obj_toSource guard of IS_SHARP instead of !ida confuses coverity

RESOLVED FIXED in mozilla6

Status

()

Core
JavaScript Engine
--
enhancement
RESOLVED FIXED
7 years ago
6 years ago

People

(Reporter: timeless, Assigned: timeless)

Tracking

({coverity})

Trunk
mozilla6
x86
Windows 7
coverity
Points:
---
Bug Flags:
in-testsuite -

Firefox Tracking Flags

(Not tracked)

Details

(URL)

Attachments

(1 attachment)

(Assignee)

Description

7 years ago
473 obj_toSource(JSContext *cx, uintN argc, Value *vp)
478     JSIdArray *ida;
498     if (!obj || !(he = js_EnterSharpObject(cx, obj, &ida, &chars))) {
500         goto out;

there's a condition here, but coverity can't reason it:
502     if (IS_SHARP(he)) {

here we assert that !ida is roughly equivalent to IS_SHARP(he):
508         JS_ASSERT(!ida);
517         goto make_string;
518     }

here we assert that ida is roughly equivalent to !IS_SHARP(he):
519     JS_ASSERT(ida);

if the guard on line 502 is ida (and ida is initialized on 478) then coverity (and friends) should be able to reason that ida isn't leaked in this function.
(Assignee)

Comment 1

7 years ago
Created attachment 498206 [details] [diff] [review]
proposal
Assignee: general → timeless
Status: NEW → ASSIGNED
Attachment #498206 - Flags: review?(jorendorff)
Comment on attachment 498206 [details] [diff] [review]
proposal

Review of attachment 498206 [details] [diff] [review]:

Sure, ok.
Attachment #498206 - Flags: review?(jorendorff) → review+
(Assignee)

Updated

6 years ago
Keywords: checkin-needed
http://hg.mozilla.org/projects/cedar/rev/284c22ed4b17
Keywords: checkin-needed
Whiteboard: [fixed-in-cedar]
Target Milestone: --- → mozilla6
http://hg.mozilla.org/mozilla-central/rev/284c22ed4b17
Status: ASSIGNED → RESOLVED
Last Resolved: 6 years ago
Flags: in-testsuite-
Resolution: --- → FIXED
Whiteboard: [fixed-in-cedar]
You need to log in before you can comment on or make changes to this bug.