Closed Bug 1025164 Opened 6 years ago Closed 6 years ago

|mathVar| is uninitialized in MathMLTextRunFactory::RebuildTextRun when |length == 0|

Categories

(Core :: MathML, defect)

defect
Not set

Tracking

()

RESOLVED DUPLICATE of bug 982315

People

(Reporter: mccr8, Unassigned)

References

(Blocks 1 open bug)

Details

(Keywords: coverity, csectype-uninitialized, Whiteboard: [CID 1221244])

If length is 0, then we never go into the loop that initialized mathVar, and we end up using it uninitialized.  I don't know how much of a security problem this is in practice.

  uint8_t mathVar;
  ...

  for (uint32_t i = 0; i < length; ++i) {
    ...
  }

  ...

  if (mathVar == NS_MATHML_MATHVARIANT_BOLD && doMathvariantStyling) {
It looks like this will only set fontStyle.style and fontStyle.weight randomly so I don't think that will be a security problem. This is a duplicate of bug 982315.
Group: core-security
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 982315
You need to log in before you can comment on or make changes to this bug.