Closed
Bug 1082524
Opened 10 years ago
Closed 10 years ago
Use of uninitialized memory when failing to load a library
Categories
(Core :: mozglue, defect)
Tracking
()
RESOLVED
FIXED
mozilla36
People
(Reporter: glandium, Assigned: glandium)
References
Details
Attachments
(2 files, 1 obsolete file)
915 bytes,
patch
|
froydnj
:
review+
|
Details | Diff | Splinter Review |
1.31 KB,
patch
|
froydnj
:
review+
|
Details | Diff | Splinter Review |
No description provided.
Assignee | ||
Comment 1•10 years ago
|
||
When a library fails to load with CustomElf before it's registered, the unregistration that does happen in CustomElf's destructor uses link_map, so it needs to be initialized.
Attachment #8504669 -
Flags: review?(nfroyd)
Assignee | ||
Comment 2•10 years ago
|
||
When a library fails to load with CustomElf before it's registered, the unregistration that does happen in CustomElf's destructor uses link_map, so it needs to be initialized.
Attachment #8504702 -
Flags: review?(nfroyd)
Assignee | ||
Updated•10 years ago
|
Attachment #8504669 -
Attachment is obsolete: true
Attachment #8504669 -
Flags: review?(nfroyd)
Updated•10 years ago
|
Attachment #8504702 -
Flags: review?(nfroyd) → review+
Assignee | ||
Comment 3•10 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/efe4e96122a3
Comment 4•10 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/efe4e96122a3
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla36
Assignee | ||
Comment 5•10 years ago
|
||
This was actually not enough, the memory is now initialized, but it still crashes because of a NULL deref.
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Assignee | ||
Comment 6•10 years ago
|
||
Attachment #8506703 -
Flags: review?(nfroyd)
Comment 7•10 years ago
|
||
Comment on attachment 8506703 [details] [diff] [review] Do not deref null pointers in link_map Review of attachment 8506703 [details] [diff] [review]: ----------------------------------------------------------------- ::: mozglue/linker/ElfLoader.cpp @@ +892,5 @@ > /* When removing the first added library, its l_next is going to be > * data handled by the system linker, and that data may be read-only */ > EnsureWritable w(&map->l_next->l_prev); > map->l_next->l_prev = map->l_prev; > + } else if (map->l_next) Might as well add some braces around here while you're poking around.
Attachment #8506703 -
Flags: review?(nfroyd) → review+
Assignee | ||
Comment 8•10 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/4701a7ff7279
Comment 9•10 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/4701a7ff7279
Status: REOPENED → RESOLVED
Closed: 10 years ago → 10 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•