Last Comment Bug 619777 - obj_toSource guard of IS_SHARP instead of !ida confuses coverity
: obj_toSource guard of IS_SHARP instead of !ida confuses coverity
: coverity
Product: Core
Classification: Components
Component: JavaScript Engine (show other bugs)
: Trunk
: x86 Windows 7
-- enhancement (vote)
: mozilla6
Assigned To: timeless
: Jason Orendorff [:jorendorff]
Depends on:
  Show dependency treegraph
Reported: 2010-12-16 13:24 PST by timeless
Modified: 2011-05-04 13:54 PDT (History)
1 user (show)
bzbarsky: in‑testsuite-
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---

proposal (980 bytes, patch)
2010-12-16 13:31 PST, timeless
jorendorff: review+
Details | Diff | Splinter Review

Description User image timeless 2010-12-16 13:24:10 PST
473 obj_toSource(JSContext *cx, uintN argc, Value *vp)
478     JSIdArray *ida;
498     if (!obj || !(he = js_EnterSharpObject(cx, obj, &ida, &chars))) {
500         goto out;

there's a condition here, but coverity can't reason it:
502     if (IS_SHARP(he)) {

here we assert that !ida is roughly equivalent to IS_SHARP(he):
508         JS_ASSERT(!ida);
517         goto make_string;
518     }

here we assert that ida is roughly equivalent to !IS_SHARP(he):
519     JS_ASSERT(ida);

if the guard on line 502 is ida (and ida is initialized on 478) then coverity (and friends) should be able to reason that ida isn't leaked in this function.
Comment 1 User image timeless 2010-12-16 13:31:41 PST
Created attachment 498206 [details] [diff] [review]
Comment 2 User image Jason Orendorff [:jorendorff] 2011-04-25 10:41:19 PDT
Comment on attachment 498206 [details] [diff] [review]

Review of attachment 498206 [details] [diff] [review]:

Sure, ok.
Comment 3 User image Boris Zbarsky [:bz] (still a bit busy) 2011-05-03 12:27:45 PDT
Comment 4 User image Boris Zbarsky [:bz] (still a bit busy) 2011-05-04 13:54:58 PDT

Note You need to log in before you can comment on or make changes to this bug.