Closed Bug 565612 Opened 10 years ago Closed 10 years ago

unreachable branch in js_InflateUTF8StringToBuffer

Categories

(Core :: JavaScript Engine, defect, trivial)

defect
Not set
trivial

Tracking

()

RESOLVED FIXED

People

(Reporter: timeless, Assigned: timeless)

References

(Blocks 1 open bug, )

Details

(Keywords: coverity)

Attachments

(1 file)

632 bytes, patch
jorendorff
: review+
Details | Diff | Splinter Review
3676 js_InflateUTF8StringToBuffer(JSContext *cx, const char *src, size_t srclen,

If dstLen is less than 2, it will enter this block:
3703                 if (v > 0xFFFFF || dstlen < 2) {
3704                     *dstlenp = (origDstlen - dstlen);
3705                     if (cx) {
3706                         char buffer[10];
3707                         JS_snprintf(buffer, 10, "0x%x", v + 0x10000);
3708                         JS_ReportErrorFlagsAndNumber(cx,
3709                                                      JSREPORT_ERROR,
3710                                                      js_GetErrorMessage, NULL,
3711                                                      JSMSG_UTF8_CHAR_TOO_LARGE,
3712                                                      buffer);
3713                     }
and it will exit here:
3714                     return JS_FALSE;
3715                 }

dstLen can not be less than 2 here:
3716                 if (dstlen < 2)
3717                     goto bufferTooSmall;
Attached patch patchSplinter Review
Assignee: general → timeless
Status: NEW → ASSIGNED
Attachment #445085 - Flags: review?(jorendorff)
Attachment #445085 - Flags: review?(jorendorff) → review+
http://hg.mozilla.org/mozilla-central/rev/6a23ab36ed3b
Status: ASSIGNED → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.