Closed Bug 1235373 Opened 4 years ago Closed 4 years ago

[Static Analysis][Dereference null return value] In function StyleInfo::Margin from StyleInfo.cpp

Categories

(Core :: Disability Access APIs, defect)

defect
Not set

Tracking

()

RESOLVED FIXED
mozilla46
Tracking Status
firefox46 --- fixed

People

(Reporter: andi, Assigned: andi)

References

(Blocks 1 open bug)

Details

(Keywords: coverity, Whiteboard: CID 1345640, CID 1345639)

Attachments

(1 file, 1 obsolete file)

The Static Analysis tool Coverity added that mElement->GetPrimaryFrame() is not tested to be a valid pointer thus in case of null, a null pointer dereference happens:

>>  aValue.Truncate();
>>
>>  nscoord coordVal = mElement->GetPrimaryFrame()->GetUsedMargin().Side(aSide);
Attached patch Bug 1235373.diff (obsolete) — Splinter Review
Attachment #8702281 - Flags: review?(surkov.alexander)
Attached patch Bug 1235373.diffSplinter Review
Updated patch to also include the check for frame pointer from function StyleInfo::TextIndent:

>>    case eStyleUnit_Percent:
>>    {
>>      nsIFrame* frame = mElement->GetPrimaryFrame();
>>      nsIFrame* containerFrame = frame->GetContainingBlock();
Attachment #8702281 - Attachment is obsolete: true
Attachment #8702281 - Flags: review?(surkov.alexander)
Attachment #8702286 - Flags: review?(surkov.alexander)
Whiteboard: CID 1345640 → CID 1345640, CID 1345639
Attachment #8702286 - Flags: review?(surkov.alexander) → review+
Keywords: checkin-needed
https://hg.mozilla.org/mozilla-central/rev/9ccdf1f5887b
Status: NEW → RESOLVED
Closed: 4 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla46
You need to log in before you can comment on or make changes to this bug.