1240716 - [Static Analysis][Uninitialized pointer field] In function ProfilingFrameIterator::ProfilingFrameIterator(const WasmActivation&, const RegisterState&) from WasmFrameIterator.cpp

Status: RESOLVED DUPLICATE of bug 1240717

(Core :: JavaScript Engine, defect)

Description

[Andi [:andi]]

The Static Analysis tool Coverity added that pointer stackAddress_ is not initialized in the constructor in the following case:

>>      case CodeRange::Inline: {
>>        // The throw stub clears WasmActivation::fp on it's way out.  
>>        if (!fp) {
>>            MOZ_ASSERT(done());   	
>>            return;
>>        }

We can see that pointer is initiliazed at the end of the switch(codeRange->kind()) block:

>>    codeRange_ = codeRange;
>>    stackAddress_ = state.sp;
>>    MOZ_ASSERT(!done());

It can be seen there that also pointer codeRange_ is attributed a value that was previously initialized at the beginning of the contructor. Even though this could not be a problem we could still initialized pointer stackAddress_ in the constructor same as codeRange_ with a nullptr.

Comment 1

[Luke Wagner [:luke]]

For the former case, could the static analysis observe that the CodeRange::Inline case asserts done() and the only use of stackAddress_ (wasm::ProfilingFrameIterator::stackAddress) asserts !done()?

I don't quite follow the second comment: codeRange_ == NULL is what makes done() == true which is that this case is intending (and asserting).

Comment 2

[Andi [:andi]]

hello Luke i don't know why but this bug has been entered two times in Bugzilla, the bug that actually has a patch is: https://bugzilla.mozilla.org/show_bug.cgi?id=1240717.
Can we actually mark this as a duplicate with https://bugzilla.mozilla.org/show_bug.cgi?id=1240717 or just close it?