Closed Bug 603382 Opened 15 years ago Closed 15 years ago

FinishCreatingIterator leaks ida when JS_DefineFunction or JS_SetReservedSlot=0 fail

Categories

(Core :: XPConnect, defect)

Product:
Core
Component:
XPConnect
Type:
defect
Priority:
Not set
Severity:
minor

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: timeless, Assigned: timeless)

References

(Blocks 1 open bug)

Details

(Keywords: coverity, memory-leak)

Attachments

(1 file)

patch
1.08 KB, patch
Details | Diff | Splinter Review
337 FinishCreatingIterator(JSContext *cx, JSObject *iterObj, JSBool keysonly) 338 { 339 JSIdArray *ida = JS_Enumerate(cx, iterObj); 340 if (!ida) { 345 if (!JS_DefineFunction(cx, iterObj, "next", IteratorNext, 0, 0)) { ida is leaked here: 346 return nsnull; 347 } 348 349 if (!JS_SetReservedSlot(cx, iterObj, 0, PRIVATE_TO_JSVAL(ida)) || ida is leaked when the first SetReservedSlot fails. 350 !JS_SetReservedSlot(cx, iterObj, 1, JSVAL_ZERO) || 351 !JS_SetReservedSlot(cx, iterObj, 2, BOOLEAN_TO_JSVAL(keysonly))) { 352 return nsnull; 353 } I'm not actually certain SetReservedSlot=0 can fail. If it can't fail, the code shouldn't tell the compiler that it can. (DefineFunction can definitely fail.)
Attached patch patchSplinter Review
this is builds upon the changes for bug 560567
Assignee: nobody → timeless
Status: NEW → ASSIGNED
Attachment #482556 - Flags: review?(jorendorff)
This code was very recently deleted from tracemonkey tip. From a bugzilla hygeine standpoint I have no idea what the Right resolution is here. Wheel of bug fortunes says: WORKSFORME.
Status: ASSIGNED → RESOLVED
Closed: 15 years ago
Resolution: --- → WORKSFORME
Attachment #482556 - Flags: review?(jorendorff)
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: