39058 - Check char* version of mozTXTToHTMLConv for potential mem access violations

Status: RESOLVED WORKSFORME

(Core :: Networking, defect, P3)

Description

[Ben Bucksch (:BenB)]

I wrote mozTXTToHTMLConv in the assumption, that strings are nsStrings, which do
checks on its own. It seems like the class has been converted to char*s without
taking this into account. I found per accident one instance of this:
<quote
src="http://lxr.mozilla.org/seamonkey/source/netwerk/streamconv/converters/mozTXTToHTMLConv.cpp#847">
for (; PRInt32(i) < lineLength && nsCRT::IsAsciiAlpha(line[i]); i++)
 ;
if (line[i] == '>' || line[i] == ']')
</quote>

With the new string implementations, we propably don't need char*s. If I
understood it right, there'll be an implementation, which can handle usage of
|Right()| very well. Maybe, you're lucky and I'll fix bug 30232 "Remove char*s
from mozTXTToHTMLConv", so you don't need to fix this bug (and others in the
current tree).

Comment 1

[Scott MacGregor]

Ben, what do you mean by "nsStrings, which do checks on its own". I wasn't sure
what checks you were assuming nsString made.

Comment 2

[Ben Bucksch (:BenB)]

I don't need to make the usual pointer checks with nsString.

I'm not sure I can list the concrete cases. Certainly existance of a string and
running over boundaries (e.g. |hello[x]| with |x > hello.Length()|).

Comment 3

[Scott MacGregor]

Future'ing. I did some brief code inspection a while ago and didn't see
anything. We don't see anything abnormal in the purify logs either.

Comment 4

[benc]

mass move, v2.
qa to me.

Comment 5

[Darin Fisher]

marking WORKSFORME based on how old this bug is and comment #3.  please reopen
if i'm mistaken.