Closed
Bug 499897
Opened 15 years ago
Closed 15 years ago
reverse INULL in js_ComputeFilename
Categories
(Core :: JavaScript Engine, defect)
Core
JavaScript Engine
Tracking
()
RESOLVED
FIXED
People
(Reporter: timeless, Assigned: jorendorff)
References
(Blocks 1 open bug)
Details
(Keywords: coverity, crash, Whiteboard: fixed-in-tracemonkey)
Attachments
(1 file)
|
1.11 KB,
patch
|
Waldo
:
review+
|
Details | Diff | Splinter Review |
hi jorendorff, please be careful, you introduced a coverity error :(
old code:
1196 if (caller->regs && *caller->regs->pc == JSOP_EVAL) {
1197 JS_ASSERT(caller->regs->pc[JSOP_EVAL_LENGTH] == JSOP_LINENO);
1198 *linenop = GET_UINT16(caller->regs->pc + JSOP_EVAL_LENGTH);
note that caller->regs guards caller->regs->pc
new code:
1205 jsbytecode *pc = caller->regs->pc;
1206 if (caller->regs && js_GetOpcode(cx, caller->script, pc) == JSOP_EVAL) { 1207 JS_ASSERT(js_GetOpcode(cx, caller->script, pc + JSOP_EVAL_LENGTH) == JSOP_LINENO);
1208 *linenop = GET_UINT16(pc + JSOP_EVAL_LENGTH);
note that pc is dereferenced before the null check. this is unfortunate
|
Assignee | |
Comment 1•15 years ago
|
||
Bluh. Thanks for the bug report. I shall strive to be more careful in future.
Attachment #385260 -
Flags: review?(jwalden+bmo)
|
||
Updated•15 years ago
|
Attachment #385260 -
Flags: review?(jwalden+bmo) → review+
|
|
Assignee | |
Comment 2•15 years ago
|
||
http://hg.mozilla.org/tracemonkey/rev/854847bdf065
Status: NEW → ASSIGNED
Whiteboard: fixed-in-tracemonkey
|
||
Comment 3•15 years ago
|
||
http://hg.mozilla.org/mozilla-central/rev/854847bdf065
Status: ASSIGNED → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
|
||
Updated•6 years ago
|
Blocks: coverity-analysis
You need to log in
before you can comment on or make changes to this bug.
Description
•