[Webkit-unassigned] [Bug 30502] New: Dereference of uninitialized variable
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Sun Oct 18 22:48:34 PDT 2009
https://bugs.webkit.org/show_bug.cgi?id=30502
Summary: Dereference of uninitialized variable
Product: WebKit
Version: 528+ (Nightly build)
Platform: All
OS/Version: All
Status: NEW
Severity: Minor
Priority: P3
Component: WebCore Misc.
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: tkent at chromium.org
WebCore/dom/Element.cpp setBooleanAttribute();
ExceptionCode ex;
removeAttribute(name, ex);
removeAttribute():
void Element::removeAttribute(const QualifiedName& name, ExceptionCode& ec)
{
if (namedAttrMap) {
namedAttrMap->removeNamedItem(name, ec);
if (ec == NOT_FOUND_ERR)
ec = 0;
}
}
removeNamedItem() doesn't set any value to ec if the specified attribute
exists. So, if removeAttribute() is called by setBooleanAttribute(),
uninitialized ec can be referred at "if (ec == NOT_FOUND_ERR)".
Note: This never makes a real bug because ex in setBooleanAttribute() is not
used after removeAttribute() call.
Valgrind complaints about this.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list