Bug 202162

Summary: Address static analyzer warning in FTLLowerDFGToB3.cpp: Called C++ object pointer is null
Product: WebKit Reporter: Keith Rollin <krollin>
Component: JavaScriptCoreAssignee: Keith Rollin <krollin>
Status: RESOLVED LATER    
Severity: Normal CC: bfulgham, ews-watchlist, keith_miller, mark.lam, msaboff, saam, tzagallo, webkit-bug-importer, ysuzuki
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch none

Keith Rollin
Reported 2019-09-24 13:04:19 PDT
Xcode's static analyzer warns: .../OpenSource/Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp:12964:75: warning: Called C++ object pointer is null RELEASE_ASSERT((!littleEndianValue && !bigEndianValue) || type == littleEndianValue->type()); ^~~~~~~~~~~~~~~~~~~~~~~~~ In the two lines preceding the RELEASE_ASSERT, littleEndianValue is allocated and then used in a way that conveys to the static analyzer that the allocator could return NULL. The RELEASE_ASSERT above will check if both littleEndianValue and bigEndianValue are NULL, but not just one or the other. Therefore, the subsequent access of littleEndianValue could be executed if littleEndianValue is NULL and bigEndianValue is not NULL. Perhaps the nature of the code is such that both littleEndianValue and bigEndianValue are in sync -- that both are either NULL or not NULL -- but, if so, that's not apparent to the static analyzer. Address this by adding an explicit littleEndianValue check before its use in the RELEASE_ASSERT.
Attachments
Patch (2.92 KB, patch)
2019-09-24 13:05 PDT, Keith Rollin 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2019-09-24 13:04:37 PDT
<rdar://problem/55674000>
Keith Rollin
Comment 2 2019-09-24 13:05:51 PDT
Created attachment 379476 [details] Patch
Yusuke Suzuki
Comment 3 2019-09-24 13:21:05 PDT
Comment on attachment 379476 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=379476&action=review > Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp:12972 > + RELEASE_ASSERT((!littleEndianValue && !bigEndianValue) || (littleEndianValue && type == littleEndianValue->type())); Can you get a type of littleEndianValue like for bigEndianValue? Like, `bigEndianValue ? bigEndianValue->type() : Void`
Keith Rollin
Comment 4 2019-09-25 19:25:47 PDT
I don't know if that question is for me. If so, I don't understand it. I'm just trying to protect against littleEndianValue being NULL.
Alexey Proskuryakov
Comment 5 2025-01-29 13:18:44 PST
Closing this 5+ years later, as it's an abandoned patch.
Note You need to log in before you can comment on or make changes to this bug.