Closed Bug 560137 Opened 15 years ago Closed 15 years ago

ImplicitConvert might pass null baseType to CType::TypesEqual

Categories

(Core :: js-ctypes, defect, P1)

defect

Tracking

()

RESOLVED FIXED

People

(Reporter: timeless, Assigned: dwitte)

References

(Blocks 1 open bug, )

Details

(Keywords: coverity, crash, Whiteboard: fixed-in-tracemonkey)

Attachments

(1 file)

1616 ImplicitConvert(JSContext* cx, 1693 JSObject* baseType = PointerType::GetBaseType(cx, targetType); 1705 bool voidptrTarget = baseType && 1708 if (sourceCode == TYPE_pointer && voidptrTarget) { 1713 if (sourceCode == TYPE_array) { 1717 if (voidptrTarget || CType::TypesEqual(cx, baseType, elementType)) {
Assignee: nobody → dwitte
Status: NEW → ASSIGNED
Priority: -- → P1
Attached patch patchSplinter Review
Assignee: dwitte → timeless
Attachment #439859 - Flags: review?(dwitte)
Comment on attachment 439859 [details] [diff] [review] patch >- if (sourceData) { >+ if (sourceData && baseType) { The matching 'else if' clause also requires 'baseType' to be non-null, so you can just move the 'baseType' check to above this block thusly: if (!baseType) { JS_ReportError(cx, "cannot implicitly convert to opaque pointer type"); return false; } r=dwitte with that.
Attachment #439859 - Flags: review?(dwitte) → review+
This is fixed by the patch in bug 560002, which makes non-null baseType an invariant. Might as well wait for that to land so we don't stomp on each other.
Depends on: 560002
Fixed by bug 560002.
Status: ASSIGNED → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
Whiteboard: fixed-in-tracemonkey
Assignee: timeless → dwitte
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: