Closed Bug 1188180 Opened 5 years ago Closed 5 years ago

Possible use of uninitialized |res| in |nsHTMLEditRules::GetNodesForOperation|

Categories

(Core :: DOM: Editor, enhancement)

enhancement
Not set
normal

Tracking

()

RESOLVED FIXED
mozilla42
Tracking Status
firefox42 --- fixed

People

(Reporter: erahm, Assigned: ayg)

References

(Blocks 1 open bug)

Details

(Keywords: coverity, Whiteboard: [CID 1296141])

Attachments

(1 file)

+++ This bug was initially created as a clone of Bug #1149163 +++

Coverity indicates it's possible that |res| [1] is used uninitialized [2]. It would appear this could happen if |rangeCount| is 0 and |aTouchContent == TouchContent::yes|.

[1] https://hg.mozilla.org/mozilla-central/annotate/2ddec2dedced/editor/libeditor/nsHTMLEditRules.cpp#l5765
[2] https://hg.mozilla.org/mozilla-central/annotate/2ddec2dedced/editor/libeditor/nsHTMLEditRules.cpp#l5793
Attached patch PatchSplinter Review
Yep, quite correct.  Thanks!  In this case we do need to initialize it.  rangeCount being 0 is not reasonable here, but I don't know if it's impossible.

I don't think this patch needs a try run.
Assignee: nobody → ayg
Status: NEW → ASSIGNED
Attachment #8639806 - Flags: review?(nfroyd)
Attachment #8639806 - Flags: review?(nfroyd) → review?(ehsan)
Attachment #8639806 - Flags: review?(ehsan) → review+
https://hg.mozilla.org/mozilla-central/rev/352601bcc307
Status: ASSIGNED → RESOLVED
Closed: 5 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla42
You need to log in before you can comment on or make changes to this bug.