Possible use of uninitialized |res| in |nsHTMLEditRules::GetNodesForOperation|

RESOLVED FIXED in Firefox 42

Status

()

enhancement
RESOLVED FIXED
4 years ago
Last year

People

(Reporter: erahm, Assigned: ayg)

Tracking

(Blocks 1 bug, {coverity})

unspecified
mozilla42
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(firefox42 fixed)

Details

(Whiteboard: [CID 1296141])

Attachments

(1 attachment)

+++ This bug was initially created as a clone of Bug #1149163 +++

Coverity indicates it's possible that |res| [1] is used uninitialized [2]. It would appear this could happen if |rangeCount| is 0 and |aTouchContent == TouchContent::yes|.

[1] https://hg.mozilla.org/mozilla-central/annotate/2ddec2dedced/editor/libeditor/nsHTMLEditRules.cpp#l5765
[2] https://hg.mozilla.org/mozilla-central/annotate/2ddec2dedced/editor/libeditor/nsHTMLEditRules.cpp#l5793
Posted patch PatchSplinter Review
Yep, quite correct.  Thanks!  In this case we do need to initialize it.  rangeCount being 0 is not reasonable here, but I don't know if it's impossible.

I don't think this patch needs a try run.
Assignee: nobody → ayg
Status: NEW → ASSIGNED
Attachment #8639806 - Flags: review?(nfroyd)
Attachment #8639806 - Flags: review?(nfroyd) → review?(ehsan)
Attachment #8639806 - Flags: review?(ehsan) → review+
https://hg.mozilla.org/mozilla-central/rev/352601bcc307
Status: ASSIGNED → RESOLVED
Closed: 4 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla42
You need to log in before you can comment on or make changes to this bug.