Last Comment Bug 619777 - obj_toSource guard of IS_SHARP instead of !ida confuses coverity
: obj_toSource guard of IS_SHARP instead of !ida confuses coverity
Status: RESOLVED FIXED
: coverity
Product: Core
Classification: Components
Component: JavaScript Engine (show other bugs)
: Trunk
: x86 Windows 7
: -- enhancement (vote)
: mozilla6
Assigned To: timeless
:
Mentors:
http://mxr.mozilla.org/mozilla-centra...
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2010-12-16 13:24 PST by timeless
Modified: 2011-05-04 13:54 PDT (History)
1 user (show)
bzbarsky: in‑testsuite-
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---


Attachments
proposal (980 bytes, patch)
2010-12-16 13:31 PST, timeless
jorendorff: review+
Details | Diff | Review

Description timeless 2010-12-16 13:24:10 PST
473 obj_toSource(JSContext *cx, uintN argc, Value *vp)
478     JSIdArray *ida;
498     if (!obj || !(he = js_EnterSharpObject(cx, obj, &ida, &chars))) {
500         goto out;

there's a condition here, but coverity can't reason it:
502     if (IS_SHARP(he)) {

here we assert that !ida is roughly equivalent to IS_SHARP(he):
508         JS_ASSERT(!ida);
517         goto make_string;
518     }

here we assert that ida is roughly equivalent to !IS_SHARP(he):
519     JS_ASSERT(ida);

if the guard on line 502 is ida (and ida is initialized on 478) then coverity (and friends) should be able to reason that ida isn't leaked in this function.
Comment 1 timeless 2010-12-16 13:31:41 PST
Created attachment 498206 [details] [diff] [review]
proposal
Comment 2 Jason Orendorff [:jorendorff] 2011-04-25 10:41:19 PDT
Comment on attachment 498206 [details] [diff] [review]
proposal

Review of attachment 498206 [details] [diff] [review]:

Sure, ok.
Comment 3 Boris Zbarsky [:bz] 2011-05-03 12:27:45 PDT
http://hg.mozilla.org/projects/cedar/rev/284c22ed4b17
Comment 4 Boris Zbarsky [:bz] 2011-05-04 13:54:58 PDT
http://hg.mozilla.org/mozilla-central/rev/284c22ed4b17

Note You need to log in before you can comment on or make changes to this bug.