Closed Bug 499897 Opened 11 years ago Closed 11 years ago

reverse INULL in js_ComputeFilename

Categories

(Core :: JavaScript Engine, defect, critical)

defect
Not set
critical

Tracking

()

RESOLVED FIXED

People

(Reporter: timeless, Assigned: jorendorff)

References

(Blocks 1 open bug)

Details

(Keywords: coverity, crash, Whiteboard: fixed-in-tracemonkey)

Attachments

(1 file)

hi jorendorff, please be careful, you introduced a coverity error :(

old code:
1196 if (caller->regs && *caller->regs->pc == JSOP_EVAL) {
1197   JS_ASSERT(caller->regs->pc[JSOP_EVAL_LENGTH] == JSOP_LINENO);
1198   *linenop = GET_UINT16(caller->regs->pc + JSOP_EVAL_LENGTH); 

note that caller->regs guards caller->regs->pc

new code:
1205 jsbytecode *pc = caller->regs->pc;
1206 if (caller->regs && js_GetOpcode(cx, caller->script, pc) == JSOP_EVAL) { 1207   JS_ASSERT(js_GetOpcode(cx, caller->script, pc + JSOP_EVAL_LENGTH) == JSOP_LINENO);
1208   *linenop = GET_UINT16(pc + JSOP_EVAL_LENGTH); 

note that pc is dereferenced before the null check. this is unfortunate
Attached patch v1Splinter Review
Bluh. Thanks for the bug report. I shall strive to be more careful in future.
Attachment #385260 - Flags: review?(jwalden+bmo)
Attachment #385260 - Flags: review?(jwalden+bmo) → review+
http://hg.mozilla.org/tracemonkey/rev/854847bdf065
Status: NEW → ASSIGNED
Whiteboard: fixed-in-tracemonkey
http://hg.mozilla.org/mozilla-central/rev/854847bdf065
Status: ASSIGNED → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Keywords: coverity
You need to log in before you can comment on or make changes to this bug.