Closed Bug 1300769 Opened 9 years ago Closed 9 years ago

[Static Analysis][Dereference after null check] In function nsXBLPrototypeHandler::ReportKeyConflict

Categories

(Core :: DOM: Core & HTML, defect)

Product:
Core
Component:
DOM: Core & HTML
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla51
Tracking Flags:
Tracking Status
firefox51 --- fixed

People

(Reporter: andi, Assigned: andi)

References

(Blocks 1 open bug)

Details

(Keywords: coverity, Whiteboard: CID 1372412)

Attachments

(1 file)

Bug 1300769 - call ConstructPrototype only if mType is NS_HANDLER_TYPE_XUL.
58 bytes, text/x-review-board-request
mrbkap
: review+
Details
The Static Analysis tool Coverity detected that |aKeyElement| is dereferenced after it's null checked but in a different context. Null check: >> } else if (aKeyElement) { >> doc = aKeyElement->OwnerDoc(); >> } Dereference: >> aKeyElement->GetAttr(kNameSpaceID_None, nsGkAtoms::id, id); I think the correct approach here is to call ReportKeyConflict only if in the callee function (mType & NS_HANDLER_TYPE_XUL) == true
Comment on attachment 8788449 [details] Bug 1300769 - call ConstructPrototype only if mType is NS_HANDLER_TYPE_XUL. https://reviewboard.mozilla.org/r/76950/#review75072 I cannot review XBL code. Ask a XBL peer.
Attachment #8788449 - Flags: review?(amarchesini)
Attachment #8788449 - Flags: review?(mrbkap)
Comment on attachment 8788449 [details] Bug 1300769 - call ConstructPrototype only if mType is NS_HANDLER_TYPE_XUL. https://reviewboard.mozilla.org/r/76950/#review75176 r=me with an additional assertion to help clarify the control flow. ::: dom/xbl/nsXBLPrototypeHandler.cpp:739 (Diff revision 1) > const char16_t* aAllowUntrusted) > { > mType = 0; > > if (aKeyElement) { > mType |= NS_HANDLER_TYPE_XUL; Please add MOZ_ASSERT(!mPrototypeBinding) to make the relationship between `mType & NS_HANDLER_TYPE_XUL` and `aKeyElement` more clear.
Attachment #8788449 - Flags: review?(mrbkap) → review+
Pushed by bpostelnicu@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/e6cb70f31562 call ConstructPrototype only if mType is NS_HANDLER_TYPE_XUL. r=mrbkap
https://hg.mozilla.org/mozilla-central/rev/e6cb70f31562
Status: NEW → RESOLVED
Closed: 9 years ago
status-firefox51: affectedfixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla51
Component: DOM → DOM: Core & HTML
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: