Last Comment Bug 465270 - uninitialised value in devutil.c::create_object()
: uninitialised value in devutil.c::create_object()
Status: RESOLVED FIXED
:
Product: NSS
Classification: Components
Component: Libraries (show other bugs)
: trunk
: All All
: P3 trivial (vote)
: 3.12.3
Assigned To: Constantine A. Murenin
:
Mentors:
Depends on:
Blocks: 353909 444974
  Show dependency treegraph
 
Reported: 2008-11-16 22:22 PST by Constantine A. Murenin
Modified: 2008-11-19 12:48 PST (History)
0 users
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---


Attachments
uninitialised value in arena in devutil.c::create_object() (807 bytes, patch)
2008-11-16 22:22 PST, Constantine A. Murenin
nelson: review+
Details | Diff | Splinter Review

Description Constantine A. Murenin 2008-11-16 22:22:21 PST
Created attachment 348515 [details] [diff] [review]
uninitialised value in arena in devutil.c::create_object()

In nss/lib/dev/devutil.c::create_object(), if the expression inside the first if-statement is true (e.g. the first goto in the function is executed), then we end up referencing a local variable 'arena' that was never initialised. This is a regression from bug #353909 (devutil.c#rev1.27, dated 2006-10-30).  It's also a regression from bug #444974 (devutil.c#rev1.32, dated 2008-09-29), because currently there's one more goto before 'arena' is initialised. :)

Found with LLVM/Clang Static Analyser.
Comment 1 Nelson Bolyard (seldom reads bugmail) 2008-11-16 22:47:09 PST
Comment on attachment 348515 [details] [diff] [review]
uninitialised value in arena in devutil.c::create_object()

We'll get this committed after the NSS trunk opens again.
Comment 2 Nelson Bolyard (seldom reads bugmail) 2008-11-19 12:48:08 PST
Checking in devutil.c; new revision: 1.33; previous revision: 1.32

Note You need to log in before you can comment on or make changes to this bug.