Closed
Bug 1250134
Opened 8 years ago
Closed 8 years ago
[Static Analysis][Dereference after null check] In function nsCycleCollector::CollectWhite
Categories
(Core :: XPCOM, defect)
Core
XPCOM
Tracking
()
RESOLVED
FIXED
mozilla47
| Tracking | Status | |
|---|---|---|
| firefox47 | --- | fixed |
People
(Reporter: andi, Assigned: andi)
References
(Blocks 1 open bug)
Details
(Keywords: coverity, Whiteboard: CID 1353455)
Attachments
(1 file)
The Static Analysis tool Coverity added that pointer |mJSRuntime| is dereferenced after it's null checked: null checked: >> bool hasJSRuntime = !!mJSRuntime; >> nsCycleCollectionParticipant* zoneParticipant = >> hasJSRuntime ? mJSRuntime->ZoneParticipant() : nullptr; dereferencing: >> mJSRuntime->AddZoneWaitingForGC(zone); >> } else {
|
Assignee | |
Comment 1•8 years ago
|
||
Review commit: https://reviewboard.mozilla.org/r/35815/diff/#index_header See other reviews: https://reviewboard.mozilla.org/r/35815/
|
||
Comment 2•8 years ago
|
||
I can review cycle collector changes. This null check is actually redundant because IsGrayJS() can only be true if mJSRuntime is true. Maybe there could be an assert for that or something because it isn't directly obvious from the code.
|
|
||
Comment 3•8 years ago
|
||
Or something like MOZ_RELEASE_ASSERT(mJSRuntime) if that would make Coverity happier.
|
|
||
Updated•8 years ago
|
Attachment #8721977 -
Flags: review-
|
|
Assignee | |
Comment 4•8 years ago
|
||
(In reply to Andrew McCreight [:mccr8] from comment #3) > Or something like MOZ_RELEASE_ASSERT(mJSRuntime) if that would make Coverity > happier. I've added MOZ_ASSERT since coverity runs on a debug build and 't think we need this kind of assert on our release as well.
|
|
Assignee | |
Updated•8 years ago
|
Attachment #8721977 -
Attachment description: MozReview Request: Bug 1250134 - call AddZoneWaitingForGC only if mJSRuntime is not nullptr. r?nfroyd → MozReview Request: Bug 1250134 - assert mJSRuntime when IsGrayJS() is true. r?mccr8
Attachment #8721977 -
Flags: review- → review?(continuation)
|
|
Assignee | |
Comment 5•8 years ago
|
||
Comment on attachment 8721977 [details] MozReview Request: Bug 1250134 - assert mJSRuntime when IsGrayJS() is true. r?mccr8 Review request updated; see interdiff: https://reviewboard.mozilla.org/r/35815/diff/1-2/
|
|
||
Comment 6•8 years ago
|
||
Comment on attachment 8721977 [details] MozReview Request: Bug 1250134 - assert mJSRuntime when IsGrayJS() is true. r?mccr8 https://reviewboard.mozilla.org/r/35815/#review32685 Thanks.
Attachment #8721977 -
Flags: review?(continuation) → review+
|
||
Comment 8•8 years ago
|
||
| bugherder | ||
https://hg.mozilla.org/mozilla-central/rev/bf62a6c05fa7
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla47
You need to log in
before you can comment on or make changes to this bug.
Description
•