1472681 - [Static Analysis] Possible null-dereference in js/src/vm/EnvironmentObject-inl.h

Status: RESOLVED FIXED

(Core :: JavaScript Engine, defect, P3)

Description

[Robert Bartlensky [:rbartlensky]]

infer outputs the following error:

js/src/vm/EnvironmentObject-inl.h:20: error: NULL_DEREFERENCE
  pointer `env` last assigned on line 21 could be null and is dereferenced by call to `js::IsExtensibleLexicalEnvironment()` at line 20, column 13.
  18.   NearestEnclosingExtensibleLexicalEnvironment(JSObject* env)
  19.   {
  20. >     while (!IsExtensibleLexicalEnvironment(env))
  21.           env = env->enclosingEnvironment();
  22.       return env->as<LexicalEnvironmentObject>();

https://dxr.mozilla.org/mozilla-central/source/js/src/vm/EnvironmentObject-inl.h?q=js%2Fsrc%2Fvm%2FEnvironmentObject-inl.h%3A20&redirect_type=direct#20

I am not quite sure if this is a false positive, or an actual error.

Comment 1

[Andi [:andi]]

Why don't we use an MOZ_ASSERT(env)? On release it will be removed so the cost is 0.

Comment 2

[Robert Bartlensky [:rbartlensky]]

That's a good point. I will submit a patch for this in a moment.

Comment 3

[Robert Bartlensky [:rbartlensky]]

Attachment: Bug 1472681: Fix NULL_DEREFERENCE error in js/src/vm/EnvironmentObject-inl.h.

Review commit: https://reviewboard.mozilla.org/r/258064/diff/#index_header
See other reviews: https://reviewboard.mozilla.org/r/258064/

Comment 4

[Luke Wagner [:luke]]

Comment on attachment 8993286 [details]
Bug 1472681: Fix NULL_DEREFERENCE error in js/src/vm/EnvironmentObject-inl.h.

https://reviewboard.mozilla.org/r/258064/#review265732

Comment 5

[Pulsebot]

Pushed by ccoroiu@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/06b69c1525d0
Fix NULL_DEREFERENCE error in js/src/vm/EnvironmentObject-inl.h. r=luke

Comment 6

[Raul Gurzau (:RaulG)]

https://hg.mozilla.org/mozilla-central/rev/06b69c1525d0