Closed
Bug 950246
Opened 10 years ago
Closed 10 years ago
nsDOMWindowUtils::StopFrameTimeRecording() alloc uses sizeof(float*) instead of sizeof(float)
Categories
(Core :: DOM: Core & HTML, defect)
Tracking
()
RESOLVED
FIXED
mozilla29
People
(Reporter: dveditz, Assigned: lpy)
References
(Blocks 1 open bug)
Details
(Keywords: coverity, Whiteboard: [CID 1136628][mentor=jdm][lang=c++][qa-])
Attachments
(1 file)
1.01 KB,
patch
|
khuey
:
review+
|
Details | Diff | Splinter Review |
StopFrameTimeRecording allocates the wrong amount of space, using sizeof(float*) instead of sizeof(float). On 64-bit systems this gives us too big a buffer which is at least the safe direction. nsTArray<float> tmpFrameIntervals; [...] -> *frameIntervals = (float*)nsMemory::Alloc(*frameCount * sizeof(float*)); [...] for (uint32_t i = 0; i < *frameCount; i++) { (*frameIntervals)[i] = tmpFrameIntervals[i]; } Not sure why Coverity just picked that up this scan, it's apparently been like that since bug 826383
Comment 1•10 years ago
|
||
http://mxr.mozilla.org/mozilla-central/source/dom/base/nsDOMWindowUtils.cpp
Whiteboard: [CID 1136628] → [CID 1136628][mentor=jdm][lang=c++]
Assignee | ||
Comment 2•10 years ago
|
||
I was wondering why this is not a good first bug?
Assignee: nobody → pylaurent1314
Attachment #8361763 -
Flags: review?(josh)
Comment 3•10 years ago
|
||
Comment on attachment 8361763 [details] [diff] [review] bug950246.patch Redirecting the review to a DOM peer.
Attachment #8361763 -
Flags: review?(josh) → review?(khuey)
Comment 4•10 years ago
|
||
I just forgot to add the the tag.
Assignee | ||
Comment 5•10 years ago
|
||
Thank you :)
Attachment #8361763 -
Flags: review?(khuey) → review+
Updated•10 years ago
|
Keywords: checkin-needed
Comment 6•10 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/d97fcd278cd2
Keywords: checkin-needed
https://hg.mozilla.org/mozilla-central/rev/d97fcd278cd2
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla29
Updated•10 years ago
|
Whiteboard: [CID 1136628][mentor=jdm][lang=c++] → [CID 1136628][mentor=jdm][lang=c++][qa-]
Updated•6 years ago
|
Blocks: coverity-analysis
Updated•5 years ago
|
Component: DOM → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•