Closed Bug 620961 Opened 9 years ago Closed 9 years ago

FoldXMLConstants should initialize str

Categories

(Core :: JavaScript Engine, defect)

defect
Not set

Tracking

()

RESOLVED FIXED

People

(Reporter: timeless, Assigned: timeless)

References

(Blocks 1 open bug)

Details

(Keywords: coverity, Whiteboard: [sg:critical?][fixed-in-tracemonkey])

Attachments

(1 file)

8923 FoldXMLConstants(JSContext *cx, JSParseNode *pn, JSTreeContext *tc)
8924 {
round 1.
8927     JSString *accum, *str;
8934     accum = NULL;
8949     for (pn2 = pn1, i = j = 0; pn2; pn2 = pn2->pn_next, i++) {
8952         switch (pn2->pn_type) {
8953           case TOK_XMLATTR:
round 1, let !accum
8954             if (!accum)
round 1, goto cantfold
8955                 goto cantfold;

8985           cantfold:
8986           default:
9012             pnp = &pn2->pn_next;
9013             pn1 = *pnp;
round 1, accum = 0
9014             accum = NULL;
9015             continue;
9016         }
round 1, accum = 0
round 2, accum = unintialized, let uninitialized be true
9018         if (accum) {
9019             {
round 2, auto string root unintialized
9020                 AutoStringRooter tvr(cx, accum);
9021                 str = ((tt == TOK_XMLSTAGO || tt == TOK_XMLPTAGC) && i != 0)
round 2, pass uninitialized accum to one of these:
9022                       ? js_AddAttributePart(cx, i & 1, accum, str)
9023                       : js_ConcatStrings(cx, accum, str);
9024             }

9033         }
round 1, str = uninitialized
round 1, assign uninitialized to accum
9034         accum = str;
9035     }
Attached patch patchSplinter Review
Assignee: general → timeless
Status: NEW → ASSIGNED
Attachment #499409 - Flags: review?(brendan)
Attachment #499409 - Flags: approval2.0?
Attachment #499409 - Flags: review?(brendan) → review+
Attachment #499409 - Flags: approval2.0? → approval2.0+
Whiteboard: [sg:critical?]
http://hg.mozilla.org/tracemonkey/rev/2d3cbd00376d
Status: ASSIGNED → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
Whiteboard: [sg:critical?] → [sg:critical?][fixed-in-tracemonkey]
Group: core-security
You need to log in before you can comment on or make changes to this bug.