Closed
Bug 560137
Opened 15 years ago
Closed 15 years ago
ImplicitConvert might pass null baseType to CType::TypesEqual
Categories
(Core :: js-ctypes, defect, P1)
Core
js-ctypes
Tracking
()
RESOLVED
FIXED
People
(Reporter: timeless, Assigned: dwitte)
References
(Blocks 1 open bug, )
Details
(Keywords: coverity, crash, Whiteboard: fixed-in-tracemonkey)
Attachments
(1 file)
|
949 bytes,
patch
|
dwitte
:
review+
|
Details | Diff | Splinter Review |
1616 ImplicitConvert(JSContext* cx,
1693 JSObject* baseType = PointerType::GetBaseType(cx, targetType);
1705 bool voidptrTarget = baseType &&
1708 if (sourceCode == TYPE_pointer && voidptrTarget) {
1713 if (sourceCode == TYPE_array) {
1717 if (voidptrTarget || CType::TypesEqual(cx, baseType, elementType)) {
|
Assignee | |
Updated•15 years ago
|
Assignee: nobody → dwitte
Status: NEW → ASSIGNED
Priority: -- → P1
Assignee: dwitte → timeless
Attachment #439859 -
Flags: review?(dwitte)
|
|
Assignee | |
Comment 2•15 years ago
|
||
Comment on attachment 439859 [details] [diff] [review]
patch
>- if (sourceData) {
>+ if (sourceData && baseType) {
The matching 'else if' clause also requires 'baseType' to be non-null, so you can just move the 'baseType' check to above this block thusly:
if (!baseType) {
JS_ReportError(cx, "cannot implicitly convert to opaque pointer type");
return false;
}
r=dwitte with that.
Attachment #439859 -
Flags: review?(dwitte) → review+
|
|
Assignee | |
Comment 3•15 years ago
|
||
This is fixed by the patch in bug 560002, which makes non-null baseType an invariant. Might as well wait for that to land so we don't stomp on each other.
|
|
Assignee | |
Comment 4•15 years ago
|
||
Fixed by bug 560002.
Status: ASSIGNED → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
Whiteboard: fixed-in-tracemonkey
|
||
Updated•7 years ago
|
Blocks: coverity-analysis
You need to log in
before you can comment on or make changes to this bug.
Description
•