Open Bug 506261 Opened 15 years ago Updated 2 years ago

callers of PK11_MakeString may leak allocated result.

Categories

(NSS :: Libraries, defect, P3)

Product:
NSS
Component:
Libraries
Type:
defect

Tracking

(Not tracked)

People

(Reporter: timeless, Assigned: rrelyea)

References

(
URL
)

Details

(Keywords: coverity) 

PK11_MakeString can fail because of oom, and in both cases tmp isn't null checked which means whatever the goal is, it probably isn't working.
Assignee: nobody → rrelyea
Summary: tmp = PK11_MakeString(...) is a bad pattern → callers of PK11_MakeString don't check result for NULL
    * line 1145 -- tmp = PK11_MakeString(NULL,slot->token_name,
    * line 1377 -- tmp = PK11_MakeString(NULL,slot->slot_name, 

In these cases, PK11_MakeString returns its second argument.
I guess it's remotely conceivable that the value of that argument
could be NULL, in which case PK11_MakeString will return the address
of an allocated string, which will then be leaked because these callers
do NOTHING with tmp.
URL: http://mxr.mozilla.org/mozilla-centra...http://mxr.mozilla.org/security/ident...
Status: UNCONFIRMED → NEW
Ever confirmed: true
Priority: -- → P3
Summary: callers of PK11_MakeString don't check result for NULL → callers of PK11_MakeString may leak allocated result.
Severity: minor → S4
You need to log in before you can comment on or make changes to this bug.