diff --git a/security/manager/ssl/src/PSMContentListener.cpp b/security/manager/ssl/src/PSMContentListener.cpp index 5b902424d2e8..dcb754fa81a3 100644 --- a/security/manager/ssl/src/PSMContentListener.cpp +++ b/security/manager/ssl/src/PSMContentListener.cpp @@ -13,6 +13,7 @@ #include "nsIStreamListener.h" #include "nsIX509CertDB.h" +#include "mozilla/Casting.h" #include "mozilla/Services.h" #include "nsCRT.h" @@ -92,7 +93,7 @@ PSMContentDownloader::OnStartRequest(nsIRequest* request, nsISupports* context) mBufferOffset = 0; mBufferSize = 0; - mByteData = (char*) nsMemory::Alloc(contentLength); + mByteData = (char*) nsMemory::Alloc(SafeCast(contentLength)); if (!mByteData) return NS_ERROR_OUT_OF_MEMORY; diff --git a/security/manager/ssl/src/SSLServerCertVerification.cpp b/security/manager/ssl/src/SSLServerCertVerification.cpp index 44a2877ac857..a01c78a4a757 100644 --- a/security/manager/ssl/src/SSLServerCertVerification.cpp +++ b/security/manager/ssl/src/SSLServerCertVerification.cpp @@ -807,10 +807,11 @@ BlockServerCertChangeForSpdy(nsNSSSocketInfo *infoObject, return SECSuccess; // If GetNegotiatedNPN() failed we will assume spdy for safety's safe - if (NS_FAILED(rv)) + if (NS_FAILED(rv)) { PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("BlockServerCertChangeForSpdy failed GetNegotiatedNPN() call." " Assuming spdy.\n")); + } // Check to see if the cert has actually changed ScopedCERTCertificate c(cert2->GetCert()); diff --git a/security/manager/ssl/src/nsCMS.cpp b/security/manager/ssl/src/nsCMS.cpp index 72479f56b979..8443a433b143 100644 --- a/security/manager/ssl/src/nsCMS.cpp +++ b/security/manager/ssl/src/nsCMS.cpp @@ -259,6 +259,7 @@ nsresult nsCMSMessage::CommonVerifySignature(unsigned char* aDigestData, uint32_ nsigners = NSS_CMSSignedData_SignerInfoCount(sigd); PR_ASSERT(nsigners > 0); + NS_ENSURE_TRUE(nsigners > 0, NS_ERROR_UNEXPECTED); si = NSS_CMSSignedData_GetSignerInfo(sigd, 0); // See bug 324474. We want to make sure the signing cert is diff --git a/security/manager/ssl/src/nsKeygenThread.cpp b/security/manager/ssl/src/nsKeygenThread.cpp index 8bd247578ac8..9c60fa7a9756 100644 --- a/security/manager/ssl/src/nsKeygenThread.cpp +++ b/security/manager/ssl/src/nsKeygenThread.cpp @@ -11,6 +11,7 @@ #include "nsIObserver.h" #include "nsNSSShutDown.h" #include "PSMRunnable.h" +#include "mozilla/DebugOnly.h" using namespace mozilla; using namespace mozilla::psm; @@ -235,7 +236,7 @@ void nsKeygenThread::Run(void) } if (notifyObserver) { - nsresult rv = NS_DispatchToMainThread(notifyObserver); + DebugOnly rv = NS_DispatchToMainThread(notifyObserver); NS_ASSERTION(NS_SUCCEEDED(rv), "failed to dispatch keygen thread observer to main thread"); } diff --git a/security/manager/ssl/src/nsNSSIOLayer.cpp b/security/manager/ssl/src/nsNSSIOLayer.cpp index 5662858047e7..42945bdec2d6 100644 --- a/security/manager/ssl/src/nsNSSIOLayer.cpp +++ b/security/manager/ssl/src/nsNSSIOLayer.cpp @@ -7,6 +7,7 @@ #include "nsNSSComponent.h" #include "nsNSSIOLayer.h" +#include "mozilla/DebugOnly.h" #include "mozilla/Telemetry.h" #include "prlog.h" @@ -424,7 +425,7 @@ void nsNSSSocketInfo::GetPreviousCert(nsIX509Cert** _result) #ifndef NSS_NO_LIBPKIX RefPtr runnable(new PreviousCertRunnable(mCallbacks)); - nsresult rv = runnable->DispatchToMainThreadAndWait(); + DebugOnly rv = runnable->DispatchToMainThreadAndWait(); NS_ASSERTION(NS_SUCCEEDED(rv), "runnable->DispatchToMainThreadAndWait() failed"); runnable->mPreviousCert.forget(_result); #endif @@ -470,7 +471,8 @@ nsNSSSocketInfo::SetCertVerificationResult(PRErrorCode errorCode, } if (mPlaintextBytesRead && !errorCode) { - Telemetry::Accumulate(Telemetry::SSL_BYTES_BEFORE_CERT_CALLBACK, mPlaintextBytesRead); + Telemetry::Accumulate(Telemetry::SSL_BYTES_BEFORE_CERT_CALLBACK, + SafeCast(mPlaintextBytesRead)); } mCertVerificationState = after_cert_verification; diff --git a/security/manager/ssl/src/nsPKCS12Blob.cpp b/security/manager/ssl/src/nsPKCS12Blob.cpp index 818af0e21fc7..2e3afac54f70 100644 --- a/security/manager/ssl/src/nsPKCS12Blob.cpp +++ b/security/manager/ssl/src/nsPKCS12Blob.cpp @@ -138,7 +138,7 @@ nsPKCS12Blob::ImportFromFileHelper(nsIFile *file, nsPKCS12Blob::RetryReason &aWantRetry) { nsNSSShutDownPreventionLock locker; - nsresult rv; + nsresult rv = NS_OK; SECStatus srv = SECSuccess; SEC_PKCS12DecoderContext *dcx = nullptr; SECItem unicodePw; diff --git a/security/manager/ssl/src/nsProtectedAuthThread.cpp b/security/manager/ssl/src/nsProtectedAuthThread.cpp index 3564989e9ba4..b5f4c45793f0 100644 --- a/security/manager/ssl/src/nsProtectedAuthThread.cpp +++ b/security/manager/ssl/src/nsProtectedAuthThread.cpp @@ -3,6 +3,7 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ #include "pk11func.h" +#include "mozilla/DebugOnly.h" #include "mozilla/RefPtr.h" #include "nsCOMPtr.h" #include "PSMRunnable.h" @@ -129,7 +130,7 @@ void nsProtectedAuthThread::Run(void) } if (notifyObserver) { - nsresult rv = NS_DispatchToMainThread(notifyObserver); + DebugOnly rv = NS_DispatchToMainThread(notifyObserver); NS_ASSERTION(NS_SUCCEEDED(rv), "failed to dispatch protected auth observer to main thread"); }