Closed
Bug 565612
Opened 14 years ago
Closed 14 years ago
unreachable branch in js_InflateUTF8StringToBuffer
Categories
(Core :: JavaScript Engine, defect)
Core
JavaScript Engine
Tracking
()
RESOLVED
FIXED
People
(Reporter: timeless, Assigned: timeless)
References
(Blocks 1 open bug, )
Details
(Keywords: coverity)
Attachments
(1 file)
632 bytes,
patch
|
jorendorff
:
review+
|
Details | Diff | Splinter Review |
3676 js_InflateUTF8StringToBuffer(JSContext *cx, const char *src, size_t srclen, If dstLen is less than 2, it will enter this block: 3703 if (v > 0xFFFFF || dstlen < 2) { 3704 *dstlenp = (origDstlen - dstlen); 3705 if (cx) { 3706 char buffer[10]; 3707 JS_snprintf(buffer, 10, "0x%x", v + 0x10000); 3708 JS_ReportErrorFlagsAndNumber(cx, 3709 JSREPORT_ERROR, 3710 js_GetErrorMessage, NULL, 3711 JSMSG_UTF8_CHAR_TOO_LARGE, 3712 buffer); 3713 } and it will exit here: 3714 return JS_FALSE; 3715 } dstLen can not be less than 2 here: 3716 if (dstlen < 2) 3717 goto bufferTooSmall;
Updated•14 years ago
|
Attachment #445085 -
Flags: review?(jorendorff) → review+
http://hg.mozilla.org/mozilla-central/rev/6a23ab36ed3b
Status: ASSIGNED → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
Updated•6 years ago
|
Blocks: coverity-analysis
You need to log in
before you can comment on or make changes to this bug.
Description
•