Closed
Bug 912594
Opened 11 years ago
Closed 2 months ago
unchecked malloc call in js/src/dtoa.c
Categories
(Core :: JavaScript Engine, defect)
Core
JavaScript Engine
Tracking
()
RESOLVED
WORKSFORME
People
(Reporter: sunfish, Unassigned)
Details
Following up on Bug 910814, js_strtod_harder's JS_DTOA_ENOMEM error code is also never used. In fact, the err argument is just always set to zero. dtoa.c used to have malloc checking code, and JS_DTOA_ENOMEM used to be hooked up to it, but it was removed in 222c29336422. The result is that the malloc calls within Balloc in dtoa.c are not checked. However, they are immediately dereferenced, so it appears unlikely that a failed malloc would do anything but crash with a null page dereference.
Assignee | ||
Updated•10 years ago
|
Assignee: general → nobody
Updated•2 years ago
|
Severity: normal → S3
Comment 1•2 months ago
|
||
This is handled here: https://searchfox.org/mozilla-central/source/js/src/util/DoubleToString.cpp#43-51
Status: NEW → RESOLVED
Closed: 2 months ago
Resolution: --- → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•