Closed
Bug 1216810
Opened 10 years ago
Closed 10 years ago
|TabChild::RecvRealMouseButtonEvent| passes uninitialized value |unused| to |InputAPZContext|
Categories
(Core :: DOM: Content Processes, defect)
Core
DOM: Content Processes
Tracking
()
RESOLVED
WONTFIX
| Tracking | Status | |
|---|---|---|
| firefox44 | --- | affected |
People
(Reporter: erahm, Unassigned)
References
(Blocks 1 open bug)
Details
(Keywords: coverity, Whiteboard: [CID 1325956])
Coverity indicates |TabChild::RecvRealMouseButtonEvent| passes uninitialized value |unused| [1] to |InputAPZContext| which then stores it in a member and static variable [2].
It's possible this is harmless but it looks like the simplest solution would be to initialize the value to |nsEventStatus_eIgnore|.
Flagging as sec as I haven't determined whether this can lead to undefined behavior or not.
[1] https://dxr.mozilla.org/mozilla-central/rev/f7b746b4e91307448cb0746a41f677bfc23908b0/dom/ipc/TabChild.cpp#1930
[2] https://dxr.mozilla.org/mozilla-central/rev/f7b746b4e91307448cb0746a41f677bfc23908b0/gfx/layers/apz/util/InputAPZContext.cpp#45,50
|
||
Updated•10 years ago
|
Group: core-security → dom-core-security
|
||
Comment 1•10 years ago
|
||
This should be harmless. It was in fact done intentionally - see https://bugzilla.mozilla.org/show_bug.cgi?id=1199885#c101. Is there a way to make Coverity ignore it unless the garbage starts getting used?
|
||
Comment 2•10 years ago
|
||
FWIW I'm not opposed to initializing it to something if that's the pragmatic thing to do.
|
||
Updated•10 years ago
|
Group: dom-core-security
|
|
||
Updated•10 years ago
|
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → WONTFIX
|
||
Updated•7 years ago
|
Blocks: coverity-analysis
You need to log in
before you can comment on or make changes to this bug.
Description
•