[Static Analysis] Possible null-dereference in js/src/vm/EnvironmentObject-inl.h

RESOLVED FIXED in Firefox 63

Status

()

defect
P3
normal
RESOLVED FIXED
Last year
Last year

People

(Reporter: rbartlensky, Assigned: rbartlensky)

Tracking

unspecified
mozilla63
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(firefox63 fixed)

Details

Attachments

(1 attachment)

infer outputs the following error:

js/src/vm/EnvironmentObject-inl.h:20: error: NULL_DEREFERENCE
  pointer `env` last assigned on line 21 could be null and is dereferenced by call to `js::IsExtensibleLexicalEnvironment()` at line 20, column 13.
  18.   NearestEnclosingExtensibleLexicalEnvironment(JSObject* env)
  19.   {
  20. >     while (!IsExtensibleLexicalEnvironment(env))
  21.           env = env->enclosingEnvironment();
  22.       return env->as<LexicalEnvironmentObject>();

https://dxr.mozilla.org/mozilla-central/source/js/src/vm/EnvironmentObject-inl.h?q=js%2Fsrc%2Fvm%2FEnvironmentObject-inl.h%3A20&redirect_type=direct#20

I am not quite sure if this is a false positive, or an actual error.
Assignee: nobody → rbartlensky
Why don't we use an MOZ_ASSERT(env)? On release it will be removed so the cost is 0.
That's a good point. I will submit a patch for this in a moment.
Comment on attachment 8993286 [details]
Bug 1472681: Fix NULL_DEREFERENCE error in js/src/vm/EnvironmentObject-inl.h.

https://reviewboard.mozilla.org/r/258064/#review265732
Attachment #8993286 - Flags: review?(luke) → review+
Pushed by ccoroiu@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/06b69c1525d0
Fix NULL_DEREFERENCE error in js/src/vm/EnvironmentObject-inl.h. r=luke
Keywords: checkin-needed
https://hg.mozilla.org/mozilla-central/rev/06b69c1525d0
Status: NEW → RESOLVED
Closed: Last year
Resolution: --- → FIXED
Target Milestone: --- → mozilla63
You need to log in before you can comment on or make changes to this bug.