Closed Bug 1304504 Opened 9 years ago Closed 9 years ago

Check the return value of GetIntPref() properly or an initialized bogus value may be used

Tracking

()

Status:

RESOLVED FIXED

Milestone:

mozilla52

Tracking Flags:

Tracking

Status

firefox52

---

fixed

People

(Reporter: ishikawa, Assigned: ishikawa)

Details

Attachments

(1 file, 1 obsolete file)

VideoConduit-unused-result.patch 9 years ago ISHIKAWA, Chiaki 3.47 KB, patch	jesup : review+	Details \| Diff \| Splinter Review
VideoConduit-unused-result.patch carrying over r=rjesup+ 9 years ago ISHIKAWA, Chiaki 3.64 KB, patch	ishikawa : review+	Details \| Diff \| Splinter Review

ISHIKAWA, Chiaki

Assignee

Description

•

9 years ago

Attached patch VideoConduit-unused-result.patch (obsolete) — Details — Splinter Review

In media/webrtc/signaling/src/media-conduit/VideoConduit.cpp, I found the return value of |GetIntPref()| is not properly checked, and if the call fails, the value of |temp| which is picked up from the stack, if it contains a random positive value, may be used to fill in other variables. (Or for that matter, in the series of GetIntPref() succeeds once, that the fetched value may be used to fill in other values unintentionally when subsequent calls to |GetIntPref()| fails(?). BAD. This, despite the use of |NS_WARN_IF()| macro, of which return value is ignored sadly. Here I propose a change that checks the return value properly, and use the returned value only when the call to |GetIntPref()| succeeds. The code here was changed in Bug 1004396 - Make peerconnection video bitrates configurable. So I am requesting a review from Eric Rescorla who reviewed the previous patch. TIa

Attachment #8793481 - Flags: review?(ekr)

Eric Rescorla (:ekr)

Comment 1

•

9 years ago

Attachment #8793481 - Flags: review?(ekr) → review?(rjesup)

Alex Chronopoulos [:achronop]

Updated

•

9 years ago

Rank: 25

Priority: -- → P2

Randell Jesup [:jesup] (needinfo me)

Comment 2

•

9 years ago

Comment on attachment 8793481 [details] [diff] [review] VideoConduit-unused-result.patch Review of attachment 8793481 [details] [diff] [review]: ----------------------------------------------------------------- r+ with nits. ::: media/webrtc/signaling/src/media-conduit/VideoConduit.cpp @@ +281,1 @@ > } An empty if doesn't help anything. Use either (void) NS_WARN_IF, or Unused << NS_WARN_IF @@ +281,5 @@ > } > + if (NS_WARN_IF(NS_FAILED(branch->GetIntPref("media.peerconnection.video.min_bitrate", &temp)))) > + ; > + else > + { Again, avoid empty if's... if (!NS_WARN_IF(...)) { .... } @@ +300,5 @@ > + else > + { > + if (temp >= 0) { > + mMaxBitrate = temp; > + } or simply set temp = -1 before each GetIntPref, and then this won't touch it - but the if (!NS_WARN_IF(...)) is probably cleaner @@ -308,4 @@ > } > } > } > - don't remove the blank line

Attachment #8793481 - Flags: review?(rjesup) → review+

ISHIKAWA, Chiaki

Assignee

Comment 3

•

9 years ago

Attached patch VideoConduit-unused-result.patch carrying over r=rjesup+ — Details — Splinter Review

(In reply to Randell Jesup [:jesup] from comment #2) > Comment on attachment 8793481 [details] [diff] [review] > VideoConduit-unused-result.patch > > Review of attachment 8793481 [details] [diff] [review]: > ----------------------------------------------------------------- > > r+ with nits. > > ::: media/webrtc/signaling/src/media-conduit/VideoConduit.cpp > @@ +281,1 @@ > > } > > An empty if doesn't help anything. Use either (void) NS_WARN_IF, or Unused > << NS_WARN_IF > Took care of this. A couple of things to note: (void) NS_WARN_IF does not remove the compiler error. Unused << NS_WARN_IF does. However, I needed to include "mozilla/Unused.h" since |Unused| is declared in the header file. > @@ +281,5 @@ > > } > > + if (NS_WARN_IF(NS_FAILED(branch->GetIntPref("media.peerconnection.video.min_bitrate", &temp)))) > > + ; > > + else > > + { > > Again, avoid empty if's... if (!NS_WARN_IF(...)) { .... } > Taken care of. > @@ +300,5 @@ > > + else > > + { > > + if (temp >= 0) { > > + mMaxBitrate = temp; > > + } > > or simply set temp = -1 before each GetIntPref, and then this won't touch it > - but the if (!NS_WARN_IF(...)) is probably cleaner I believe it is cleaner and more explicit about the error/situation where the said preference does not exist. > @@ -308,4 @@ > > } > > } > > } > > - > > don't remove the blank line Taken care of. The patch that addresses the above comment is uploaded now.

Attachment #8793481 - Attachment is obsolete: true

Attachment #8796824 - Flags: review+

ISHIKAWA, Chiaki

Assignee

Comment 4

•

9 years ago

I put the checkin-needed keyword. TIA

Keywords: checkin-needed

Pulsebot

Comment 5

•

9 years ago

Pushed by cbook@mozilla.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/50732fa0cafc Check the return value of GetIntPref() properly. r+=rjesup

Keywords: checkin-needed

Phil Ringnalda (:philor)

Comment 6

•

9 years ago

bugherder

https://hg.mozilla.org/mozilla-central/rev/50732fa0cafc

Status: NEW → RESOLVED

Closed: 9 years ago

status-firefox52: --- → fixed

Resolution: --- → FIXED

Target Milestone: --- → mozilla52

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Check the return value of GetIntPref() properly or an initialized bogus value may be used

Categories

(Core :: Audio/Video: MediaStreamGraph, defect, P2)

Tracking

()

People

(Reporter: ishikawa, Assigned: ishikawa)

References

Details

Crash Data

Security

(public)

User Story

Attachments

(1 file, 1 obsolete file)

Description

Comment 1

Updated

Comment 2

Comment 3

Comment 4

Comment 5

Comment 6

Attachment

General

Description

File Name

Content Type