Bug 234964
| Summary: | B3::(anonymous namespace)::LowerToAir uses lambda pattern that falls through ASSERT_NOT_REACHED() | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | David Kilzer (:ddkilzer) <ddkilzer> |
| Component: | JavaScriptCore | Assignee: | Nobody <webkit-unassigned> |
| Status: | NEW | ||
| Severity: | Normal | CC: | webkit-bug-importer |
| Priority: | P2 | Keywords: | InRadar |
| Version: | WebKit Nightly Build | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Bug Depends on: | 234932 | ||
| Bug Blocks: | |||
David Kilzer (:ddkilzer)
Class B3::(anonymous namespace)::LowerToAir uses lambda pattern that falls through ASSERT_NOT_REACHED().
These fall-throughs should either use RELEASE_ASSERT_NOT_REACHED(), or add a `return Inst();` statement after ASSERT_NOT_REACHED().
Presumably the switch statement will never fall through unless there is memory corruption, so a RELEASE_ASSERT_NOT_REACHED() would catch such corruption much earlier.
For example:
[this] (
Width width, const Arg& relCond,
ArgPromise& left, ArgPromise& right) -> Inst {
switch (width) {
case Width8:
case Width16:
return Inst();
case Width32:
if (isValidForm(Compare32, Arg::RelCond, left.kind(), right.kind(), Arg::Tmp)) {
return left.inst(right.inst(
Compare32, m_value, relCond,
left.consume(*this), right.consume(*this), tmp(m_value)));
}
return Inst();
case Width64:
if (isValidForm(Compare64, Arg::RelCond, left.kind(), right.kind(), Arg::Tmp)) {
return left.inst(right.inst(
Compare64, m_value, relCond,
left.consume(*this), right.consume(*this), tmp(m_value)));
}
return Inst();
}
ASSERT_NOT_REACHED();
},
See Source/JavaScriptCore/b3/B3LowerToAir.cpp.
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Radar WebKit Bug Importer
<rdar://problem/87259779>
David Kilzer (:ddkilzer)
There are six places where this pattern is used:
ERROR: Source/JavaScriptCore/b3/B3LowerToAir.cpp:1859: ASSERT_NOT_REACHED() statement fallthrough may result in unexpected code execution. [security/assertion_fallthrough] [4]
ERROR: Source/JavaScriptCore/b3/B3LowerToAir.cpp:1889: ASSERT_NOT_REACHED() statement fallthrough may result in unexpected code execution. [security/assertion_fallthrough] [4]
ERROR: Source/JavaScriptCore/b3/B3LowerToAir.cpp:1937: ASSERT_NOT_REACHED() statement fallthrough may result in unexpected code execution. [security/assertion_fallthrough] [4]
ERROR: Source/JavaScriptCore/b3/B3LowerToAir.cpp:1961: ASSERT_NOT_REACHED() statement fallthrough may result in unexpected code execution. [security/assertion_fallthrough] [4]
ERROR: Source/JavaScriptCore/b3/B3LowerToAir.cpp:2028: ASSERT_NOT_REACHED() statement fallthrough may result in unexpected code execution. [security/assertion_fallthrough] [4]
ERROR: Source/JavaScriptCore/b3/B3LowerToAir.cpp:2043: ASSERT_NOT_REACHED() statement fallthrough may result in unexpected code execution. [security/assertion_fallthrough] [4]