Closed Bug 1230918 Opened 10 years ago Closed 9 years ago

[Static Analysis][Dereference before null check] Function PresShell::ContentRemoved from nsPresShell.cpp

Categories

(Core :: Layout, defect)

Product:
Core
Component:
Layout
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla47
Tracking Flags:
Tracking Status
firefox45 --- affected
firefox47 --- fixed

People

(Reporter: andi, Assigned: andi)

References

(Blocks 1 open bug)

Details

(Keywords: coverity, Whiteboard: CID 1338034)

Attachments

(2 files)

Bug 1230918.diff
1.14 KB, patch
dbaron
: review-
Details | Diff | Splinter Review
MozReview Request: Bug 1230918 - remove useless null-pointer check on aChild that only caused a Coverity - Dereference before null check. r?dbaron
58 bytes, text/x-review-board-request
dbaron
: review+
Details
The Static Analysis tool Coverity added a null pointer dereference can occur if aChild is null on the path: mPresContext->EventStateManager()->ContentRemoved(aDocument, aChild)-> 5EventStateManager::ContentRemoved(nsIDocument* aDocument, nsIContent* aContent) inline bool IsAnyOfHTMLElements(First aFirst, Args... aArgs) const inline bool IsHTMLElement() const inline bool IsInNamespace(int32_t aNamespace) const operator->() const MOZ_NO_ADDREF_RELEASE_ON_RETURN
Attached patch Bug 1230918.diffSplinter Review
Hello David, Could you please take a look other this patch? THX
Attachment #8696449 - Flags: review?(dbaron)
Comment on attachment 8696449 [details] [diff] [review] Bug 1230918.diff This is silly. Why does coverity want us to add the assertion for this pointer in particular, but not others? "valid pointer" is also the wrong expression; you should say "non-null"
Attachment #8696449 - Flags: review?(dbaron) → review-
The checker is trigger since the null check is done after the dereference but in our case aChild is already null checked in function doRemoveChildAt: >> NS_PRECONDITION(aKid && aKid->GetParentNode() == this && >> aKid == GetChildAt(aIndex) && >> IndexOf(aKid) == (int32_t)aIndex, "Bogus aKid"); The callstack would be doRemoveChildAt->nsNodeUtils::ContentRemoved->PresShell::ContentRemoved
Comment on attachment 8717816 [details] MozReview Request: Bug 1230918 - remove useless null-pointer check on aChild that only caused a Coverity - Dereference before null check. r?dbaron https://reviewboard.mozilla.org/r/34335/#review32347 r=dbaron Thanks for revising this.
Attachment #8717816 - Flags: review?(dbaron) → review+
https://hg.mozilla.org/mozilla-central/rev/27751e488cb8
Status: NEW → RESOLVED
Closed: 9 years ago
status-firefox47: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla47
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: