Closed Bug 620274 Opened 14 years ago Closed 13 years ago

nsSVGForeignObjectFrame::PaintSVG needlessly checks aDirtyRect

Categories

(Core :: SVG, defect)

defect
Not set
minor

Tracking

()

RESOLVED INVALID

People

(Reporter: timeless, Unassigned)

References

(Blocks 1 open bug)

Details

(Keywords: coverity)

Attachments

(2 obsolete files)

198 nsSVGForeignObjectFrame::PaintSVG(nsSVGRenderState *aContext, 199 const nsIntRect *aDirtyRect) 218 /* Check if we need to draw anything. */ null check: 219 if (aDirtyRect) { 220 PRInt32 appUnitsPerDevPx = PresContext()->AppUnitsPerDevPixel(); 221 if (!mRect.ToOutsidePixels(appUnitsPerDevPx).Intersects(*aDirtyRect)) 222 return NS_OK; 223 } no null check: 247 gfxRect transDirtyRect = gfxRect(aDirtyRect->x, aDirtyRect->y, 248 aDirtyRect->width, aDirtyRect->height);
Severity: critical → minor
Keywords: crash
Attached patch patch (obsolete) — Splinter Review
There's no caller of the method that passes non-null as aDirtyRect.
Attachment #528000 - Flags: review?(dholbert)
Comment on attachment 528000 [details] [diff] [review] patch > NS_IMETHODIMP > nsSVGForeignObjectFrame::PaintSVG(nsSVGRenderState *aContext, > const nsIntRect *aDirtyRect) > { >+ NS_PRECONDITION(aDirtyRect, "We expect aDirtyRect to be non-null"); >+ I think I'd prefer NS_ABORT_IF_FALSE, but I won't hold you to that. :)
Attachment #528000 - Flags: review?(dholbert) → review+
Attached patch hg changeset patch (obsolete) — Splinter Review
Assignee: nobody → longsonr
Attachment #528000 - Attachment is obsolete: true
Summary: crash [@ nsSVGForeignObjectFrame::PaintSVG] if !aDirtyRect → nsSVGForeignObjectFrame::PaintSVG needlessly checks !aDirtyRect
Summary: nsSVGForeignObjectFrame::PaintSVG needlessly checks !aDirtyRect → nsSVGForeignObjectFrame::PaintSVG needlessly checks aDirtyRect
Status: NEW → RESOLVED
Closed: 14 years ago
Keywords: checkin-needed
Resolution: --- → FIXED
Target Milestone: --- → mozilla6
Depends on: 667324
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Attachment #528018 - Attachment is obsolete: true
Assignee: longsonr → nobody
Target Milestone: mozilla6 → ---
So if you have a foreignObject in a pattern then you can get a call with aDirtyRect null. That seems to be the only case. I don't think foreignObject works at all in a pattern though as IsDisabled() will always be true since the foreignObject's mRect won't be initialised currently.
The null checks are needed, and in fact were extended in bug 716527.
Status: REOPENED → RESOLVED
Closed: 14 years ago13 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: