Closed
Bug 1278452
Opened 9 years ago
Closed 9 years ago
Fix null-check-after-deref issues found in C++ code with µchex
Categories
(Core :: General, defect)
Core
General
Tracking
()
RESOLVED
FIXED
mozilla50
| Tracking | Status | |
|---|---|---|
| firefox50 | --- | fixed |
People
(Reporter: n.nethercote, Assigned: n.nethercote)
References
Details
Attachments
(16 files)
|
838 bytes,
patch
|
sfink
:
review+
|
Details | Diff | Splinter Review |
|
1.36 KB,
patch
|
mrbkap
:
review+
|
Details | Diff | Splinter Review |
|
1.35 KB,
patch
|
heycam
:
review+
|
Details | Diff | Splinter Review |
|
2.14 KB,
patch
|
u480271
:
review+
|
Details | Diff | Splinter Review |
|
2.54 KB,
patch
|
u480271
:
review+
|
Details | Diff | Splinter Review |
|
913 bytes,
patch
|
karlt
:
review+
|
Details | Diff | Splinter Review |
|
1.39 KB,
patch
|
valentin
:
review+
|
Details | Diff | Splinter Review |
|
1.26 KB,
patch
|
ehsan.akhgari
:
review+
|
Details | Diff | Splinter Review |
|
1.90 KB,
patch
|
mrbkap
:
review+
|
Details | Diff | Splinter Review |
|
2.41 KB,
patch
|
froydnj
:
review+
|
Details | Diff | Splinter Review |
|
1.58 KB,
patch
|
masayuki
:
review+
|
Details | Diff | Splinter Review |
|
1.59 KB,
patch
|
karlt
:
review+
|
Details | Diff | Splinter Review |
|
1001 bytes,
patch
|
froydnj
:
review+
|
Details | Diff | Splinter Review |
|
1.48 KB,
patch
|
mattwoodrow
:
review+
|
Details | Diff | Splinter Review |
|
4.65 KB,
patch
|
lsalzman
:
review+
|
Details | Diff | Splinter Review |
|
1.40 KB,
patch
|
ayang
:
review+
|
Details | Diff | Splinter Review |
ChexMix is a static analysis tool described in this paper:
How to Build Static Checking Systems Using Orders of Magnitude Less Code
Fraser Brown, Andres Nötzli, Dawson Engler
ASPLOS '16
I've been in contact with the authors and they've given me access to the result of an up-to-date run of the null-check-after-deref issues found. I will land fixes via this bug.
|
Assignee | |
Comment 1•9 years ago
|
||
More specifically, the tool identifies cases where you deref a pointer and then subsequently null check it. This often indicates an unnecessary null check, or a misplaced null check. It also sometimes indicates a typo, such as using |p| instead of |*p|.
|
|
Assignee | |
Comment 2•9 years ago
|
||
Attachment #8760562 -
Flags: review?(sphink)
|
|
Assignee | |
Comment 3•9 years ago
|
||
The check is unnecessary because |operator new| is infallible.
Attachment #8760566 -
Flags: review?(mrbkap)
|
|
Assignee | |
Comment 4•9 years ago
|
||
mLineContainer is dereferenced shortly before and after the check, so it's
obviously not useful.
Attachment #8760567 -
Flags: review?(cam)
|
||
Updated•9 years ago
|
Attachment #8760562 -
Flags: review?(sphink) → review+
|
|
Assignee | |
Comment 5•9 years ago
|
||
|audio| and |video| are both dereferenced beforehand.
Attachment #8760569 -
Flags: review?(dglastonbury)
|
|
Assignee | |
Comment 6•9 years ago
|
||
The patch also avoids printing the surface format twice in some error messages.
Attachment #8760570 -
Flags: review?(dglastonbury)
|
|
Assignee | |
Comment 7•9 years ago
|
||
The fixes in bug 1278439 were also inspired by one issue reported by this tool.
|
|
Assignee | |
Comment 8•9 years ago
|
||
|operator new| is infallible now.
Attachment #8760571 -
Flags: review?(karlt)
|
|
Assignee | |
Comment 9•9 years ago
|
||
Attachment #8760574 -
Flags: review?(valentin.gosu)
|
|
Assignee | |
Comment 10•9 years ago
|
||
|aLanguage| must be dereferenced when checked.
Attachment #8760575 -
Flags: review?(ehsan)
|
|
Assignee | |
Comment 11•9 years ago
|
||
Attachment #8760579 -
Flags: review?(mrbkap)
|
||
Updated•9 years ago
|
Attachment #8760566 -
Flags: review?(mrbkap) → review+
|
|
Assignee | |
Comment 12•9 years ago
|
||
Attachment #8760583 -
Flags: review?(nfroyd)
|
|
Assignee | |
Comment 13•9 years ago
|
||
Attachment #8760584 -
Flags: review?(continuation)
|
|
||
Updated•9 years ago
|
Attachment #8760579 -
Flags: review?(mrbkap) → review+
|
|
Assignee | |
Comment 14•9 years ago
|
||
Attachment #8760586 -
Flags: review?(karlt)
|
|
Assignee | |
Comment 15•9 years ago
|
||
There's another null check just a little earlier.
Attachment #8760597 -
Flags: review?(nfroyd)
|
|
Assignee | |
Comment 16•9 years ago
|
||
Attachment #8760603 -
Flags: review?(matt.woodrow)
|
||
Updated•9 years ago
|
Attachment #8760571 -
Flags: review?(karlt) → review+
|
|
||
Updated•9 years ago
|
Attachment #8760586 -
Flags: review?(karlt) → review+
|
||
Updated•9 years ago
|
Attachment #8760603 -
Flags: review?(matt.woodrow) → review+
|
||
Updated•9 years ago
|
Attachment #8760574 -
Flags: review?(valentin.gosu) → review+
|
|
||
Updated•9 years ago
|
Attachment #8760583 -
Flags: review?(nfroyd) → review+
|
|
||
Updated•9 years ago
|
Attachment #8760597 -
Flags: review?(nfroyd) → review+
|
||
Updated•9 years ago
|
Attachment #8760584 -
Flags: review?(continuation) → review?(masayuki)
|
||
Updated•9 years ago
|
Attachment #8760584 -
Flags: review?(masayuki) → review+
|
||
Updated•9 years ago
|
Attachment #8760575 -
Flags: review?(ehsan) → review+
|
|
Assignee | |
Comment 17•9 years ago
|
||
(It turns that that Chexmix was a working name for the tool. It's now called µchex.)
Summary: Fix null-check-after-deref issues found with ChexMix → Fix null-check-after-deref issues found with µchex
|
||
Updated•9 years ago
|
Attachment #8760567 -
Flags: review?(cam) → review+
Attachment #8760569 -
Flags: review?(dglastonbury) → review+
Attachment #8760570 -
Flags: review?(dglastonbury) → review+
|
|
Assignee | |
Comment 18•9 years ago
|
||
Attachment #8761018 -
Flags: review?(lsalzman)
|
||
Updated•9 years ago
|
Attachment #8761018 -
Flags: review?(lsalzman) → review+
|
|
||
Comment 19•9 years ago
|
||
Upstream Skia bug report: https://codereview.chromium.org/2046563007/
|
|
Assignee | |
Comment 20•9 years ago
|
||
|aData| can be null, because FindAndRemoveBufferHolder() can return null.
Attachment #8761039 -
Flags: review?(ayang)
|
||
Updated•9 years ago
|
Attachment #8761039 -
Flags: review?(ayang) → review+
|
|
Assignee | |
Updated•9 years ago
|
Summary: Fix null-check-after-deref issues found with µchex → Fix null-check-after-deref issues found in C++ code with µchex
| Comment hidden (me-too) |
|
|
Assignee | |
Comment 22•9 years ago
|
||
https://ssl.icu-project.org/trac/ticket/12390 is a upstream report for an ICU issue.
|
|
Assignee | |
Comment 23•9 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/9d63042e0d38c658599b0770aa6f821ef8d59ad8
Bug 1278452 - Remove an unnecessary null check in js/src/shell/. r=sfink.
https://hg.mozilla.org/integration/mozilla-inbound/rev/4b3df77d399ad1be7c9df0987a0e1f0c9226a2d4
Bug 1278452 - Remove an unnecessary null check in js/src/shell/. r=mrbkap.
https://hg.mozilla.org/integration/mozilla-inbound/rev/dd5cfca074c36cdb5aa323ff53b03539650bec1f
Bug 1278452 - Remove an unnecessary null check in layout/generic/. r=heycam.
https://hg.mozilla.org/integration/mozilla-inbound/rev/588913c4442f3406d5fbb4f0ea9f93cc03004334
Bug 1278452 - Remove unnecessary null checks in dom/media/. r=kamidphish.
https://hg.mozilla.org/integration/mozilla-inbound/rev/85e0b6798f9025d77e6926892d7ae712e5c94ff6
Bug 1278452 - Move a null check earlier in ConvertSourceSurfaceToNV12(). r=kamidphish.
https://hg.mozilla.org/integration/mozilla-inbound/rev/42ff71805e2b67d5dabcd6b49ff0f737074bb91b
Bug 1278452 - Remove unnecessary null checks in widget/gtk/. r=karlt.
https://hg.mozilla.org/integration/mozilla-inbound/rev/d57948ecf695801b2950dd70c3340e91440102bc
Bug 1278452 - Avoid a possible null deref in netwerk/base/. r=valentin.
https://hg.mozilla.org/integration/mozilla-inbound/rev/ac0df3cacb3bf8356a9c9ca15c803b512b7de12e
Bug 1278452 - Fix a typo in mozEnglishWordUtils::GetLanguage. r=ehsan.
https://hg.mozilla.org/integration/mozilla-inbound/rev/9b6d23819097bb067fd9bea9b9d45df0f7fdc062
Bug 1278452 - Fix some null checks in dom/xbl/. r=mrbkap.
https://hg.mozilla.org/integration/mozilla-inbound/rev/45ea273f14d1f1e17c352d7a5df4f1deff43283e
Bug 1278452 - Add some null checks when getting streams. r=froydnj.
https://hg.mozilla.org/integration/mozilla-inbound/rev/2202233b5b183143c85ab7a65b84a90003c262b3
Bug 1278452 - Avoid a null deref in dom/events/. r=mccr8.
https://hg.mozilla.org/integration/mozilla-inbound/rev/cf7ac0a043f9d45fc4c852e26d1d59e4d1ee7468
Bug 1278452 - Avoid a null deref in widget/. r=karlt.
https://hg.mozilla.org/integration/mozilla-inbound/rev/ae2bafad2ec2e5a2de35bce1b5e8939e8d26cff5
Bug 1278452 - Remove a redundant null check in xpcom/glue/. r=froydnj.
https://hg.mozilla.org/integration/mozilla-inbound/rev/d47307c8a3008eb1d1cc37353f8687bbf81e4321
Bug 1278452 - Move a misplaced null check in layout/forms/. r=mattwoodrow.
https://hg.mozilla.org/integration/mozilla-inbound/rev/77a4d658b09a702e656980405e6ec65f557434bc
Bug 1278452 - Avoid a null deref in dom/media/platforms/omx/. r=ayang.
https://hg.mozilla.org/integration/mozilla-inbound/rev/3a6de98f92e604b3bb6d47e7d70c871c396bdc38
Bug 1278452 - Fix up bad null checks in Skia. r=lsalzman.
|
||
Comment 24•9 years ago
|
||
| bugherder | ||
https://hg.mozilla.org/mozilla-central/rev/9d63042e0d38
https://hg.mozilla.org/mozilla-central/rev/4b3df77d399a
https://hg.mozilla.org/mozilla-central/rev/dd5cfca074c3
https://hg.mozilla.org/mozilla-central/rev/588913c4442f
https://hg.mozilla.org/mozilla-central/rev/85e0b6798f90
https://hg.mozilla.org/mozilla-central/rev/42ff71805e2b
https://hg.mozilla.org/mozilla-central/rev/d57948ecf695
https://hg.mozilla.org/mozilla-central/rev/ac0df3cacb3b
https://hg.mozilla.org/mozilla-central/rev/9b6d23819097
https://hg.mozilla.org/mozilla-central/rev/45ea273f14d1
https://hg.mozilla.org/mozilla-central/rev/2202233b5b18
https://hg.mozilla.org/mozilla-central/rev/cf7ac0a043f9
https://hg.mozilla.org/mozilla-central/rev/ae2bafad2ec2
https://hg.mozilla.org/mozilla-central/rev/d47307c8a300
https://hg.mozilla.org/mozilla-central/rev/77a4d658b09a
https://hg.mozilla.org/mozilla-central/rev/3a6de98f92e6
Status: ASSIGNED → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla50
You need to log in
before you can comment on or make changes to this bug.
Description
•