Make the CAN_RUN_SCRIPT analysis treat dereferences of pointer-typed args of CAN_RUN_SCRIPT functions as live

RESOLVED FIXED in Firefox 67

Status

enhancement
RESOLVED FIXED
2 months ago
2 months ago

People

(Reporter: bzbarsky, Assigned: bzbarsky)

Tracking

Trunk
mozilla67

Firefox Tracking Flags

(firefox67 fixed)

Details

Attachments

(2 attachments)

Consider this case:

  MOZ_CAN_RUN_SCRIPT
  void foo(Arg& arg) {}

  MOZ_CAN_RUN_SCRIPT
  void bar(Arg* arg) {
    foo(*arg);
  }

ideally this would pass the analysis. Right now it doesn't, and my attempt to fix the analysis to allow it doesn't seem to work: the unaryDereferenceOperator() does match, but the hasUnaryOperand(declRefExpr()) bit does not (even if I take out the to(...) bits).

Flags: needinfo?(bpostelnicu)

I found the clang analysis docs. This all makes a lot more sense now. ;)

Assignee: nobody → bzbarsky
Flags: needinfo?(bpostelnicu)

Comment 3

2 months ago
Pushed by bzbarsky@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/f65aaa2a97bb
Fix the CAN_RUN_SCRIPT analysis to treat a deref of an arg as live if it would treat the arg as live.  r=andi

Comment 4

2 months ago
bugherder
Status: NEW → RESOLVED
Last Resolved: 2 months ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla67
You need to log in before you can comment on or make changes to this bug.