-
Notifications
You must be signed in to change notification settings - Fork 5k
PVS-Studio: fixed vulnerability CWE-476 (NULL Pointer Dereference) #16807
Changes from all commits
715dae2
0e6da0e
81177fa
7de229d
785d16f
0a3b466
19af27a
641cbb8
4242d28
8864066
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -103,7 +103,7 @@ internal CompilerInfo(CompilerParameters compilerParams, string codeDomProviderT | |
public override bool Equals(object o) | ||
{ | ||
CompilerInfo other = o as CompilerInfo; | ||
if (o == null) | ||
if (other == null) | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. The fact that all of our tests were passing before this change suggests that we're missing some test coverage. To go along with your fixes, can you add tests that would have failed before the changes? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I would be glad to do this, but I doubt that my manager would approve these actions. Most likely he will say something "We are a small company and cannot develop Microsoft projects for free" :) If you wish, I could give you contacts of our CEO and you could discuss variants of paid collaboration. We really could fix all the warnings and write tests, we do such tasks. Here is the example of how we did it for Unreal Engine. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. In general, we consider src/tests to be a unit, such that we ask contributors changing src to ensure that the tests for the thing being changed are appropriate. Doing so helps to ensure that the fix is actually a fix (and not a regression, as it was in the case of one of your changes you backed out... imagine how bad things could have been if we didn't have those tests and we merged the change). We can skip doing so this time for the few remaining modifications, but for any future contributions please do so. Thanks for the interest in contributing! |
||
{ | ||
return false; | ||
} | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It is better to use
object.ReferenceEquals
to avoid calling the equality operatorThere was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Roslyn is smart enough to avoid the string equality operator when comparing null, so object.ReferenceEquals isn't necessary.