Open
Bug 1130847
Opened 9 years ago
Updated 6 months ago
bltest calls free on uninitalized object when passing a wrong command line
Categories
(NSS :: Tools, defect, P5)
Tracking
(Not tracked)
NEW
People
(Reporter: hanno, Unassigned)
Details
Attachments
(2 files)
617 bytes,
patch
|
Details | Diff | Splinter Review | |
708 bytes,
text/plain
|
Details |
I noticed an invalid free operation in bltest when trying to compile nss with asan. Before cipherInfo gets initialized in line 3512 there is a check in line 3506 whether the command line parsing function returned an error. On error it does a "goto print_usage". After the print_usage label there's a free of cipherInfo in line 3716: PORT_Free(cipherInfo); In case of a malformed command line this call will be reached, while cipherInfo is not initialized yet. Compiling nss with asan or running it through valgrind will show errors when you try to do something like "bltest --h", which is not detected as a valid commandline. There are different ways to fix this, I opted for the easiest: Just initialize cipherInfo before checking the command line for errors. Then it will always be initialized when there's a "goto print_usage", therefore we can always free it.
Reporter | ||
Comment 1•9 years ago
|
||
Updated•2 years ago
|
Severity: normal → S3
Updated•6 months ago
|
Severity: S3 → S4
Priority: -- → P5
You need to log in
before you can comment on or make changes to this bug.
Description
•