Closed Bug 334712 Opened 14 years ago Closed 14 years ago

Possible null pointer dereference in nsAFMObject.cpp

Categories

(Core :: Printing: Output, defect, minor)

All
Linux
defect
Not set
minor

Tracking

()

RESOLVED FIXED

People

(Reporter: kherron+mozilla, Assigned: srini)

References

(Blocks 1 open bug, )

Details

(Keywords: coverity, Whiteboard: [good first bug])

Attachments

(1 file)

This was found through a coverity scan of the mozilla source. Please refer to the sample URL. The nsAFMObject dtor is as follows:

217 nsAFMObject :: ~nsAFMObject()
218 {
219 
220   if(mPSFontInfo->mAFMCharMetrics){
221     delete [] mPSFontInfo->mAFMCharMetrics;
222   }
223 
224   if(mPSFontInfo){
225     delete mPSFontInfo;
226   }
227 }

mPSFontInfo is set to null in the ctor so it could be null at line 220. In any event, it makes no sense to test mPSFontInfo for null at line 224 after dereferencing it at line 220.
Whiteboard: [good first bug]
A safe fix would be to change this to:

nsAFMObject :: ~nsAFMObject()
{

  if (mPSFontInfo){
    if(mPSFontInfo->mAFMCharMetrics){
      delete [] mPSFontInfo->mAFMCharMetrics;
    }
    delete MPSFontInfo;
  }

}
(In reply to comment #1)
> A safe fix would be to change this to:

Oops, not that safe...

>     delete MPSFontInfo;

... should be:

      delete mPSFontInfo;

Sorry for the case typo.
Attached patch Initial patchSplinter Review
First go at a patch.
Assignee: printing → srini
Checked in to trunk.  Thanks for the patch!
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.