Closed Bug 92272 Opened 24 years ago Closed 24 years ago

Possible malloc of 0 and traversal of unnecessary code

Categories

(Core :: DOM: Core & HTML, defect)

Product:
Core
Component:
DOM: Core & HTML
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
VERIFIED FIXED
Milestone:
mozilla0.9.4

People

(Reporter: mkaply, Assigned: jst)

Details

(Whiteboard: [HAVE FIX])

Attachments

(1 file)

bail out if maxLength is zero
580 bytes, patch
Details | Diff | Splinter Review
in nsGlobalWindow.cpp http://lxr.mozilla.org/seamonkey/source/dom/src/base/nsGlobalWindow.cpp#2529 maxLength can come back 0 and then the Alloc is a 0 alloc and lots of unnecessary code is done. Attaching diff to fix this
Thanks for the patch! We also need to do aResult.Truncate() if we return early in this case.
Whiteboard: [HAVE FIX]
Target Milestone: --- → mozilla0.9.4
I assume you mean aReturn.Truncate(). Hmmm. Can we do this if GetMaxLength fails as well? I was trying to avoid adding another if condition that checked for maxLength == 0 given that we want to do basically the same stuff for GetMaxLength failing or for maxLength == 0.
Yeah, that's what I meant :-) You could even do that as the first thing in the method to cover all error cases, zeroing out out parameters in error cases is arguably the right thing to do, so no harm in doing that here. We don't need an extra if statement for this.
Fixed.
Status: NEW → RESOLVED
Closed: 24 years ago
Resolution: --- → FIXED
verified the proposed fix is checked in...
Status: RESOLVED → VERIFIED
Component: DOM: Core → DOM: Core & HTML
QA Contact: stummala → general
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: