Closed
Bug 1405692
Opened 7 years ago
Closed 7 years ago
Make sure mAnimatedGeometryRoot is initialized to nullptr in the rarely used nsDisplayItem that takes an nsIFrame*
Categories
(Core :: Layout, defect, P3)
Core
Layout
Tracking
()
RESOLVED
FIXED
mozilla58
People
(Reporter: jwatt, Assigned: jwatt)
Details
Attachments
(1 file)
837 bytes,
patch
|
mattwoodrow
:
review+
ritu
:
approval-mozilla-beta+
|
Details | Diff | Splinter Review |
Seems like the pointer mAnimatedGeometryRoot is not initialized in the rarely used nsDisplayItem that takes an nsIFrame*.
Assignee | ||
Comment 1•7 years ago
|
||
Attachment #8915149 -
Flags: review?(matt.woodrow)
Assignee | ||
Comment 2•7 years ago
|
||
I'm guessing we could possibly end up dereferencing an uninitialized pointer here, so maybe not a bad idea to uplift since it should be completely safe.
status-firefox57:
--- → ?
Updated•7 years ago
|
Attachment #8915149 -
Flags: review?(matt.woodrow) → review+
Pushed by jwatt@jwatt.org: https://hg.mozilla.org/integration/mozilla-inbound/rev/c45a9377bfb7 Make sure mAnimatedGeometryRoot is initialized to nullptr in the rarely used nsDisplayItem ctor that takes an nsIFrame*. r=mattwoodrow
Comment 5•7 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/c45a9377bfb7
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla58
Assignee | ||
Comment 7•7 years ago
|
||
Comment on attachment 8915149 [details] [diff] [review] patch Approval Request Comment [Feature/Bug causing the regression]: been around a while [User impact if declined]: potential dereference of uninitialized memory [Is this code covered by automated tests?]: how we'd trigger a derefernce is unexplored [Has the fix been verified in Nightly?]: yes [Needs manual test from QE? If yes, steps to reproduce]: no [List of other uplifts needed for the feature/fix]: none [Is the change risky?]: no [Why is the change risky/not risky?]: simply initializing a pointer to null - crashing would be better than a security issue [String changes made/needed]: none
Flags: needinfo?(jwatt)
Attachment #8915149 -
Flags: approval-mozilla-beta?
Comment on attachment 8915149 [details] [diff] [review] patch makes sense, beta57+
Attachment #8915149 -
Flags: approval-mozilla-beta? → approval-mozilla-beta+
Comment 9•7 years ago
|
||
bugherder uplift |
https://hg.mozilla.org/releases/mozilla-beta/rev/465b880a2af9
Comment 10•7 years ago
|
||
(In reply to Jonathan Watt [:jwatt] (needinfo? me) from comment #7) > [Needs manual test from QE? If yes, steps to reproduce]: no Marking this issue as qe-, per Jonathan's assessment on manual testing needs
Flags: qe-verify-
You need to log in
before you can comment on or make changes to this bug.
Description
•