Closed Bug 338179 Opened 14 years ago Closed 14 years ago
Ineffective NULL checks in ns
Socket::Send, ns Socket::Recv (xpinstall/wizard/libxpnet/src/ns Socket .cpp)
This is coverity CIDs 237 and 238. Please refer to the sample URL. |nsSocket::Send| (line 291) and nsSocket::Recv| (line 358) both check their arguments and return E_PARAM on an error. But the checks ignore null |aBufSize|. Both functions unconditionally dereference |aBufSize| later.
Is this it? It's a 2 line patch to add checks for aBufSize.
Attachment #224809 - Flags: review?(dveditz)
Comment on attachment 224809 [details] [diff] [review] Patch to add checks for aBufSize >+ if (!aBuf || !aBufSize || (aBufSize && (*aBufSize <= 0)) || mFd < 0) If the !aBufSize test fails, you don't need to check aBufSize again !aBufSize || (*aBufSize <= 0)
Attachment #224809 - Flags: review?(dveditz) → review-
Doing the obvious... :-)
Comment on attachment 235874 [details] [diff] [review] Patch to add checks for aBufSize (revised) I'm not an SR, but this patch is sufficiently trivial.
landed on trunk. thanks, Ehsan
Status: ASSIGNED → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
Version: unspecified → Trunk
You need to log in before you can comment on or make changes to this bug.