Open
Bug 431123
Opened 17 years ago
Updated 3 years ago
potential use of uninitialized memory in nsHTMLFramesetFrame::Reflow
Categories
(Core :: Layout: Images, Video, and HTML Frames, defect)
Core
Layout: Images, Video, and HTML Frames
Tracking
()
NEW
People
(Reporter: Gavin, Unassigned)
References
()
Details
See URL. Noticed this because of a compiler warning, not sure if it's a problem in practice.
Hello,
I have checked the code and the use of mVerBorders[verX] is protected by a if condition.
Code looks safe.
Should we close this issue?
Thanks,
|
||
Updated•7 years ago
|
Product: Core → Core Graveyard
|
Assignee | |
Updated•7 years ago
|
Component: Layout: HTML Frames → Layout: Images
Product: Core Graveyard → Core
Based on "git blame c54db3bb3cb8d527586901fb1bdd1d68b7feaa41 -- nsFrameSetFrame.cpp" in gecko-dev, the bug in question was that lastSize.height was used uninitialized, i.e., it was pointing to:
https://searchfox.org/mozilla-central/rev/0b8ed772d24605d7cb44c1af6d59e4ca023bd5f5/layout/generic/nsFrameSetFrame.cpp#891,903
The question is whether (lastRow != cellIndex.y) could ever be true the first time through the loop.
Flags: needinfo?(dbaron)
Thanks for your help.
I don't think there is an issue here because the default constructor for lastSize will init height to zero.
So, if (lastRow != cellIndex.y) it would not cause the usage of uninitialized memory.
What do you think?
|
|
||
Updated•3 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•