Hi.
The only Coverity issue reported in librendrer is a potential null
pointer dereference. I thought I should try to bring down the number
of defects in this module to zero, but I am unable to figure out how
to fix it. The problem is in the function cairo_pattern_t*
operator()(const BitmapFill& f) const. There, the dynamic_cast might
fail, but there is no check before using the result. As far as I can
tell, there is no alternative to throwing an exception to report the
error, but as far as I can see no other part of librendrer throw any
exceptions. Is it safe to introduce throwing to report the problem?
Here is a sketch for a fix, to give you an idea about the location in
the code:
diff --git a/librender/cairo/Renderer_cairo.cpp
b/librender/cairo/Renderer_cairo.cpp
index c597dd4..2e95686 100644
--- a/librender/cairo/Renderer_cairo.cpp
+++ b/librender/cairo/Renderer_cairo.cpp
@@ -299,6 +299,9 @@ struct StyleHandler :
boost::static_visitor<cairo_pattern_t*>
const bitmap_info_cairo* binfo =
dynamic_cast<const bitmap_info_cairo*>(bm);
+ if (NULL == binfo) { // CID 1154657, binfo used below
+ throw std::bad_cast();
+ }
cairo_matrix_t mat;
init_cairo_matrix(&mat, m);
--
Happy hacking
Petter Reinholdtsen
_______________________________________________
Gnash-dev mailing list
Gnash-dev@gnu.org
https://lists.gnu.org/mailman/listinfo/gnash-dev
