Open Bug 504488 Opened 15 years ago Updated 2 years ago

nsXULElement::AfterSetAttr doesn't always guard its use of aValue

Categories

(Core :: XUL, defect)

Product:
Core
Component:
XUL
Type:
defect

Tracking

()

People

(Reporter: timeless, Unassigned)

References

(Blocks 1 open bug,
URL
)

Details

(Keywords: coverity)

Attachments

(1 file)

patch
1.98 KB, patch
Details | Diff | Splinter Review 
in most places nsXULElement::AfterSetAttr checks aValue before using it....
Attached patch patchSplinter Review 
mq diff's have limited context, here's the critical bit:
+            document && document->GetRootContent() == this &&
+            aValue) {
 
             nscolor color = NS_RGBA(0, 0, 0, 0);
             nsAttrValue attrValue;
             attrValue.ParseColor(*aValue, document);
Attachment #388858 - Flags: review?(neil)
Comment on attachment 388858 [details] [diff] [review]
patch

Normal elements call AfterSetAttr with a null aValue from UnsetAttr. While they currently do not, it is possible that at some point that it would be desirable for XUL elements to call AfterSetAttr from UnsetAttr. I therefore consider that the code should either be written to mirror the work UnsetAttr does, or that it should not null-check aValue at all, however which it should be is not my call.
Attachment #388858 - Flags: review?(neil)

The bug assignee is inactive on Bugzilla, so the assignee is being reset.

Assignee: timeless → nobody
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: