Closed Bug 1019948 Opened 10 years ago Closed 3 years ago

Use-after-free in pkg_createWithAssemblyCode

Tracking

()

Status:

RESOLVED FIXED

People

(Reporter: mccr8, Unassigned)

References

(Blocks 1 open bug)

Details

(Keywords: coverity, csectype-uaf, sec-other)

Andrew McCreight [:mccr8]

Reporter

Description

•

10 years ago

This code frees a string |cmd|, then prints it out:

    uprv_free(cmd);
    if (result != 0) {
        fprintf(stderr, "Error creating with assembly code. Failed command: %s\n", cmd);

I'm marking this as sec-other, because I assume this is part of some build step, and is not code that we ship with Firefox.  If that's really the case, this bug can be unhidden.

Andrew McCreight [:mccr8]

Reporter

Comment 1

•

10 years ago

Well, I meant to hide that...

Group: core-security

BMO Automation

Updated

•

9 years ago

Group: core-security → javascript-core-security

Sylvestre Ledru [:Sylvestre]

Updated

•

6 years ago

Blocks: coverity-analysis

Ted Campbell [:tcampbell]

Comment 2

•

3 years ago

Fixed by Bug 1610512 (ICU 66 update)

Status: NEW → RESOLVED

Closed: 3 years ago

Resolution: --- → FIXED

Ryan VanderMeulen [:RyanVM]

Updated

•

3 years ago

Group: javascript-core-security → core-security-release

Daniel Veditz [:dveditz]

Updated

•

2 years ago

Group: core-security-release

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Quick Search

Use-after-free in pkg_createWithAssemblyCode

Categories

(Core :: JavaScript: Internationalization API, defect)

Tracking

()

People

(Reporter: mccr8, Unassigned)

References

(Blocks 1 open bug)

Details

(Keywords: coverity, csectype-uaf, sec-other)

Crash Data

Security

(public)

User Story

Description

Comment 1

Updated

Updated

Comment 2

Updated

Updated