Closed Bug 1230918 Opened 4 years ago Closed 4 years ago

[Static Analysis][Dereference before null check] Function PresShell::ContentRemoved from nsPresShell.cpp

Categories

(Core :: Layout, defect)

defect
Not set

Tracking

()

RESOLVED FIXED
mozilla47
Tracking Status
firefox45 --- affected
firefox47 --- fixed

People

(Reporter: andi, Assigned: andi)

References

(Blocks 1 open bug)

Details

(Keywords: coverity, Whiteboard: CID 1338034)

Attachments

(2 files)

The Static Analysis tool Coverity added a null pointer dereference can occur if aChild is null on the path:

mPresContext->EventStateManager()->ContentRemoved(aDocument, aChild)->

5EventStateManager::ContentRemoved(nsIDocument* aDocument, nsIContent* aContent)
inline bool IsAnyOfHTMLElements(First aFirst, Args... aArgs) const
inline bool IsHTMLElement() const
inline bool IsInNamespace(int32_t aNamespace) const
operator->() const MOZ_NO_ADDREF_RELEASE_ON_RETURN
Attached patch Bug 1230918.diffSplinter Review
Hello David,

Could you please take a look other this patch?

THX
Attachment #8696449 - Flags: review?(dbaron)
Comment on attachment 8696449 [details] [diff] [review]
Bug 1230918.diff

This is silly.  Why does coverity want us to add the assertion for this pointer in particular, but not others?

"valid pointer" is also the wrong expression; you should say "non-null"
Attachment #8696449 - Flags: review?(dbaron) → review-
The checker is trigger since the null check is done after the dereference but in our case aChild is already null checked in function doRemoveChildAt:

>>  NS_PRECONDITION(aKid && aKid->GetParentNode() == this &&
>>                  aKid == GetChildAt(aIndex) &&
>>                  IndexOf(aKid) == (int32_t)aIndex, "Bogus aKid");

The callstack would be doRemoveChildAt->nsNodeUtils::ContentRemoved->PresShell::ContentRemoved
Comment on attachment 8717816 [details]
MozReview Request: Bug 1230918 - remove useless null-pointer check on aChild that only caused a Coverity - Dereference before null check. r?dbaron

https://reviewboard.mozilla.org/r/34335/#review32347

r=dbaron

Thanks for revising this.
Attachment #8717816 - Flags: review?(dbaron) → review+
https://hg.mozilla.org/mozilla-central/rev/27751e488cb8
Status: NEW → RESOLVED
Closed: 4 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla47
You need to log in before you can comment on or make changes to this bug.