out-of-memory conditions or those that cannot be triggered through content should be ignored).

File-specific comments: Just by scrolling over the file, I see quite a number of uncovered code blocks that are large and don't seem to be debug-only either. Overall too many issues to name them all here.

Overall coverage data from this run is available here:

http://people.mozilla.org/~choller/coverage/mc-tests-all-20120903/

Please add appropriate tests and/or check the untested portions of code if it is possible and reasonable.
Yeah, we've been making progress on getting more stuff in editor/ tested, but it's a painful process.  Good news is that we're much better at testing editor/ today than we were a couple of years ago.

That said, I'm not entirely sure that this bug can be spun off into a reasonable number of actionable bugs.
Per discussion with decoder, these bugs are not likely to be relevant at this point (and the reports themselves are long gone). Any further work is better suited for new bugs at this point.
Status: NEW → RESOLVED
Closed: 9 years ago
Keywords: testcase-wanted
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.