Buffer overrun in content/events/src/nsEventStateManager.cpp

NEW
Assigned to

Status

()

Core
Event Handling
--
trivial
13 years ago
7 years ago

People

(Reporter: David Gardiner, Assigned: mats)

Tracking

Trunk
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

13 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0

Running PREfast static code analysis gives the following warning:

nseventstatemanager.cpp(3862) : warning 201: Buffer overrun for stack buffer
'notifyContent': index 5 exceeds maximum valid index 4.
problem occurs in function 'nsEventStateManager::SetContentState'

The line in question is:

nsIContent** end  = &(notifyContent[maxNotify]); 

Apologies if this is a false warning.

-dave

Reproducible: Always

Steps to Reproduce:
(Assignee)

Updated

13 years ago
Assignee: events → mats.palmgren
Severity: normal → trivial
OS: Windows XP → All
Hardware: PC → All
Yeah, this is sorta a bogus warning... but maybe it would be better written as:

  nsIContent** end  = notifyContent + maxNotify; 

Just to make it clear that this isn't a "real" array dereference?
(Reporter)

Updated

13 years ago
Blocks: 283681
QA Contact: ian → events
Depends on: 633271
You need to log in before you can comment on or make changes to this bug.