Closed Bug 351688 Opened 14 years ago Closed 14 years ago

nsCSSFrameConstructor::ContentRemoved has a hopefully useless DEBUG oversafe null check of parentFrame

Categories

(Core :: Layout, defect, trivial)

x86
Linux
defect
Not set
trivial

Tracking

()

RESOLVED FIXED

People

(Reporter: timeless, Assigned: timeless)

References

(Blocks 1 open bug, )

Details

(Keywords: coverity)

Attachments

(1 obsolete file)

 
Attached patch skip null check in debug code (obsolete) — Splinter Review
the logic coverity used:

-      if (parentFrame) {
... indicates that parentFrame "could" be null
-        CallQueryInterface(parentFrame, &fdbg);
...
-      }
... so coverity asserts that it is
 #endif
...
     if (childFrame->GetStateBits() & NS_FRAME_OUT_OF_FLOW) {
... if this condition is true, then it falls in here
       rv = frameManager->RemoveFrame(parentFrame,
                                      GetChildListNameFor(childFrame),
                                      childFrame);
... RemoveFrame tails to crashing if parentFrame is null
     } else {
...
       if (GetCaptionAdjustedParent(parentFrame, childFrame, &outerTableFrame)) {
... GetCaptionAdjustedParent tails to crashing if parentFrame is null
       }
       else {
         rv = frameManager->RemoveFrame(parentFrame, nsnull, childFrame);
... RemoveFrame tails to crashing if parentFrame is null - not that you can actually reach this, since GetCaptionAdjustedParent already crashed.

thus all paths will crash.
Assignee: nobody → timeless
Status: UNCONFIRMED → ASSIGNED
Attachment #237231 - Flags: superreview?(bzbarsky)
Attachment #237231 - Flags: review?(bzbarsky)
Attachment #237231 - Flags: review?(bzbarsky) → review?(mats.palmgren)
Attachment #237231 - Flags: review?(mats.palmgren) → review+
Attachment #237231 - Flags: superreview?(bzbarsky) → superreview+
Comment on attachment 237231 [details] [diff] [review]
skip null check in debug code

mozilla/layout/base/nsCSSFrameConstructor.cpp 	1.1266
Attachment #237231 - Attachment is obsolete: true
Status: ASSIGNED → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
Product: Core → Core Graveyard
Component: Layout: Misc Code → Layout
Product: Core Graveyard → Core
You need to log in before you can comment on or make changes to this bug.