Closed Bug 603382 Opened 9 years ago Closed 9 years ago

FinishCreatingIterator leaks ida when JS_DefineFunction or JS_SetReservedSlot=0 fail

Categories

(Core :: XPConnect, defect, minor)

defect
Not set
minor

Tracking

()

RESOLVED WORKSFORME

People

(Reporter: timeless, Assigned: timeless)

References

(Blocks 1 open bug)

Details

(Keywords: coverity, memory-leak)

Attachments

(1 file)

337 FinishCreatingIterator(JSContext *cx, JSObject *iterObj, JSBool keysonly)
338 {
339   JSIdArray *ida = JS_Enumerate(cx, iterObj);
340   if (!ida) {

345   if (!JS_DefineFunction(cx, iterObj, "next", IteratorNext, 0, 0)) {

ida is leaked here:
346     return nsnull;
347   }
348 
349   if (!JS_SetReservedSlot(cx, iterObj, 0, PRIVATE_TO_JSVAL(ida)) ||

ida is leaked when the first SetReservedSlot fails.

350       !JS_SetReservedSlot(cx, iterObj, 1, JSVAL_ZERO) ||
351       !JS_SetReservedSlot(cx, iterObj, 2, BOOLEAN_TO_JSVAL(keysonly))) {
352     return nsnull;
353   }

I'm not actually certain SetReservedSlot=0 can fail. If it can't fail, the code shouldn't tell the compiler that it can. (DefineFunction can definitely fail.)
Attached patch patchSplinter Review
this is builds upon the changes for bug 560567
Assignee: nobody → timeless
Status: NEW → ASSIGNED
Attachment #482556 - Flags: review?(jorendorff)
This code was very recently deleted from tracemonkey tip.

From a bugzilla hygeine standpoint I have no idea what the Right resolution is here. Wheel of bug fortunes says: WORKSFORME.
Status: ASSIGNED → RESOLVED
Closed: 9 years ago
Resolution: --- → WORKSFORME
Attachment #482556 - Flags: review?(jorendorff)
You need to log in before you can comment on or make changes to this bug.