Closed Bug 1240716 Opened 4 years ago Closed 4 years ago

[Static Analysis][Uninitialized pointer field] In function ProfilingFrameIterator::ProfilingFrameIterator(const WasmActivation&, const RegisterState&) from WasmFrameIterator.cpp

Categories

(Core :: JavaScript Engine, defect)

defect
Not set

Tracking

()

RESOLVED DUPLICATE of bug 1240717
Tracking Status
firefox46 --- affected

People

(Reporter: andi, Assigned: andi)

References

(Blocks 1 open bug)

Details

(Keywords: coverity, Whiteboard: CID)

The Static Analysis tool Coverity added that pointer stackAddress_ is not initialized in the constructor in the following case:

>>      case CodeRange::Inline: {
>>        // The throw stub clears WasmActivation::fp on it's way out.  
>>        if (!fp) {
>>            MOZ_ASSERT(done());   	
>>            return;
>>        }

We can see that pointer is initiliazed at the end of the switch(codeRange->kind()) block:

>>    codeRange_ = codeRange;
>>    stackAddress_ = state.sp;
>>    MOZ_ASSERT(!done());

It can be seen there that also pointer codeRange_ is attributed a value that was previously initialized at the beginning of the contructor. Even though this could not be a problem we could still initialized pointer stackAddress_ in the constructor same as codeRange_ with a nullptr.
For the former case, could the static analysis observe that the CodeRange::Inline case asserts done() and the only use of stackAddress_ (wasm::ProfilingFrameIterator::stackAddress) asserts !done()?

I don't quite follow the second comment: codeRange_ == NULL is what makes done() == true which is that this case is intending (and asserting).
hello Luke i don't know why but this bug has been entered two times in Bugzilla, the bug that actually has a patch is: https://bugzilla.mozilla.org/show_bug.cgi?id=1240717.
Can we actually mark this as a duplicate with https://bugzilla.mozilla.org/show_bug.cgi?id=1240717 or just close it?
Status: NEW → RESOLVED
Closed: 4 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 1240717
You need to log in before you can comment on or make changes to this bug.