Closed
Bug 1191608
Opened 6 years ago
Closed 6 years ago
CanvasRenderingContext2D::DrawImage can read uninitialized pointer
Categories
(Core :: Canvas: 2D, defect)
Core
Canvas: 2D
Tracking
()
RESOLVED
FIXED
mozilla42
| Tracking | Status | |
|---|---|---|
| firefox42 | --- | fixed |
People
(Reporter: erahm, Assigned: lsalzman)
References
(Blocks 1 open bug)
Details
(Keywords: coverity, Whiteboard: [CID 1314983])
Attachments
(1 file)
|
1.09 KB,
patch
|
bas.schouten
:
review+
|
Details | Diff | Splinter Review |
Coverity indicates that it's possible that in |CanvasRenderingContext2D::DrawImage|, |element| [1] is compared to another pointer when uninitialized [2]. [1] https://dxr.mozilla.org/mozilla-central/rev/5cf4d2f7f2f2b3df2f1edd31b8bdce7882f3875c/dom/canvas/CanvasRenderingContext2D.cpp#4271 [2] https://dxr.mozilla.org/mozilla-central/rev/5cf4d2f7f2f2b3df2f1edd31b8bdce7882f3875c/dom/canvas/CanvasRenderingContext2D.cpp#4505
|
Assignee | |
Comment 1•6 years ago
|
||
This just initializes element to null, so that in places where it is not needed/assigned, it doesn't have a random garbage value.
|
||
Updated•6 years ago
|
Attachment #8644421 -
Flags: review?(bas) → review+
|
|
Assignee | |
Comment 2•6 years ago
|
||
Try run: https://treeherder.mozilla.org/#/jobs?repo=try&revision=7c3c9c7875b3
|
||
Comment 4•6 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/106c0863db60
Status: ASSIGNED → RESOLVED
Closed: 6 years ago
status-firefox42:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla42
|
||
Updated•3 years ago
|
Blocks: coverity-analysis
You need to log in
before you can comment on or make changes to this bug.
Description
•