Closed Bug 1251241 Opened 9 years ago Closed 9 years ago

[Static Analysis][Dereference after null check] In function DrawTargetCairo::FillGlyphs

Tracking

()

Status:

RESOLVED FIXED

Milestone:

mozilla47

Tracking Flags:

Tracking

Status

firefox47

---

fixed

People

(Reporter: andi, Assigned: andi)

References

(Blocks 1 open bug)

Details

(Keywords: coverity, Whiteboard: CID 1354260)

Attachments

(1 file)

MozReview Request: Bug 1251241 - return from DrawTargetCairo::FillGlyphs if \|aFont\| is nullptr. r?roc 9 years ago Andi [:andi] (deleted), text/x-review-board-request	roc : review+	Details

Andi [:andi]

Assignee

Description

•

9 years ago

The Static Analysis tool Coverity added if variable |aFont| is nullptr, as it's checked below: >> if (!aFont) { >> gfxDevCrash(LogReason::InvalidFont) << "Invalid scaled font"; >> } it can cause a null pointer dereference: >> ScaledFontBase* scaledFont = static_cast<ScaledFontBase*>(aFont); >> cairo_set_scaled_font(mContext, scaledFont->GetCairoScaledFont()); As i don't think the execution of the function can continue without sending to cairo the scaled font i thin we should return from the actual function. Also gfxDevCrash only constructs object Log<LOG_CRITICAL, CriticalLogger> on debug mode at least.

Andi [:andi]

Assignee

Comment 1

•

9 years ago

Attached file MozReview Request: Bug 1251241 - return from DrawTargetCairo::FillGlyphs if |aFont| is nullptr. r?roc (deleted) — Details

Review commit: https://reviewboard.mozilla.org/r/36611/diff/#index_header See other reviews: https://reviewboard.mozilla.org/r/36611/

Attachment #8723563 - Flags: review?(roc)

Andi [:andi]

Assignee

Updated

•

9 years ago

Attachment #8723563 - Attachment description: MozReview Request: Bug 1251241 - return from DrawTargetCairo::FillGlyphs is aFont is nullptr. r?roc → MozReview Request: Bug 1251241 - return from DrawTargetCairo::FillGlyphs if |aFont| is nullptr. r?roc

Andi [:andi]

Assignee

Comment 2

•

9 years ago

Comment on attachment 8723563 [details] MozReview Request: Bug 1251241 - return from DrawTargetCairo::FillGlyphs if |aFont| is nullptr. r?roc Review request updated; see interdiff: https://reviewboard.mozilla.org/r/36611/diff/1-2/

Robert O'Callahan (:roc) (email my personal email if necessary)

Comment 3

•

9 years ago

Comment on attachment 8723563 [details] MozReview Request: Bug 1251241 - return from DrawTargetCairo::FillGlyphs if |aFont| is nullptr. r?roc https://reviewboard.mozilla.org/r/36611/#review33231

Attachment #8723563 - Flags: review?(roc)

Robert O'Callahan (:roc) (email my personal email if necessary)

Updated

•

9 years ago

Attachment #8723563 - Flags: review+

Robert O'Callahan (:roc) (email my personal email if necessary)

Comment 4

•

9 years ago

Comment on attachment 8723563 [details] MozReview Request: Bug 1251241 - return from DrawTargetCairo::FillGlyphs if |aFont| is nullptr. r?roc https://reviewboard.mozilla.org/r/36611/#review33233

Pulsebot

Comment 5

•

9 years ago

https://hg.mozilla.org/integration/mozilla-inbound/rev/8fc40777e0aa

Wes Kocher (:KWierso) (Not reading bugmail; email directly if needed)

Comment 6

•

9 years ago

bugherder

https://hg.mozilla.org/mozilla-central/rev/8fc40777e0aa

Status: NEW → RESOLVED

Closed: 9 years ago

status-firefox47: affected → fixed

Resolution: --- → FIXED

Target Milestone: --- → mozilla47

You need to log in before you can comment on or make changes to this bug.

Bugzilla

[Static Analysis][Dereference after null check] In function DrawTargetCairo::FillGlyphs

Categories

(Core :: Graphics, defect)

Tracking

()

People

(Reporter: andi, Assigned: andi)

References

(Blocks 1 open bug)

Details

(Keywords: coverity, Whiteboard: CID 1354260)

Crash Data

Security

(public)

User Story

Attachments

(1 file)

Description

Comment 1

Updated

Comment 2

Comment 3

Updated

Comment 4

Comment 5

Comment 6

Attachment

General

Description

File Name

Content Type