1282397 - [Static Analysis][Explicit null dereferenced] In function ssse3_fetch_bilinear_cover

Status: RESOLVED FIXED

(Core :: Graphics, defect)

Description

[Andi [:andi]]

The Static Analysis tool Coverity detected that pointer |iter->data| will be dereference even if it's null leading to a null pointer dereference. The logic behind this is as follows:

call ssse3_bilinear_cover_iter_init

>>    if (!pixman_transform_point_3d (iter->image->transform, &v))
>>        goto fail;
>>
>>    info = malloc (sizeof (*info) + (2 * width - 1) * sizeof (uint64_t) + 64);
>>    if (!info)
>>        goto fail;

call to ssse3_fetch_bilinear_cover

value transfer:
>>    bilinear_info_t *info = iter->data;

dereference:
>>    fx = info->x;

Comment 1

[Andi [:andi]]

Attachment: Bug 1282397 - prevent explicit null pointer dereference.

Review commit: https://reviewboard.mozilla.org/r/60800/diff/#index_header
See other reviews: https://reviewboard.mozilla.org/r/60800/

Comment 2

[Jeff Muizelaar [:jrmuizel]]

Comment on attachment 8765409 [details]
Bug 1282397 - prevent explicit null pointer dereference.

https://reviewboard.mozilla.org/r/60800/#review57636

This null check should be lifted out to proceed the 'for' loop in ssse3_scale_data()

Comment 3

[Andi [:andi]]

Comment on attachment 8765409 [details]
Bug 1282397 - prevent explicit null pointer dereference.

Review request updated; see interdiff: https://reviewboard.mozilla.org/r/60800/diff/1-2/

Comment 4

[Jeff Muizelaar [:jrmuizel]]

Comment on attachment 8765409 [details]
Bug 1282397 - prevent explicit null pointer dereference.

https://reviewboard.mozilla.org/r/60800/#review57652

Comment 5

[Pulsebot]

Pushed by bpostelnicu@mozilla.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/2c50fe940f4e
prevent explicit null pointer dereference. r=jrmuizel

Comment 6

[Carsten Book [:Tomcat]]

https://hg.mozilla.org/mozilla-central/rev/2c50fe940f4e