Possible access to unintended variable in "chromium/components/renderer_context_menu/context_menu_content_type.cc" line 101
Reported by
pet...@gmail.com,
Jul 4
|
|
Issue description
UserAgent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36
Steps to reproduce the problem:
While experimenting with a CodeSonar plugin we develop, we noticed a potential bug in file "chromium/components/renderer_context_menu/context_menu_content_type.cc" line 101 function ContextMenuContentType::SupportsGroupInternal.
case ITEM_GROUP_FRAME: {
bool page_group_supported = SupportsGroupInternal(ITEM_GROUP_PAGE);
return page_group_supported && !params_.frame_url.is_empty() &&
!IsInternalResourcesURL(params_.page_url); //HERE
}
Shouldn't frame_url be used instead of page_url? page_url is already verified as the result of the invocation from line 99 (to the best of my understanding of the code).
Thanks,
Petru Florin Mihancea
What is the expected behavior?
The problem has been detected automatically via static analysis.
What went wrong?
The problem has been detected automatically via static analysis.
Did this work before? N/A
Chrome version: 67.0.3396.99 Channel: stable
OS Version: OS X 10.13.5
Flash Version:
,
Aug 30
|
|
►
Sign in to add a comment |
|
Comment 1 by dtapu...@chromium.org
, Jul 4Owner: lazyboy@chromium.org
Status: Assigned (was: Unconfirmed)