Closed Bug 603382 Opened 14 years ago Closed 14 years ago

FinishCreatingIterator leaks ida when JS_DefineFunction or JS_SetReservedSlot=0 fail

Categories

(Core :: XPConnect, defect)

Product:
Core
Component:
XPConnect
Type:
defect
Priority:
Not set
Severity:
minor

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: timeless, Assigned: timeless)

References

(Blocks 1 open bug)

Details

(Keywords: coverity, memory-leak)

Attachments

(1 file)

patch
1.08 KB, patch
Details | Diff | Splinter Review 
337 FinishCreatingIterator(JSContext *cx, JSObject *iterObj, JSBool keysonly)
338 {
339   JSIdArray *ida = JS_Enumerate(cx, iterObj);
340   if (!ida) {

345   if (!JS_DefineFunction(cx, iterObj, "next", IteratorNext, 0, 0)) {

ida is leaked here:
346     return nsnull;
347   }
348 
349   if (!JS_SetReservedSlot(cx, iterObj, 0, PRIVATE_TO_JSVAL(ida)) ||

ida is leaked when the first SetReservedSlot fails.

350       !JS_SetReservedSlot(cx, iterObj, 1, JSVAL_ZERO) ||
351       !JS_SetReservedSlot(cx, iterObj, 2, BOOLEAN_TO_JSVAL(keysonly))) {
352     return nsnull;
353   }

I'm not actually certain SetReservedSlot=0 can fail. If it can't fail, the code shouldn't tell the compiler that it can. (DefineFunction can definitely fail.)
Attached patch patchSplinter Review 
this is builds upon the changes for bug 560567
Assignee: nobody → timeless
Status: NEW → ASSIGNED
Attachment #482556 - Flags: review?(jorendorff)
This code was very recently deleted from tracemonkey tip.

From a bugzilla hygeine standpoint I have no idea what the Right resolution is here. Wheel of bug fortunes says: WORKSFORME.
Status: ASSIGNED → RESOLVED
Closed: 14 years ago
Resolution: --- → WORKSFORME
Attachment #482556 - Flags: review?(jorendorff)
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: