Closed Bug 1231107 Opened 4 years ago Closed 4 years ago

[Static Analysis][Explicit null dereferenced] Function BuildSegmentsFromValueEntries from KeyframeEffect.cpp

Categories

(Core :: DOM: Animation, defect)

defect
Not set

Tracking

()

RESOLVED FIXED
mozilla45
Tracking Status
firefox45 --- fixed

People

(Reporter: andi, Assigned: andi)

References

(Blocks 1 open bug)

Details

(Keywords: coverity, Whiteboard: CID 1328736)

Attachments

(1 file)

The Static Analysis tool Coverity added that variable animationProperty can be null thus causing a null pointer dereference on line:

>>    // Now generate the segment.
>>    AnimationPropertySegment* segment =
>>      animationProperty->mSegments.AppendElement();

This could happen when condition is false:

>>    // If we've moved on to a new property, create a new AnimationProperty
>>    // to insert segments into.
>>    if (aEntries[i].mProperty != lastProperty) {
>>      MOZ_ASSERT(aEntries[i].mOffset == 0.0f);
>>      animationProperty = aResult.AppendElement();
>>      animationProperty->mProperty = aEntries[i].mProperty;
>>      animationProperty->mWinsInCascade = true;
>>      lastProperty = aEntries[i].mProperty;
>>    }
Whiteboard: CID 1328736
Attached patch Bug 1231107.diffSplinter Review
Hello Johnny,

Can you please take a look other this patch?

THX
Attachment #8696666 - Flags: review?(jst)
Comment on attachment 8696666 [details] [diff] [review]
Bug 1231107.diff

The relevant code is from Bug 1208951
Attachment #8696666 - Flags: review?(jst) → review?(cam)
Component: DOM → DOM: Animation
Attachment #8696666 - Flags: review?(cam) → review+
Thank you for the review.
Keywords: checkin-needed
https://hg.mozilla.org/mozilla-central/rev/6a1393f29854
Status: NEW → RESOLVED
Closed: 4 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla45
You need to log in before you can comment on or make changes to this bug.