1230929 - [Static Analysis][Dereference after null check] Function gfxASurface::Init from gfxASurface.cpp

Status: RESOLVED FIXED

(Core :: Graphics, defect)

Description

[Andi-Bogdan Postelnicu [:andi]]

The Static Analysis tool Coverity added that variable surface can be null and so in the first if block it can be null derefereced, resulting a crash. 

on line:
>>  mSurfaceValid = surface && !cairo_surface_status(surface);
Assuming that surface is null mSurfaceValid will be false.

>> if (!mSurfaceValid) {
   	
>>        gfxWarning() << "ASurface Init failed with Cairo status " << cairo_surface_status(surface) << " on " << hexa(surface);
>>    }
Having mSurfaceValid false the if branch will be valid so in function: cairo_surface_status(...), will be dereferencem.
Since we assumed that surface is null a null pointer dereference will occur.

Comment 1

[Andi-Bogdan Postelnicu [:andi]]

Attachment: Bug 1230929.diff

Hello jeff,

Can you please take a look other this patch?

THX

Comment 2

[Jeff Muizelaar [:jrmuizel] PTO]

Comment on attachment 8696455 [details] [diff] [review]
Bug 1230929.diff

Review of attachment 8696455 [details] [diff] [review]:
-----------------------------------------------------------------

This looks fine. The cast to bool should be unnecessary, please remove it.

Comment 3

[Andi-Bogdan Postelnicu [:andi]]

Attachment: Bug 1230929.diff

Thank you Jeff

Comment 4

[Pulsebot]

https://hg.mozilla.org/integration/mozilla-inbound/rev/0f9e4f23c1e6

Comment 5

[Carsten Book [:Tomcat]]

https://hg.mozilla.org/mozilla-central/rev/0f9e4f23c1e6