Closed Bug 1251241 Opened 8 years ago Closed 8 years ago

[Static Analysis][Dereference after null check] In function DrawTargetCairo::FillGlyphs

Tracking

()

Status:

RESOLVED FIXED

Milestone:

mozilla47

Tracking Flags:

Tracking

Status

firefox47

---

fixed

People

(Reporter: andi, Assigned: andi)

References

(Blocks 1 open bug)

Details

(Keywords: coverity, Whiteboard: CID 1354260)

Attachments

(1 file)

MozReview Request: Bug 1251241 - return from DrawTargetCairo::FillGlyphs if \|aFont\| is nullptr. r?roc 8 years ago Andi [:andi] 58 bytes, text/x-review-board-request	roc : review+	Details

Andi [:andi]

Assignee

Description

•

8 years ago

The Static Analysis tool Coverity added if variable |aFont| is nullptr, as it's checked below:

>>  if (!aFont) {
>>    gfxDevCrash(LogReason::InvalidFont) << "Invalid scaled font";
>>  }

it can cause a null pointer dereference:

>>  ScaledFontBase* scaledFont = static_cast<ScaledFontBase*>(aFont);
>>  cairo_set_scaled_font(mContext, scaledFont->GetCairoScaledFont());

As i don't think the execution of the function can continue without sending to cairo the scaled font i thin we should return from the actual function.
Also gfxDevCrash only constructs object Log<LOG_CRITICAL, CriticalLogger> on debug mode at least.

Andi [:andi]

Assignee

Comment 1

•

8 years ago

Attached file MozReview Request: Bug 1251241 - return from DrawTargetCairo::FillGlyphs if |aFont| is nullptr. r?roc — Details

Review commit: https://reviewboard.mozilla.org/r/36611/diff/#index_header
See other reviews: https://reviewboard.mozilla.org/r/36611/

Attachment #8723563 - Flags: review?(roc)

Andi [:andi]

Assignee

Updated

•

8 years ago

Attachment #8723563 - Attachment description: MozReview Request: Bug 1251241 - return from DrawTargetCairo::FillGlyphs is aFont is nullptr. r?roc → MozReview Request: Bug 1251241 - return from DrawTargetCairo::FillGlyphs if |aFont| is nullptr. r?roc

Andi [:andi]

Assignee

Comment 2

•

8 years ago

Comment on attachment 8723563 [details]
MozReview Request: Bug 1251241 - return from  DrawTargetCairo::FillGlyphs if |aFont| is nullptr. r?roc

Review request updated; see interdiff: https://reviewboard.mozilla.org/r/36611/diff/1-2/

Robert O'Callahan (:roc) (email my personal email if necessary)

Comment 3

•

8 years ago

Comment on attachment 8723563 [details]
MozReview Request: Bug 1251241 - return from  DrawTargetCairo::FillGlyphs if |aFont| is nullptr. r?roc

https://reviewboard.mozilla.org/r/36611/#review33231

Attachment #8723563 - Flags: review?(roc)

Robert O'Callahan (:roc) (email my personal email if necessary)

Updated

•

8 years ago

Attachment #8723563 - Flags: review+

Robert O'Callahan (:roc) (email my personal email if necessary)

Comment 4

•

8 years ago

Comment on attachment 8723563 [details]
MozReview Request: Bug 1251241 - return from  DrawTargetCairo::FillGlyphs if |aFont| is nullptr. r?roc

https://reviewboard.mozilla.org/r/36611/#review33233

Pulsebot

Comment 5

•

8 years ago

https://hg.mozilla.org/integration/mozilla-inbound/rev/8fc40777e0aa

Wes Kocher (:KWierso) (Not reading bugmail; email directly if needed)

Comment 6

•

8 years ago

bugherder

https://hg.mozilla.org/mozilla-central/rev/8fc40777e0aa

Status: NEW → RESOLVED

Closed: 8 years ago

status-firefox47: affected → fixed

Resolution: --- → FIXED

Target Milestone: --- → mozilla47

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Quick Search

[Static Analysis][Dereference after null check] In function DrawTargetCairo::FillGlyphs

Categories

(Core :: Graphics, defect)

Tracking

()

People

(Reporter: andi, Assigned: andi)

References

(Blocks 1 open bug)

Details

(Keywords: coverity, Whiteboard: CID 1354260)

Crash Data

Security

(public)

User Story

Attachments

(1 file)

Description

Comment 1

Updated

Comment 2

Comment 3

Updated

Comment 4

Comment 5

Comment 6

Attachment

General

Description

File Name

Content Type