Closed Bug 1296297 Opened 4 years ago Closed 4 years ago

[Static Analysis][Unintentional integer overflow] In function QuotaManager::EnsureOriginIsInitialized

Categories

(Core :: DOM: Core & HTML, defect)

defect
Not set

Tracking

()

RESOLVED FIXED
mozilla51
Tracking Status
firefox51 --- fixed

People

(Reporter: andi, Assigned: andi)

References

(Blocks 1 open bug)

Details

(Keywords: coverity, Whiteboard: CID 1368318)

Attachments

(1 file)

The Static Analysis tool Coverity detected that a potential integer overflow may happen in the following context:

>>    if (gFixedLimitKB >= 0) {
>>      mTemporaryStorageLimit = gFixedLimitKB * 1024;
>>    }
>>    else {

As the type of |mTemporaryStorageLimit| is uint64_t, gFixedLimitKB should be casted to uint64_t. This can be done without any risks since |gFixedLimitKB| is > 0
Comment on attachment 8782459 [details]
Bug 1296297 - prevent integer overflow in QuotaManager::EnsureOriginIsInitialized.

You want probably review from Jan.
Attachment #8782459 - Flags: review?(jst) → review?(jvarga)
Comment on attachment 8782459 [details]
Bug 1296297 - prevent integer overflow in QuotaManager::EnsureOriginIsInitialized.

https://reviewboard.mozilla.org/r/72626/#review70472
Attachment #8782459 - Flags: review?(jvarga)
Attachment #8782459 - Flags: review+
Pushed by bpostelnicu@mozilla.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/3a2ae963910c
prevent integer overflow in QuotaManager::EnsureOriginIsInitialized. r=janv
https://hg.mozilla.org/mozilla-central/rev/3a2ae963910c
Status: NEW → RESOLVED
Closed: 4 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla51
Component: DOM → DOM: Core & HTML
You need to log in before you can comment on or make changes to this bug.