Closed Bug 1301033 Opened 3 years ago Closed 3 years ago

[Static Analysis][Dereference after null check] In Codegen

Categories

(Core :: DOM: Core & HTML, defect)

defect
Not set

Tracking

()

RESOLVED FIXED
mozilla51
Tracking Status
firefox51 --- fixed

People

(Reporter: andi, Assigned: andi)

References

(Blocks 1 open bug)

Details

(Keywords: coverity, Whiteboard: CID 1365069 - 1365146)

Attachments

(1 file)

The Static Analysis tool Coverity detected that there could;d be a possible null pointer dereference in this context:

>>                bool isNull = val.isNullOrUndefined();
>>                // We only need these if !isNull, in which case we have |cx|.
>>                Maybe<JS::Rooted<JSObject *> > object;
>>                Maybe<JS::Rooted<JS::Value> > temp;
>>                if (!isNull) {  
>>                  object.emplace(cx, &val.toObject());
>>                  temp.emplace(cx);
>>                }

This is triggered because of this check earlier on the code:

>>               if (cx) {
>>                  atomsCache = GetAtomCache<${dictName}Atoms>(cx);
>>                  if (!*reinterpret_cast<jsid**>(atomsCache) && !InitIds(cx, atomsCache)) {
>>                    return false;
>>                  }
>>                }

Even though the comment says that if !isNull then we have |cx|, in order to eliminate the number of false-positives regarding this issue around 80, we should add a MOZ_ASSERT(cx)
Comment on attachment 8788867 [details]
Bug 1301033 - add assert cx on generated code in order to prevent false-positive from static analysis tools.

https://reviewboard.mozilla.org/r/77204/#review75426

::: dom/bindings/Codegen.py:12324
(Diff revision 1)
>                  bool isNull = val.isNullOrUndefined();
>                  // We only need these if !isNull, in which case we have |cx|.
>                  Maybe<JS::Rooted<JSObject *> > object;
>                  Maybe<JS::Rooted<JS::Value> > temp;
>                  if (!isNull) {
> +                  MOZ_ASSERT(cx);    

Remove the extra spaces.
Attachment #8788867 - Flags: review?(amarchesini) → review+
Pushed by bpostelnicu@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/22cea8abf7e4
add assert cx on generated code in order to prevent false-positive from static analysis tools. r=baku
https://hg.mozilla.org/mozilla-central/rev/22cea8abf7e4
Status: NEW → RESOLVED
Closed: 3 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla51
Component: DOM → DOM: Core & HTML
You need to log in before you can comment on or make changes to this bug.