Last Comment Bug 507569 - crash if val is null and mSpec is not empty [@ strncmp - nsStandardURL::SegmentIs][@ PL_strncasecmp - nsStandardURL::SegmentIs]
: crash if val is null and mSpec is not empty [@ strncmp - nsStandardURL::Segme...
Status: RESOLVED FIXED
: coverity, crash
Product: Core
Classification: Components
Component: Networking (show other bugs)
: Trunk
: All All
: -- critical (vote)
: ---
Assigned To: Randell Jesup [:jesup]
:
: Patrick McManus [:mcmanus]
Mentors:
http://mxr.mozilla.org/mozilla-centra...
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2009-07-31 00:00 PDT by timeless
Modified: 2011-06-09 14:58 PDT (History)
0 users
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---


Attachments
Simple patch to correct this (856 bytes, patch)
2011-05-26 05:06 PDT, Randell Jesup [:jesup]
bzbarsky: review+
Details | Diff | Splinter Review

Description timeless 2009-07-31 00:00:37 PDT
698 nsStandardURL::SegmentIs(const URLSegment &seg1, const char *val, const URLSegment &seg2, PRBool ignoreCase)

702     if (seg1.mLen == -1 || (!val && mSpec.IsEmpty()))
703         return PR_TRUE; // both are empty

so, if mSpec IsEmpty but val is null, we don't return.
seg2.mPos is presumably not a pointer, but merely an offset, and we're now going to try to use it as a pointer:

704     if (ignoreCase)
705         return !PL_strncasecmp(mSpec.get() + seg1.mPos, val + seg2.mPos, seg1.mLen); 
706     else
707         return !strncmp(mSpec.get() + seg1.mPos, val + seg2.mPos, seg1.mLen); 

note that crash-stats doesn't seem to have this, but we should at least change the code so coverity doesn't complain
Comment 1 Randell Jesup [:jesup] 2011-05-26 05:06:57 PDT
Created attachment 535303 [details] [diff] [review]
Simple patch to correct this

Incredibly simple fix.  Probably no caller in practice does this, but it should be corrected.
Comment 2 Boris Zbarsky [:bz] (still a bit busy) 2011-05-26 10:19:36 PDT
Comment on attachment 535303 [details] [diff] [review]
Simple patch to correct this

Sure.
Comment 3 Randell Jesup [:jesup] 2011-05-26 23:22:06 PDT
Checked in as http://hg.mozilla.org/mozilla-central/rev/1f752e72346d

Note You need to log in before you can comment on or make changes to this bug.