Closed
Bug 1427171
Opened 6 years ago
Closed 2 years ago
[Static Analysis] Dereference null return value nsAccessibilityService::CreateAccessible
Categories
(Core :: Disability Access APIs, enhancement)
Core
Disability Access APIs
Tracking
()
RESOLVED
WORKSFORME
| Tracking | Status | |
|---|---|---|
| firefox59 | --- | affected |
People
(Reporter: andi, Assigned: andi)
References
(Blocks 1 open bug)
Details
(Keywords: coverity, Whiteboard: CID 1426941)
Attachments
(1 file)
|
59 bytes,
text/x-review-board-request
|
Details |
The Static Analysis tool Coverity detected that a return null pointer dereference occurs in several places where return pointer of |aContext->ARIARoleMap| is passed around and later dereferenced like: >> if (!roleMapEntry && newAcc && aContext->HasStrongARIARole()) { >> if (frame->AccessibleType() == eHTMLTableRowType) { >> const nsRoleMapEntry* contextRoleMap = aContext->ARIARoleMap(); >> if (!contextRoleMap->IsOfType(eTable)) >> roleMapEntry = &aria::gEmptyRoleMap; Looking through code this should be guarded of null pointer dereference like: >>inline bool >>Accessible::IsSearchbox() const >>{ >> const nsRoleMapEntry* roleMapEntry = ARIARoleMap(); >> return (roleMapEntry && roleMapEntry->Is(nsGkAtoms::searchbox)) || >> (mContent->IsHTMLElement(nsGkAtoms::input) && >> mContent->AsElement()->AttrValueIs(kNameSpaceID_None, nsGkAtoms::type, >> nsGkAtoms::search, eCaseMatters)); >>}
| Comment hidden (mozreview-request) |
|
||
Comment 2•6 years ago
|
||
Comment on attachment 8938932 [details] Bug 1427171 - prevent null pointer dereference when using return pointer from aContext->ARIARoleMap(). Alex would you want some kind of assert here?
Attachment #8938932 -
Flags: review?(dbolter) → review?(surkov.alexander)
|
||
Comment 3•6 years ago
|
||
| mozreview-review | ||
Comment on attachment 8938932 [details] Bug 1427171 - prevent null pointer dereference when using return pointer from aContext->ARIARoleMap(). https://reviewboard.mozilla.org/r/209396/#review215408 ::: accessible/base/nsAccessibilityService.cpp:1203 (Diff revision 1) > // If table has strong ARIA role then all table descendants shouldn't > // expose their native roles. > if (!roleMapEntry && newAcc && aContext->HasStrongARIARole()) { > if (frame->AccessibleType() == eHTMLTableRowType) { > const nsRoleMapEntry* contextRoleMap = aContext->ARIARoleMap(); > - if (!contextRoleMap->IsOfType(eTable)) > + if (contextRoleMap && !contextRoleMap->IsOfType(eTable)) HasStrongARIARole() guarantees us that aContext->ARIARoleMap() is never null. It appears that the static analysys gave a false positive in this case. Not sure what is the best way to proceed, either leave the code untouched or make it more straightforward to avoid possible misreadings.
Attachment #8938932 -
Flags: review?(surkov.alexander)
|
Assignee | |
Updated•2 years ago
|
Status: NEW → RESOLVED
Closed: 2 years ago
Resolution: --- → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•