Closed
Bug 565612
Opened 14 years ago
Closed 14 years ago
unreachable branch in js_InflateUTF8StringToBuffer
Categories
(Core :: JavaScript Engine, defect)
Core
JavaScript Engine
Tracking
()
RESOLVED
FIXED
People
(Reporter: timeless, Assigned: timeless)
References
(Blocks 1 open bug, )
Details
(Keywords: coverity)
Attachments
(1 file)
|
632 bytes,
patch
|
jorendorff
:
review+
|
Details | Diff | Splinter Review |
3676 js_InflateUTF8StringToBuffer(JSContext *cx, const char *src, size_t srclen,
If dstLen is less than 2, it will enter this block:
3703 if (v > 0xFFFFF || dstlen < 2) {
3704 *dstlenp = (origDstlen - dstlen);
3705 if (cx) {
3706 char buffer[10];
3707 JS_snprintf(buffer, 10, "0x%x", v + 0x10000);
3708 JS_ReportErrorFlagsAndNumber(cx,
3709 JSREPORT_ERROR,
3710 js_GetErrorMessage, NULL,
3711 JSMSG_UTF8_CHAR_TOO_LARGE,
3712 buffer);
3713 }
and it will exit here:
3714 return JS_FALSE;
3715 }
dstLen can not be less than 2 here:
3716 if (dstlen < 2)
3717 goto bufferTooSmall;
|
||
Updated•14 years ago
|
Attachment #445085 -
Flags: review?(jorendorff) → review+
http://hg.mozilla.org/mozilla-central/rev/6a23ab36ed3b
Status: ASSIGNED → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
|
||
Updated•6 years ago
|
Blocks: coverity-analysis
You need to log in
before you can comment on or make changes to this bug.
Description
•