Closed Bug 1261744 Opened 3 years ago Closed 3 years ago

Some missing nsStringBuffer::Alloc() null checks

Categories

(Core :: XPCOM, defect)

defect
Not set

Tracking

()

RESOLVED FIXED
mozilla48
Tracking Status
firefox48 --- fixed

People

(Reporter: njn, Assigned: njn)

References

Details

Attachments

(1 file)

nsStringBuffer::Alloc() is fallible, but two callsites (nsHtml5Atom's constructor and DynamicAtom's constructor) fail to check for null.
Assignee: nobody → n.nethercote
Status: NEW → ASSIGNED
Comment on attachment 8737693 [details] [diff] [review]
Add two missing null checks for nsStringBuffer::Alloc()

Review of attachment 8737693 [details] [diff] [review]:
-----------------------------------------------------------------

::: parser/html/nsHtml5Atom.cpp
@@ +13,5 @@
>    RefPtr<nsStringBuffer> buf = nsStringBuffer::FromString(aString);
>    if (buf) {
>      mString = static_cast<char16_t*>(buf->Data());
>    } else {
>      buf = nsStringBuffer::Alloc((mLength + 1) * sizeof(char16_t));

Uh, remove this?
> Uh, remove this?

Whoops, yes!
Comment on attachment 8737693 [details] [diff] [review]
Add two missing null checks for nsStringBuffer::Alloc()

Review of attachment 8737693 [details] [diff] [review]:
-----------------------------------------------------------------

r=me, minor nit (and of course fix :Ms2ger's comment).

::: parser/html/nsHtml5Atom.cpp
@@ +14,5 @@
>    if (buf) {
>      mString = static_cast<char16_t*>(buf->Data());
>    } else {
>      buf = nsStringBuffer::Alloc((mLength + 1) * sizeof(char16_t));
> +    size_t size = (mLength + 1) * sizeof(char16_t);

Nit: The calculated sizes could be |const|.
Attachment #8737693 - Flags: review?(erahm) → review+
https://hg.mozilla.org/integration/mozilla-inbound/rev/68ae46f52b62844de2152e6694b2ea150848e3e0
Bug 1261744 - Add two missing null checks for nsStringBuffer::Alloc(). r=erahm.
https://hg.mozilla.org/mozilla-central/rev/68ae46f52b62
Status: ASSIGNED → RESOLVED
Closed: 3 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla48
You need to log in before you can comment on or make changes to this bug.