Closed Bug 620961 Opened 15 years ago Closed 15 years ago

FoldXMLConstants should initialize str

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: timeless, Assigned: timeless)

References

(Blocks 1 open bug)

Details

(Keywords: coverity, Whiteboard: [sg:critical?][fixed-in-tracemonkey])

Attachments

(1 file)

patch
555 bytes, patch
brendan
: review+
sayrer
: approval2.0+
Details | Diff | Splinter Review
8923 FoldXMLConstants(JSContext *cx, JSParseNode *pn, JSTreeContext *tc) 8924 { round 1. 8927 JSString *accum, *str; 8934 accum = NULL; 8949 for (pn2 = pn1, i = j = 0; pn2; pn2 = pn2->pn_next, i++) { 8952 switch (pn2->pn_type) { 8953 case TOK_XMLATTR: round 1, let !accum 8954 if (!accum) round 1, goto cantfold 8955 goto cantfold; 8985 cantfold: 8986 default: 9012 pnp = &pn2->pn_next; 9013 pn1 = *pnp; round 1, accum = 0 9014 accum = NULL; 9015 continue; 9016 } round 1, accum = 0 round 2, accum = unintialized, let uninitialized be true 9018 if (accum) { 9019 { round 2, auto string root unintialized 9020 AutoStringRooter tvr(cx, accum); 9021 str = ((tt == TOK_XMLSTAGO || tt == TOK_XMLPTAGC) && i != 0) round 2, pass uninitialized accum to one of these: 9022 ? js_AddAttributePart(cx, i & 1, accum, str) 9023 : js_ConcatStrings(cx, accum, str); 9024 } 9033 } round 1, str = uninitialized round 1, assign uninitialized to accum 9034 accum = str; 9035 }
Attached patch patchSplinter Review
Assignee: general → timeless
Status: NEW → ASSIGNED
Attachment #499409 - Flags: review?(brendan)
Attachment #499409 - Flags: approval2.0?
Attachment #499409 - Flags: review?(brendan) → review+
Attachment #499409 - Flags: approval2.0? → approval2.0+
Whiteboard: [sg:critical?]
http://hg.mozilla.org/tracemonkey/rev/2d3cbd00376d
Status: ASSIGNED → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
Whiteboard: [sg:critical?] → [sg:critical?][fixed-in-tracemonkey]
Group: core-security
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: