Closed Bug 603382 Opened 14 years ago Closed 14 years ago

FinishCreatingIterator leaks ida when JS_DefineFunction or JS_SetReservedSlot=0 fail

Categories

(Core :: XPConnect, defect)

Product:
Core
Component:
XPConnect
Type:
defect
Priority:
Not set
Severity:
minor

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: timeless, Assigned: timeless)

References

(Blocks 1 open bug)

Details

(Keywords: coverity, memory-leak)

Attachments

(1 file)

patch
(deleted), patch
Details | Diff | Splinter Review 
337 FinishCreatingIterator(JSContext *cx, JSObject *iterObj, JSBool keysonly)
338 {
339   JSIdArray *ida = JS_Enumerate(cx, iterObj);
340   if (!ida) {

345   if (!JS_DefineFunction(cx, iterObj, "next", IteratorNext, 0, 0)) {

ida is leaked here:
346     return nsnull;
347   }
348 
349   if (!JS_SetReservedSlot(cx, iterObj, 0, PRIVATE_TO_JSVAL(ida)) ||

ida is leaked when the first SetReservedSlot fails.

350       !JS_SetReservedSlot(cx, iterObj, 1, JSVAL_ZERO) ||
351       !JS_SetReservedSlot(cx, iterObj, 2, BOOLEAN_TO_JSVAL(keysonly))) {
352     return nsnull;
353   }

I'm not actually certain SetReservedSlot=0 can fail. If it can't fail, the code shouldn't tell the compiler that it can. (DefineFunction can definitely fail.)
Attached patch patch (deleted) — Splinter Review 
this is builds upon the changes for bug 560567
Assignee: nobody → timeless
Status: NEW → ASSIGNED
Attachment #482556 - Flags: review?(jorendorff)
This code was very recently deleted from tracemonkey tip.

From a bugzilla hygeine standpoint I have no idea what the Right resolution is here. Wheel of bug fortunes says: WORKSFORME.
Status: ASSIGNED → RESOLVED
Closed: 14 years ago
Resolution: --- → WORKSFORME
Attachment #482556 - Flags: review?(jorendorff)
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: