Closed Bug 1302064 Opened 3 years ago Closed 3 years ago

[Static Analysis][Use after free] In function WasmArrayRawBuffer::Release

Categories

(Core :: JavaScript Engine, defect)

defect
Not set

Tracking

()

RESOLVED FIXED
mozilla51
Tracking Status
firefox51 --- fixed

People

(Reporter: andi, Assigned: andi)

References

(Blocks 1 open bug)

Details

(Keywords: coverity, Whiteboard: CID 1372418)

Attachments

(1 file)

The Static Analysis tool Coverity detected that pointer |base| is used after it's been freed.

>># ifdef XP_WIN
>>    VirtualFree(base, 0, MEM_RELEASE);
>># else  // XP_WIN
>>    munmap(base, mappedSizeWithHeader);
>># endif  // !XP_WIN   	
>>    MemProfiler::RemoveNative(base);

In this particular case this is not a problem since the pointer is not dereferenced but in order to silence this checker can't we add MemProfiler::RemoveNative(base); before the free?
Comment on attachment 8790237 [details]
Bug 1302064 - prevent static analysis use after free checker for base.

(stealing)
Attachment #8790237 - Flags: review?(jorendorff) → review+
Pushed by bpostelnicu@mozilla.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/7f3a9e231855
prevent static analysis use after free checker for base. r=luke
https://hg.mozilla.org/mozilla-central/rev/7f3a9e231855
Status: NEW → RESOLVED
Closed: 3 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla51
You need to log in before you can comment on or make changes to this bug.