Closed Bug 550979 Opened 14 years ago Closed 9 years ago

js_FinishJSONParse calls PopState twice without checking its result

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
minor

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: timeless, Assigned: sayrer)

References

(Blocks 1 open bug,
URL
)

Details

(Keywords: coverity) 

697 js_FinishJSONParse(JSContext *cx, JSONParser *jp, jsval reviver)

706     if ((jp->statep - jp->stateStack) == 1) {
707         if (*jp->statep == JSON_PARSE_STATE_KEYWORD) {
708             early_ok = HandleData(cx, jp, JSON_DATA_KEYWORD);
709             if (early_ok)
710                 PopState(cx, jp);
711         } else if (*jp->statep == JSON_PARSE_STATE_NUMBER) {
712             early_ok = HandleData(cx, jp, JSON_DATA_NUMBER);
713             if (early_ok)
714                 PopState(cx, jp);

sayrer notes that this code could be folded (e.g., passing statep to HandleData).
The JSON parser rewrite makes js_FinishJSONParse almost vestigial (and not at all used in JSON.parse), and I have patches in progress which remove it entirely.
js_FinishJSONParse was removed in http://hg.mozilla.org/mozilla-central/rev/5113ddba6f60
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.