Closed
Bug 1282397
Opened 8 years ago
Closed 8 years ago
[Static Analysis][Explicit null dereferenced] In function ssse3_fetch_bilinear_cover
Categories
(Core :: Graphics, defect)
Core
Graphics
Tracking
()
RESOLVED
FIXED
mozilla50
Tracking | Status | |
---|---|---|
firefox50 | --- | fixed |
People
(Reporter: andi, Assigned: andi)
References
(Blocks 1 open bug)
Details
(Keywords: coverity, Whiteboard: CID 1362893)
Attachments
(1 file)
The Static Analysis tool Coverity detected that pointer |iter->data| will be dereference even if it's null leading to a null pointer dereference. The logic behind this is as follows: call ssse3_bilinear_cover_iter_init >> if (!pixman_transform_point_3d (iter->image->transform, &v)) >> goto fail; >> >> info = malloc (sizeof (*info) + (2 * width - 1) * sizeof (uint64_t) + 64); >> if (!info) >> goto fail; call to ssse3_fetch_bilinear_cover value transfer: >> bilinear_info_t *info = iter->data; dereference: >> fx = info->x;
Assignee | ||
Comment 1•8 years ago
|
||
Review commit: https://reviewboard.mozilla.org/r/60800/diff/#index_header See other reviews: https://reviewboard.mozilla.org/r/60800/
Attachment #8765409 -
Flags: review?(jmuizelaar)
Updated•8 years ago
|
Attachment #8765409 -
Flags: review?(jmuizelaar) → review-
Comment 2•8 years ago
|
||
Comment on attachment 8765409 [details] Bug 1282397 - prevent explicit null pointer dereference. https://reviewboard.mozilla.org/r/60800/#review57636 This null check should be lifted out to proceed the 'for' loop in ssse3_scale_data()
Assignee | ||
Comment 3•8 years ago
|
||
Comment on attachment 8765409 [details] Bug 1282397 - prevent explicit null pointer dereference. Review request updated; see interdiff: https://reviewboard.mozilla.org/r/60800/diff/1-2/
Attachment #8765409 -
Flags: review- → review?(jmuizelaar)
Comment 4•8 years ago
|
||
Comment on attachment 8765409 [details] Bug 1282397 - prevent explicit null pointer dereference. https://reviewboard.mozilla.org/r/60800/#review57652
Attachment #8765409 -
Flags: review?(jmuizelaar) → review+
Pushed by bpostelnicu@mozilla.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/2c50fe940f4e prevent explicit null pointer dereference. r=jrmuizel
Comment 6•8 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/2c50fe940f4e
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla50
You need to log in
before you can comment on or make changes to this bug.
Description
•