1439770 - Inline constant argument to InterfaceDescriptorAddTypes

Status: RESOLVED FIXED

(Core :: XPCOM, enhancement)

Description

[Andrew McCreight [:mccr8]]

This method's third argument is an integer, but there's a single caller that only passes in 1, so just inline that argument. Incidentally, this exposed a minor integer overflow bug, because the compiler was able to understand the simplified code enough to give a warning.

Comment 1

[Andrew McCreight [:mccr8]]

Attachment: Bug 1439770, part 1 - Fix integer overflow in InterfaceDescriptorAddTypes.

num_additional_types is a uint8_t, so its max value is 255. 1 + 255 is
not greater than 256, so the check will pass, but then
num_additional_types += 1 will overflow in the next line.

What I think happened is that bug 1249174 part 6 introduced a bounds
check on an index (which is ok), but then part 8 repurposed this as a
bounds check on the length.

I noticed this because while writing the next patch I ended up with
  if (id->num_additional_types > 255)
and then the compiler warned that the check would never fail.

Review commit: https://reviewboard.mozilla.org/r/221810/diff/#index_header
See other reviews: https://reviewboard.mozilla.org/r/221810/

Comment 2

[Andrew McCreight [:mccr8]]

Attachment: Bug 1439770, part 2 - Inline constant argument to InterfaceDescriptorAddTypes.

Review commit: https://reviewboard.mozilla.org/r/221812/diff/#index_header
See other reviews: https://reviewboard.mozilla.org/r/221812/

Comment 3

[Andrew McCreight [:mccr8]]

Here's the commit message for part 1:

num_additional_types is a uint8_t, so its max value is 255. 1 + 255 is
not greater than 256, so the check will pass, but then
num_additional_types += 1 will overflow in the next line.

What I think happened is that bug 1249174 part 6 introduced a bounds
check on an index (which is ok), but then part 8 repurposed this as a
bounds check on the length.

I noticed this because while writing the next patch I ended up with
  if (id->num_additional_types > 255)
and then the compiler warned that the check would never fail.

Comment 4

[Nicholas Nethercote [inactive]]

Comment on attachment 8952564 [details]
Bug 1439770, part 1 - Fix integer overflow in InterfaceDescriptorAddTypes.

https://reviewboard.mozilla.org/r/221810/#review227706

Comment 5

[Nicholas Nethercote [inactive]]

Comment on attachment 8952565 [details]
Bug 1439770, part 2 - Inline constant argument to InterfaceDescriptorAddTypes.

https://reviewboard.mozilla.org/r/221812/#review227708

Comment 6

[Pulsebot]

Pushed by amccreight@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/486abdc9fc6a
part 1 - Fix integer overflow in InterfaceDescriptorAddTypes. r=njn
https://hg.mozilla.org/integration/autoland/rev/51341e7c00c5
part 2 - Inline constant argument to InterfaceDescriptorAddTypes. r=njn

Comment 7

[Raul Gurzau (:RaulG)]

https://hg.mozilla.org/mozilla-central/rev/486abdc9fc6a
https://hg.mozilla.org/mozilla-central/rev/51341e7c00c5