Closed Bug 1230929 Opened 4 years ago Closed 4 years ago

[Static Analysis][Dereference after null check] Function gfxASurface::Init from gfxASurface.cpp

Categories

(Core :: Graphics, defect)

defect
Not set

Tracking

()

RESOLVED FIXED
mozilla45
Tracking Status
firefox45 --- fixed

People

(Reporter: andi, Assigned: andi)

References

(Blocks 1 open bug)

Details

(Keywords: coverity, Whiteboard: CID 1338026)

Attachments

(1 file, 1 obsolete file)

The Static Analysis tool Coverity added that variable surface can be null and so in the first if block it can be null derefereced, resulting a crash. 

on line:
>>  mSurfaceValid = surface && !cairo_surface_status(surface);
Assuming that surface is null mSurfaceValid will be false.

>> if (!mSurfaceValid) {
   	
>>        gfxWarning() << "ASurface Init failed with Cairo status " << cairo_surface_status(surface) << " on " << hexa(surface);
>>    }
Having mSurfaceValid false the if branch will be valid so in function: cairo_surface_status(...), will be dereferencem.
Since we assumed that surface is null a null pointer dereference will occur.
Whiteboard: CID 1338026
Attached patch Bug 1230929.diff (obsolete) — Splinter Review
Hello jeff,

Can you please take a look other this patch?

THX
Attachment #8696455 - Flags: review?(jmuizelaar)
Comment on attachment 8696455 [details] [diff] [review]
Bug 1230929.diff

Review of attachment 8696455 [details] [diff] [review]:
-----------------------------------------------------------------

This looks fine. The cast to bool should be unnecessary, please remove it.
Attachment #8696455 - Flags: review?(jmuizelaar) → review+
Attached patch Bug 1230929.diffSplinter Review
Thank you Jeff
Attachment #8696455 - Attachment is obsolete: true
Keywords: checkin-needed
https://hg.mozilla.org/mozilla-central/rev/0f9e4f23c1e6
Status: NEW → RESOLVED
Closed: 4 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla45
You need to log in before you can comment on or make changes to this bug.