Closed Bug 1472681 Opened 2 years ago Closed 2 years ago

[Static Analysis] Possible null-dereference in js/src/vm/EnvironmentObject-inl.h

Categories

(Core :: JavaScript Engine, defect, P3)

defect

Tracking

()

RESOLVED FIXED
mozilla63
Tracking Status
firefox63 --- fixed

People

(Reporter: rbartlensky, Assigned: rbartlensky)

References

Details

Attachments

(1 file)

infer outputs the following error:

js/src/vm/EnvironmentObject-inl.h:20: error: NULL_DEREFERENCE
  pointer `env` last assigned on line 21 could be null and is dereferenced by call to `js::IsExtensibleLexicalEnvironment()` at line 20, column 13.
  18.   NearestEnclosingExtensibleLexicalEnvironment(JSObject* env)
  19.   {
  20. >     while (!IsExtensibleLexicalEnvironment(env))
  21.           env = env->enclosingEnvironment();
  22.       return env->as<LexicalEnvironmentObject>();

https://dxr.mozilla.org/mozilla-central/source/js/src/vm/EnvironmentObject-inl.h?q=js%2Fsrc%2Fvm%2FEnvironmentObject-inl.h%3A20&redirect_type=direct#20

I am not quite sure if this is a false positive, or an actual error.
Assignee: nobody → rbartlensky
Why don't we use an MOZ_ASSERT(env)? On release it will be removed so the cost is 0.
That's a good point. I will submit a patch for this in a moment.
Comment on attachment 8993286 [details]
Bug 1472681: Fix NULL_DEREFERENCE error in js/src/vm/EnvironmentObject-inl.h.

https://reviewboard.mozilla.org/r/258064/#review265732
Attachment #8993286 - Flags: review?(luke) → review+
Keywords: checkin-needed
Pushed by ccoroiu@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/06b69c1525d0
Fix NULL_DEREFERENCE error in js/src/vm/EnvironmentObject-inl.h. r=luke
Keywords: checkin-needed
https://hg.mozilla.org/mozilla-central/rev/06b69c1525d0
Status: NEW → RESOLVED
Closed: 2 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla63
You need to log in before you can comment on or make changes to this bug.