Closed Bug 565612 Opened 15 years ago Closed 15 years ago

unreachable branch in js_InflateUTF8StringToBuffer

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Type:
defect
Priority:
Not set
Severity:
trivial

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: timeless, Assigned: timeless)

References

(Blocks 1 open bug,
URL
)

Details

(Keywords: coverity)

Attachments

(1 file)

patch
632 bytes, patch
jorendorff
: review+
Details | Diff | Splinter Review
3676 js_InflateUTF8StringToBuffer(JSContext *cx, const char *src, size_t srclen, If dstLen is less than 2, it will enter this block: 3703 if (v > 0xFFFFF || dstlen < 2) { 3704 *dstlenp = (origDstlen - dstlen); 3705 if (cx) { 3706 char buffer[10]; 3707 JS_snprintf(buffer, 10, "0x%x", v + 0x10000); 3708 JS_ReportErrorFlagsAndNumber(cx, 3709 JSREPORT_ERROR, 3710 js_GetErrorMessage, NULL, 3711 JSMSG_UTF8_CHAR_TOO_LARGE, 3712 buffer); 3713 } and it will exit here: 3714 return JS_FALSE; 3715 } dstLen can not be less than 2 here: 3716 if (dstlen < 2) 3717 goto bufferTooSmall;
Attached patch patchSplinter Review
Assignee: general → timeless
Status: NEW → ASSIGNED
Attachment #445085 - Flags: review?(jorendorff)
Attachment #445085 - Flags: review?(jorendorff) → review+
http://hg.mozilla.org/mozilla-central/rev/6a23ab36ed3b
Status: ASSIGNED → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: