unchecked malloc call in js/src/dtoa.c

RESOLVED INACTIVE

Status

()

Core
JavaScript Engine
RESOLVED INACTIVE
5 years ago
3 days ago

People

(Reporter: sunfish, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

5 years ago
Following up on Bug 910814, js_strtod_harder's JS_DTOA_ENOMEM error code is also never used. In fact, the err argument is just always set to zero.

dtoa.c used to have malloc checking code, and JS_DTOA_ENOMEM used to be hooked up to it, but it was removed in 222c29336422. The result is that the malloc calls within Balloc in dtoa.c are not checked. However, they are immediately dereferenced, so it appears unlikely that a failed malloc would do anything but crash with a null page dereference.
(Assignee)

Updated

4 years ago
Assignee: general → nobody

Comment 1

3 days ago
Per policy at https://wiki.mozilla.org/Bug_Triage/Projects/Bug_Handling/Bug_Husbandry#Inactive_Bugs. If this bug is not an enhancement request or a bug not present in a supported release of Firefox, then it may be reopened.
Status: NEW → RESOLVED
Last Resolved: 3 days ago
Resolution: --- → INACTIVE
You need to log in before you can comment on or make changes to this bug.