Closed Bug 950246 Opened 12 years ago Closed 12 years ago

nsDOMWindowUtils::StopFrameTimeRecording() alloc uses sizeof(float*) instead of sizeof(float)

Tracking

()

Status:

RESOLVED FIXED

Milestone:

mozilla29

People

(Reporter: dveditz, Assigned: lpy)

References

(Blocks 1 open bug)

Details

(Keywords: coverity, Whiteboard: [CID 1136628][mentor=jdm][lang=c++][qa-])

Attachments

(1 file)

bug950246.patch 12 years ago Peiyong Lin[:lpy](UTC+8) 1.01 KB, patch	khuey : review+	Details \| Diff \| Splinter Review

Daniel Veditz [:dveditz]

Reporter

Description

•

12 years ago

StopFrameTimeRecording allocates the wrong amount of space, using sizeof(float*) instead of sizeof(float). On 64-bit systems this gives us too big a buffer which is at least the safe direction. nsTArray<float> tmpFrameIntervals; [...] -> *frameIntervals = (float*)nsMemory::Alloc(*frameCount * sizeof(float*)); [...] for (uint32_t i = 0; i < *frameCount; i++) { (*frameIntervals)[i] = tmpFrameIntervals[i]; } Not sure why Coverity just picked that up this scan, it's apparently been like that since bug 826383

Josh Matthews [:jdm]

Comment 1

•

12 years ago

http://mxr.mozilla.org/mozilla-central/source/dom/base/nsDOMWindowUtils.cpp

Whiteboard: [CID 1136628] → [CID 1136628][mentor=jdm][lang=c++]

Peiyong Lin[:lpy](UTC+8)

Assignee

Comment 2

•

12 years ago

Attached patch bug950246.patch — Details — Splinter Review

I was wondering why this is not a good first bug?

Assignee: nobody → pylaurent1314

Attachment #8361763 - Flags: review?(josh)

Josh Matthews [:jdm]

Comment 3

•

12 years ago

Comment on attachment 8361763 [details] [diff] [review] bug950246.patch Redirecting the review to a DOM peer.

Attachment #8361763 - Flags: review?(josh) → review?(khuey)

Josh Matthews [:jdm]

Comment 4

•

12 years ago

I just forgot to add the the tag.

Peiyong Lin[:lpy](UTC+8)

Assignee

Comment 5

•

12 years ago

Thank you :)

Kyle Huey (Exited; not receiving bugmail, old account, do not use)

Updated

•

12 years ago

Attachment #8361763 - Flags: review?(khuey) → review+

Josh Matthews [:jdm]

Updated

•

12 years ago

Keywords: checkin-needed

Ryan VanderMeulen [:RyanVM]

Comment 6

•

12 years ago

https://hg.mozilla.org/integration/mozilla-inbound/rev/d97fcd278cd2

Keywords: checkin-needed

Wes Kocher (:KWierso) (Not reading bugmail; email directly if needed)

Comment 7

•

12 years ago

https://hg.mozilla.org/mozilla-central/rev/d97fcd278cd2

Status: NEW → RESOLVED

Closed: 12 years ago

Resolution: --- → FIXED

Target Milestone: --- → mozilla29

Ioana (away)

Updated

•

11 years ago

Whiteboard: [CID 1136628][mentor=jdm][lang=c++] → [CID 1136628][mentor=jdm][lang=c++][qa-]

Sylvestre Ledru [:Sylvestre]

Updated

•

7 years ago

Blocks: coverity-analysis

Nobody; OK to take it and work on it

Updated

•

6 years ago

Component: DOM → DOM: Core & HTML

You need to log in before you can comment on or make changes to this bug.

Bugzilla

nsDOMWindowUtils::StopFrameTimeRecording() alloc uses sizeof(float*) instead of sizeof(float)

Categories

(Core :: DOM: Core & HTML, defect)

Tracking

()

People

(Reporter: dveditz, Assigned: lpy)

References

(Blocks 1 open bug)

Details

(Keywords: coverity, Whiteboard: [CID 1136628][mentor=jdm][lang=c++][qa-])

Crash Data

Security

(public)

User Story

Attachments

(1 file)

Description

Comment 1

Comment 2

Comment 3

Comment 4

Comment 5

Updated

Updated

Comment 6

Comment 7

Updated

Updated

Updated

Attachment

General

Description

File Name

Content Type