[Static Analysis][Unintentional integer overflow] In function nsCookiePermission::PrefChanged

RESOLVED FIXED in Firefox 47

Status

()

Core
Networking: Cookies
RESOLVED FIXED
2 years ago
2 years ago

People

(Reporter: andi, Assigned: andi)

Tracking

(Blocks: 1 bug, {coverity})

Trunk
mozilla47
coverity
Points:
---

Firefox Tracking Flags

(firefox47 fixed)

Details

(Whiteboard: CID 1286649)

MozReview Requests

()

Submitter Diff Changes Open Issues Last Updated
Loading...
Error loading review requests:

Attachments

(1 attachment)

(Assignee)

Description

2 years ago
The Static Analysis tool Coverity added that an unintentional int32 overflow may happen: 

>> mCookiesLifetimeSec = val * 24 * 60 * 60;

mCookiesLifetimeSec is int64_t but the result of right side expression will be int32_t and afterwards will be casted to int64_t. Now the impact is minor since the maximum value that can would be stored in mCookieLifetimeSec would be 2^31 - 1 but i guess this think can't hurt to have it in the code.
(Assignee)

Comment 1

2 years ago
Created attachment 8718800 [details]
MozReview Request: Bug 1247912 - convert left side expression to int64_t when assigning to mCookiesLifetimeSec in order to avoid overflow. r?jdm

Review commit: https://reviewboard.mozilla.org/r/34751/diff/#index_header
See other reviews: https://reviewboard.mozilla.org/r/34751/
Attachment #8718800 - Flags: review?(josh)

Comment 2

2 years ago
Comment on attachment 8718800 [details]
MozReview Request: Bug 1247912 - convert left side expression to int64_t when assigning to mCookiesLifetimeSec in order to avoid overflow. r?jdm

https://reviewboard.mozilla.org/r/34751/#review32193

Makes sense. Thanks!
Attachment #8718800 - Flags: review?(josh) → review+

Comment 3

2 years ago
https://hg.mozilla.org/integration/mozilla-inbound/rev/022e3fe6f4b6

Comment 4

2 years ago
bugherder
https://hg.mozilla.org/mozilla-central/rev/022e3fe6f4b6
Status: NEW → RESOLVED
Last Resolved: 2 years ago
status-firefox47: affected → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla47
You need to log in before you can comment on or make changes to this bug.