Closed Bug 1261744 Opened 10 years ago Closed 10 years ago

Some missing nsStringBuffer::Alloc() null checks

Tracking

()

Status:

RESOLVED FIXED

Milestone:

mozilla48

Tracking Flags:

Tracking

Status

firefox48

---

fixed

People

(Reporter: n.nethercote, Assigned: n.nethercote)

References

Details

Attachments

(1 file)

Add two missing null checks for nsStringBuffer::Alloc() 10 years ago Nicholas Nethercote [inactive] 2.39 KB, patch	erahm : review+	Details \| Diff \| Splinter Review

Nicholas Nethercote [inactive]

Assignee

Description

•

10 years ago

nsStringBuffer::Alloc() is fallible, but two callsites (nsHtml5Atom's constructor and DynamicAtom's constructor) fail to check for null.

Nicholas Nethercote [inactive]

Assignee

Comment 1

•

10 years ago

Attached patch Add two missing null checks for nsStringBuffer::Alloc() — Details — Splinter Review

Attachment #8737693 - Flags: review?(erahm)

Nicholas Nethercote [inactive]

Assignee

Updated

•

10 years ago

Assignee: nobody → n.nethercote

Status: NEW → ASSIGNED

:Ms2ger (he/him; ⌚ UTC+1/+2)

Comment 2

•

10 years ago

Comment on attachment 8737693 [details] [diff] [review] Add two missing null checks for nsStringBuffer::Alloc() Review of attachment 8737693 [details] [diff] [review]: ----------------------------------------------------------------- ::: parser/html/nsHtml5Atom.cpp @@ +13,5 @@ > RefPtr<nsStringBuffer> buf = nsStringBuffer::FromString(aString); > if (buf) { > mString = static_cast<char16_t*>(buf->Data()); > } else { > buf = nsStringBuffer::Alloc((mLength + 1) * sizeof(char16_t)); Uh, remove this?

Nicholas Nethercote [inactive]

Assignee

Comment 3

•

10 years ago

> Uh, remove this? Whoops, yes!

Eric Rahm [:erahm]

Comment 4

•

10 years ago

Comment on attachment 8737693 [details] [diff] [review] Add two missing null checks for nsStringBuffer::Alloc() Review of attachment 8737693 [details] [diff] [review]: ----------------------------------------------------------------- r=me, minor nit (and of course fix :Ms2ger's comment). ::: parser/html/nsHtml5Atom.cpp @@ +14,5 @@ > if (buf) { > mString = static_cast<char16_t*>(buf->Data()); > } else { > buf = nsStringBuffer::Alloc((mLength + 1) * sizeof(char16_t)); > + size_t size = (mLength + 1) * sizeof(char16_t); Nit: The calculated sizes could be |const|.

Attachment #8737693 - Flags: review?(erahm) → review+

Nicholas Nethercote [inactive]

Assignee

Comment 5

•

10 years ago

https://hg.mozilla.org/integration/mozilla-inbound/rev/68ae46f52b62844de2152e6694b2ea150848e3e0 Bug 1261744 - Add two missing null checks for nsStringBuffer::Alloc(). r=erahm.

Wes Kocher (:KWierso) (Not reading bugmail; email directly if needed)

Comment 6

•

10 years ago

bugherder

https://hg.mozilla.org/mozilla-central/rev/68ae46f52b62

Status: ASSIGNED → RESOLVED

Closed: 10 years ago

status-firefox48: affected → fixed

Resolution: --- → FIXED

Target Milestone: --- → mozilla48

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Some missing nsStringBuffer::Alloc() null checks

Categories

(Core :: XPCOM, defect)

Tracking

()

People

(Reporter: n.nethercote, Assigned: n.nethercote)

References

Details

Crash Data

Security

(public)

User Story

Attachments

(1 file)

Description

Comment 1

Updated

Comment 2

Comment 3

Comment 4

Comment 5

Comment 6

Attachment

General

Description

File Name

Content Type