Open Bug 283090 Opened 19 years ago Updated 1 year ago

Buffer overrun in content/events/src/nsEventStateManager.cpp

Categories

(Core :: DOM: UI Events & Focus Handling, defect)

Product:
Core
Component:
DOM: UI Events & Focus Handling
Type:
defect

Tracking

()

People

(Reporter: David.R.Gardiner, Unassigned)

References

Details

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0

Running PREfast static code analysis gives the following warning:

nseventstatemanager.cpp(3862) : warning 201: Buffer overrun for stack buffer
'notifyContent': index 5 exceeds maximum valid index 4.
problem occurs in function 'nsEventStateManager::SetContentState'

The line in question is:

nsIContent** end  = &(notifyContent[maxNotify]); 

Apologies if this is a false warning.

-dave

Reproducible: Always

Steps to Reproduce:
Assignee: events → mats.palmgren
Severity: normal → trivial
OS: Windows XP → All
Hardware: PC → All
Yeah, this is sorta a bogus warning... but maybe it would be better written as:

  nsIContent** end  = notifyContent + maxNotify; 

Just to make it clear that this isn't a "real" array dereference?
Blocks: 283681
QA Contact: ian → events
Depends on: 633271
Component: Event Handling → User events and focus handling
Severity: trivial → S4

The bug assignee is inactive on Bugzilla, so the assignee is being reset.

Assignee: MatsPalmgren_bugz → nobody
You need to log in before you can comment on or make changes to this bug.