202162 – Address static analyzer warning in FTLLowerDFGToB3.cpp: Called C++ object pointer is null

RESOLVED LATER 202162

Address static analyzer warning in FTLLowerDFGToB3.cpp: Called C++ object pointer is null

https://bugs.webkit.org/show_bug.cgi?id=202162

Summary Address static analyzer warning in FTLLowerDFGToB3.cpp: Called C++ object poi...

Keith Rollin

Reported 2019-09-24 13:04:19 PDT

Xcode's static analyzer warns: .../OpenSource/Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp:12964:75: warning: Called C++ object pointer is null RELEASE_ASSERT((!littleEndianValue && !bigEndianValue) || type == littleEndianValue->type()); ^~~~~~~~~~~~~~~~~~~~~~~~~ In the two lines preceding the RELEASE_ASSERT, littleEndianValue is allocated and then used in a way that conveys to the static analyzer that the allocator could return NULL. The RELEASE_ASSERT above will check if both littleEndianValue and bigEndianValue are NULL, but not just one or the other. Therefore, the subsequent access of littleEndianValue could be executed if littleEndianValue is NULL and bigEndianValue is not NULL. Perhaps the nature of the code is such that both littleEndianValue and bigEndianValue are in sync -- that both are either NULL or not NULL -- but, if so, that's not apparent to the static analyzer. Address this by adding an explicit littleEndianValue check before its use in the RELEASE_ASSERT.

Attachments
Patch (2.92 KB, patch) 2019-09-24 13:05 PDT, Keith Rollin	no flags	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Radar WebKit Bug Importer

Comment 1 2019-09-24 13:04:37 PDT

<rdar://problem/55674000>

Keith Rollin

Comment 2 2019-09-24 13:05:51 PDT

Created attachment 379476 [details] Patch

Yusuke Suzuki

Comment 3 2019-09-24 13:21:05 PDT

Comment on attachment 379476 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=379476&action=review > Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp:12972 > + RELEASE_ASSERT((!littleEndianValue && !bigEndianValue) || (littleEndianValue && type == littleEndianValue->type())); Can you get a type of littleEndianValue like for bigEndianValue? Like, `bigEndianValue ? bigEndianValue->type() : Void`

Keith Rollin

Comment 4 2019-09-25 19:25:47 PDT

I don't know if that question is for me. If so, I don't understand it. I'm just trying to protect against littleEndianValue being NULL.

Alexey Proskuryakov

Comment 5 2025-01-29 13:18:44 PST

Closing this 5+ years later, as it's an abandoned patch.

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution LATER

Priority P2

Severity Normal

Classification Unclassified

Version WebKit Nightly Build

Hardware Unspecified

OS Unspecified

Product WebKit

Component JavaScriptCore

Assignee

Keith Rollin

Reported

2019-09-24 13:04 PDT

Modified

2025-01-29 13:18 PST History

CC List

9 users Show

URL

Keywords InRadar

Depends on

Blocks