Closed
Bug 317959
Opened 19 years ago
Closed 19 years ago
nsTArray crashes when dealing with 0-sized arrays
Categories
(Core :: XPCOM, defect)
Core
XPCOM
Tracking
()
RESOLVED
FIXED
mozilla1.9alpha1
People
(Reporter: bryner, Assigned: darin.moz)
Details
Attachments
(1 file, 1 obsolete file)
(deleted),
patch
|
bryner
:
review+
bryner
:
superreview+
|
Details | Diff | Splinter Review |
nsTArray's Replace/InsertElementsAt and AppendElements unconditionally dereference [0] on the array that's passed to the method. This isn't safe if the other array has 0 elements. Patch coming up.
Reporter | ||
Comment 1•19 years ago
|
||
Attachment #204317 -
Flags: review?(darin)
Assignee | ||
Comment 2•19 years ago
|
||
Comment on attachment 204317 [details] [diff] [review]
patch
>Index: nsTArray.h
> PRBool ReplaceElementsAt(index_type start, size_type count,
> const self_type& a) {
>- return ReplaceElementsAt(start, count, &a[0], a.Length());
>+ PRUint32 length = a.Length();
>+ return (length == 0) ? PR_TRUE
>+ : ReplaceElementsAt(start, count, &a[0], length);
> }
If |a| is empty (see .IsEmpty() method), then that doesn't make
ReplaceElementsAt a no-op. Instead, it means that we need to
remove |count| elements from the offset |start|.
It'd be nice if there was a way to avoid the branches checking
for an empty string. Perhaps the solution is to use |a.Elements()|
instead of "&a[0]".
Attachment #204317 -
Flags: review?(darin) → review-
Assignee | ||
Comment 3•19 years ago
|
||
Assignee: bryner → darin
Attachment #204317 -
Attachment is obsolete: true
Status: NEW → ASSIGNED
Attachment #204372 -
Flags: superreview?(bryner)
Attachment #204372 -
Flags: review?(bryner)
Reporter | ||
Updated•19 years ago
|
Attachment #204372 -
Flags: superreview?(bryner)
Attachment #204372 -
Flags: superreview+
Attachment #204372 -
Flags: review?(bryner)
Attachment #204372 -
Flags: review+
Reporter | ||
Comment 4•19 years ago
|
||
checked in
Status: ASSIGNED → RESOLVED
Closed: 19 years ago
Resolution: --- → FIXED
Assignee | ||
Updated•19 years ago
|
Target Milestone: --- → mozilla1.9alpha
You need to log in
before you can comment on or make changes to this bug.
Description
•