Closed Bug 1359369 Opened 3 years ago Closed 3 years ago

[Static Analysis][Dereference before null check] In function NS_GetIsDocumentChannel

Categories

(Core :: Networking, defect)

defect
Not set

Tracking

()

RESOLVED FIXED
mozilla55
Tracking Status
firefox55 --- fixed

People

(Reporter: andi, Assigned: andi)

References

(Blocks 1 open bug)

Details

(Keywords: coverity, Whiteboard: CID 1405415)

Attachments

(1 file)

The Static Analysis tool Coverity detected that |aIsDocument| is dereferenced before being null checked, thus leading to a possible null pointer dereference.

>>NS_GetIsDocumentChannel(nsIChannel * aChannel, bool *aIsDocument)
>>{
>>  // Check if this channel is going to be used to create a document. If it has
>>  // LOAD_DOCUMENT_URI set it is trivially creating a document. If
>>  // LOAD_HTML_OBJECT_DATA is set it may or may not be used to create a
>>  // document, depending on its MIME type.
>>
>>  if (!aChannel || !aIsDocument) {
>>      return NS_ERROR_NULL_POINTER;
>>  }
>>  nsLoadFlags loadFlags;
Comment on attachment 8861366 [details]
Bug 1359369 - prevent null pointer dereference in NS_GetIsDocumentChannel.

https://reviewboard.mozilla.org/r/133352/#review136204

Nice one. Thanks!
Attachment #8861366 - Flags: review?(valentin.gosu) → review+
Pushed by bpostelnicu@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/9517822fdfa7
prevent null pointer dereference in NS_GetIsDocumentChannel. r=valentin
https://hg.mozilla.org/mozilla-central/rev/9517822fdfa7
Status: NEW → RESOLVED
Closed: 3 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla55
You need to log in before you can comment on or make changes to this bug.