Closed Bug 507569 Opened 11 years ago Closed 9 years ago
crash if val is null and m
Spec is not empty [@ strncmp - ns Standard URL::Segment Is][@ PL _strncasecmp - ns Standard URL::Segment Is]
698 nsStandardURL::SegmentIs(const URLSegment &seg1, const char *val, const URLSegment &seg2, PRBool ignoreCase) 702 if (seg1.mLen == -1 || (!val && mSpec.IsEmpty())) 703 return PR_TRUE; // both are empty so, if mSpec IsEmpty but val is null, we don't return. seg2.mPos is presumably not a pointer, but merely an offset, and we're now going to try to use it as a pointer: 704 if (ignoreCase) 705 return !PL_strncasecmp(mSpec.get() + seg1.mPos, val + seg2.mPos, seg1.mLen); 706 else 707 return !strncmp(mSpec.get() + seg1.mPos, val + seg2.mPos, seg1.mLen); note that crash-stats doesn't seem to have this, but we should at least change the code so coverity doesn't complain
Incredibly simple fix. Probably no caller in practice does this, but it should be corrected.
Assignee: nobody → rjesup
Status: NEW → ASSIGNED
Attachment #535303 - Flags: review?
Comment on attachment 535303 [details] [diff] [review] Simple patch to correct this Sure.
Attachment #535303 - Flags: review?(bzbarsky) → review+
Checked in as http://hg.mozilla.org/mozilla-central/rev/1f752e72346d
Status: ASSIGNED → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
Crash Signature: [@ strncmp - nsStandardURL::SegmentIs] [@ PL_strncasecmp - nsStandardURL::SegmentIs]
You need to log in before you can comment on or make changes to this bug.