Closed
Bug 338179
Opened 18 years ago
Closed 18 years ago
Ineffective NULL checks in nsSocket::Send, nsSocket::Recv (xpinstall/wizard/libxpnet/src/nsSocket.cpp)
Categories
(SeaMonkey :: Installer, defect)
SeaMonkey
Installer
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: kherron+mozilla, Assigned: ehsan.akhgari)
References
()
Details
(Keywords: coverity, Whiteboard: [good first bug])
Attachments
(1 file, 1 obsolete file)
1.51 KB,
patch
|
ajschult784
:
review+
|
Details | Diff | Splinter Review |
This is coverity CIDs 237 and 238. Please refer to the sample URL. |nsSocket::Send| (line 291) and nsSocket::Recv| (line 358) both check their arguments and return E_PARAM on an error. But the checks ignore null |aBufSize|. Both functions unconditionally dereference |aBufSize| later.
Reporter | ||
Updated•18 years ago
|
Whiteboard: [good first bug]
Comment 1•18 years ago
|
||
Is this it? It's a 2 line patch to add checks for aBufSize.
Attachment #224809 -
Flags: review?(dveditz)
Comment 2•18 years ago
|
||
Comment on attachment 224809 [details] [diff] [review] Patch to add checks for aBufSize >+ if (!aBuf || !aBufSize || (aBufSize && (*aBufSize <= 0)) || mFd < 0) If the !aBufSize test fails, you don't need to check aBufSize again !aBufSize || (*aBufSize <= 0)
Attachment #224809 -
Flags: review?(dveditz) → review-
Assignee | ||
Comment 3•18 years ago
|
||
Doing the obvious... :-)
Assignee: nobody → ehsan.akhgari
Attachment #224809 -
Attachment is obsolete: true
Status: NEW → ASSIGNED
Attachment #235874 -
Flags: superreview?(ajschult)
Attachment #235874 -
Flags: review?(ajschult)
Comment 4•18 years ago
|
||
Comment on attachment 235874 [details] [diff] [review] Patch to add checks for aBufSize (revised) I'm not an SR, but this patch is sufficiently trivial.
Attachment #235874 -
Flags: superreview?(ajschult)
Attachment #235874 -
Flags: review?(ajschult)
Attachment #235874 -
Flags: review+
Comment 5•18 years ago
|
||
landed on trunk. thanks, Ehsan
Status: ASSIGNED → RESOLVED
Closed: 18 years ago
Resolution: --- → FIXED
Version: unspecified → Trunk
You need to log in
before you can comment on or make changes to this bug.
Description
•