Possible malloc of 0 and traversal of unnecessary code

VERIFIED FIXED in mozilla0.9.4

Status

()

VERIFIED FIXED
17 years ago
10 years ago

People

(Reporter: mkaply, Assigned: jst)

Tracking

Trunk
mozilla0.9.4
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [HAVE FIX])

Attachments

(1 attachment)

(Reporter)

Description

17 years ago
in nsGlobalWindow.cpp

http://lxr.mozilla.org/seamonkey/source/dom/src/base/nsGlobalWindow.cpp#2529

maxLength can come back 0 and then the Alloc is a 0 alloc and lots of 
unnecessary code is done.

Attaching diff to fix this
(Reporter)

Comment 1

17 years ago
Created attachment 43532 [details] [diff] [review]
bail out if maxLength is zero
(Assignee)

Comment 2

17 years ago
Thanks for the patch! We also need to do aResult.Truncate() if we return early
in this case.
Whiteboard: [HAVE FIX]
Target Milestone: --- → mozilla0.9.4
(Reporter)

Comment 3

17 years ago
I assume you mean aReturn.Truncate().

Hmmm. Can we do this if GetMaxLength fails as well?

I was trying to avoid adding another if condition that checked for 
maxLength == 0 given that we want to do basically the same stuff for 
GetMaxLength failing or for maxLength == 0.
(Assignee)

Comment 4

17 years ago
Yeah, that's what I meant :-)

You could even do that as the first thing in the method to cover all error
cases, zeroing out out parameters in error cases is arguably the right thing to
do, so no harm in doing that here. We don't need an extra if statement for this.
(Assignee)

Comment 5

17 years ago
Fixed.
Status: NEW → RESOLVED
Last Resolved: 17 years ago
Resolution: --- → FIXED

Comment 6

17 years ago
verified the proposed fix is checked in...
Status: RESOLVED → VERIFIED

Updated

10 years ago
Component: DOM: Core → DOM: Core & HTML
QA Contact: stummala → general
You need to log in before you can comment on or make changes to this bug.