function may return undefined value

RESOLVED FIXED in 4.1

Status

P3
minor
RESOLVED FIXED
19 years ago
18 years ago

People

(Reporter: marcenuc, Assigned: wtc)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

(Reporter)

Description

19 years ago
Calling function 'PL_Base64Decode()' (defined in
'nsprpub/lib/libc/src/base64.c') with *src == '\0' and srclen == 0,
has undefined behaviour instead of returning *dest == '\0'.

 The bug is in function 'decode()', which, if called with srclen == 0,
does not initialize return value in 'rv'.
(Reporter)

Comment 1

19 years ago
Created attachment 11748 [details] [diff] [review]
fix the bug and check for src == NULL
(Assignee)

Comment 2

19 years ago
Fred, could you take a look at this bug? :-)  Thanks.
Assignee: wtc → roeber

Comment 3

19 years ago
The patch looks great.  Someone with a star on his belly, check it in.
Assignee: roeber → wtc
(Assignee)

Comment 4

19 years ago
Thanks, Fred.

I checked in the patch on the main trunk.
/cvsroot/mozilla/nsprpub/lib/libc/src/base64.c, revision 3.5
Status: UNCONFIRMED → RESOLVED
Last Resolved: 19 years ago
OS: Linux → All
Hardware: PC → All
Resolution: --- → FIXED
Target Milestone: --- → 4.1

Comment 5

18 years ago
The fix is still not in the nightly mozilla build.

(BTW, you might move the default clause in decode()
above 'case 1:', to avoid the gcc warning.)
(Assignee)

Comment 6

18 years ago
The fix is only checked into the tip of NSPR.
Mozilla is using the NSPRPUB_CLIENT_BRANCH of
NSPR, which doesn't have this fix.

Do you think this is an important fix that Mozilla
must pick up now?  Can it wait until Mozilla upgrades
to NSPR 4.1?  (Mozilla is using NSPR 4.0.2 Beta right
now.)

> (BTW, you might move the default clause in decode()
> above 'case 1:', to avoid the gcc warning.)

I don't understand.  Could you explain what the gcc
warning is and why moving the default clause in decode()
above 'case 1:' would avoid it?  Thanks.
You need to log in before you can comment on or make changes to this bug.