Closed Bug 620961 Opened 13 years ago Closed 13 years ago

FoldXMLConstants should initialize str

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: timeless, Assigned: timeless)

References

(Blocks 1 open bug)

Details

(Keywords: coverity, Whiteboard: [sg:critical?][fixed-in-tracemonkey])

Attachments

(1 file)

patch
555 bytes, patch
brendan
: review+
sayrer
: approval2.0+
Details | Diff | Splinter Review 
8923 FoldXMLConstants(JSContext *cx, JSParseNode *pn, JSTreeContext *tc)
8924 {
round 1.
8927     JSString *accum, *str;
8934     accum = NULL;
8949     for (pn2 = pn1, i = j = 0; pn2; pn2 = pn2->pn_next, i++) {
8952         switch (pn2->pn_type) {
8953           case TOK_XMLATTR:
round 1, let !accum
8954             if (!accum)
round 1, goto cantfold
8955                 goto cantfold;

8985           cantfold:
8986           default:
9012             pnp = &pn2->pn_next;
9013             pn1 = *pnp;
round 1, accum = 0
9014             accum = NULL;
9015             continue;
9016         }
round 1, accum = 0
round 2, accum = unintialized, let uninitialized be true
9018         if (accum) {
9019             {
round 2, auto string root unintialized
9020                 AutoStringRooter tvr(cx, accum);
9021                 str = ((tt == TOK_XMLSTAGO || tt == TOK_XMLPTAGC) && i != 0)
round 2, pass uninitialized accum to one of these:
9022                       ? js_AddAttributePart(cx, i & 1, accum, str)
9023                       : js_ConcatStrings(cx, accum, str);
9024             }

9033         }
round 1, str = uninitialized
round 1, assign uninitialized to accum
9034         accum = str;
9035     }
Attached patch patchSplinter Review 
Assignee: general → timeless
Status: NEW → ASSIGNED

        Attachment #499409 -
        Flags: review?(brendan)

        Attachment #499409 -
        Flags: approval2.0?

        Attachment #499409 -
        Flags: review?(brendan) → review+

    
  

        Attachment #499409 -
        Flags: approval2.0? → approval2.0+
Whiteboard: [sg:critical?]

    
    

    
  
http://hg.mozilla.org/tracemonkey/rev/2d3cbd00376d
Status: ASSIGNED → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
Whiteboard: [sg:critical?] → [sg:critical?][fixed-in-tracemonkey]
Group: core-security

          You need to log in
          before you can comment on or make changes to this bug.