Bug 21845 - m_frame null checked but then dereferenced
Summary: m_frame null checked but then dereferenced
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebCore Misc. (show other bugs)
Version: 528+ (Nightly build)
Hardware: All All
: P2 Normal
Assignee: Darin Fisher (:fishd, Google)
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2008-10-23 17:57 PDT by Darin Fisher (:fishd, Google)
Modified: 2008-10-23 18:05 PDT (History)
1 user (show)

See Also:

Attachments
v1 patch: add early return (1.04 KB, patch)
2008-10-23 17:59 PDT, Darin Fisher (:fishd, Google) 		eric: review+
Details | Formatted Diff | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Darin Fisher (:fishd, Google) 2008-10-23 17:57:40 PDT 
m_frame null checked but then dereferenced

in EventHandler::allowDHTMLDrag, it appears that a return statement is missing.

it looks like this code was introduced in http://trac.webkit.org/changeset/19230 

this was found using a static analysis tool.  i don't know if it is actually possible for m_frame to be null, so i don't know how to judge the severity of this bug.  maybe the null checking code should just be removed.
Comment 1 Darin Fisher (:fishd, Google) 2008-10-23 17:59:53 PDT 
Created attachment 24629 [details]
v1 patch: add early return
Comment 2 Eric Seidel (no email) 2008-10-23 18:01:12 PDT 
Comment on attachment 24629 [details]
v1 patch: add early return

This looks to me like what the author intended in their original code.  Certainly the existing code is incorrect.
Comment 3 Eric Seidel (no email) 2008-10-23 18:01:53 PDT 
Please add a comment to your changelog when landing about how this was found using a static analysis tool and thus there are no reproduction steps for a test case.
Comment 4 Darin Fisher (:fishd, Google) 2008-10-23 18:05:39 PDT 
http://trac.webkit.org/changeset/37834