Closed Bug 620413 Opened 9 years ago Closed 9 years ago

useless check of stopFrame in nsSVGGradientFrame::GetStopInformation

Categories

(Core :: SVG, enhancement)

enhancement
Not set

Tracking

()

RESOLVED FIXED
mozilla2.0b12

People

(Reporter: timeless, Assigned: timeless)

References

(Blocks 1 open bug)

Details

(Keywords: coverity)

Attachments

(1 file)

106 nsSVGGradientFrame::GetStopInformation(PRInt32 aIndex,
107                                        float *aOffset,
108                                        nscolor *aStopColor,
109                                        float *aStopOpacity)
110 {
115   nsIFrame *stopFrame = nsnull;
116   GetStopFrame(aIndex, &stopFrame);

crash here:
117   nsCOMPtr<nsIDOMSVGStopElement> stopElement =
118     do_QueryInterface(stopFrame->GetContent());

check here:
131   if (stopFrame) {
We can't crash.

GetPaintServerPattern calls GetStopCount which will return 0 if there are no stop frames.

We only call GetStopInformation if GetStopCount > 0 and therefore we're guaranteed to get a frame.
Keywords: crash
Severity: critical → enhancement
Summary: crash [@ nsSVGGradientFrame::GetStopInformation] if !stopFrame → useless check of stopFrame in nsSVGGradientFrame::GetStopInformation
Attached patch per comment 1Splinter Review
Assignee: nobody → timeless
Status: NEW → ASSIGNED
Attachment #498900 - Flags: review?(longsonr)
Attachment #498900 - Flags: approval2.0?
Attachment #498900 - Flags: review?(longsonr) → review+
Attachment #498900 - Flags: approval2.0? → approval2.0+
Keywords: checkin-needed
http://hg.mozilla.org/mozilla-central/rev/7a6f85f6891e
Status: ASSIGNED → RESOLVED
Closed: 9 years ago
Keywords: checkin-needed
Resolution: --- → FIXED
Target Milestone: --- → mozilla2.0b12
Depends on: 636437
You need to log in before you can comment on or make changes to this bug.