Closed Bug 336047 Opened 18 years ago Closed 14 years ago

Off by one error in nsSVGPolygonFrame::GetMarkPoints, coverity 345

Categories

(Core :: SVG, defect)

Product:
Core
Component:
SVG
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: jonsmirl, Unassigned)

References

(Blocks 1 open bug)

Details

(Keywords: coverity)

Attachments

(1 file)

initialize startAngle
(deleted), patch
Details | Diff | Splinter Review 
I'm not sure how to fix this. If you get into GetMarkPoints() with one point you will use an uninitialized variable, startAngle. It is not clear to me if the fix is to ensure that count is 2 or more, or fix things so that they work for the single point case.

This may be the correct fix, but someone with more specific SVG knowledge needs to check this.

Index: layout/svg/base/src/nsSVGPolygonFrame.cpp
===================================================================
RCS file: /cvsroot/mozilla/layout/svg/base/src/nsSVGPolygonFrame.cpp,v
retrieving revision 1.14
diff -u -r1.14 nsSVGPolygonFrame.cpp
--- layout/svg/base/src/nsSVGPolygonFrame.cpp	6 Apr 2006 13:02:53 -0000	1.14
+++ layout/svg/base/src/nsSVGPolygonFrame.cpp	30 Apr 2006 21:26:10 -0000
@@ -207,9 +207,9 @@
     point->GetY(&y);
 
     float angle = atan2(y-py, x-px);
-    if (i == 1)
+    if (i < 1)
       startAngle = angle;
-    else if (i > 1)
+    else
       ((nsSVGMark *)aMarks->ElementAt(aMarks->Count()-1))->angle = 
         nsSVGUtils::AngleBisect(prevAngle, angle);
Coverity 342, 344, 344, 345 all complain about unitialized variables in this routine.

External assumptions need to be made about PATHSEG_CLOSEPATH coming after the other segments. While this may always be true the routine doesn't check for it and Coverity can't correctly identify the errors if any.
Attached patch initialize startAngle (deleted) — Splinter Review 

    
    

    
  
Tor, did you mean to set reviews?

    
    

    
  
tor, this file was removed a while ago. Can this bug just be resolved?
Assignee: general → nobody
QA Contact: ian → general

    
    

    
  
The code was moved to nsSVGPolyElement.cpp it has changed also so startAngle does not exist any more. Does coverity complain about anything in nsSVGPolyElement, f not this bug could be closed as worksforme.

    
    

    
  
This code is gone. Similar bugs in the replacement code are covered in bug 614522.
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → WORKSFORME

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: