Closed
Bug 1142681
Opened 10 years ago
Closed 10 years ago
[WebCrypto] |CreateECParamsForCurve| leaks |params|
Categories
(Core :: DOM: Security, defect)
Tracking
()
RESOLVED
FIXED
mozilla39
Tracking | Status | |
---|---|---|
firefox39 | --- | fixed |
People
(Reporter: erahm, Assigned: ttaubert)
References
(Blocks 1 open bug)
Details
(Keywords: coverity, Whiteboard: [MemShrink][CID 1286416])
Attachments
(1 file)
1013 bytes,
patch
|
keeler
:
review+
|
Details | Diff | Splinter Review |
Coverity indicates that |CreateECParamsForCurve| leaks |params| if the sanity check [1] fails.
[1] https://hg.mozilla.org/mozilla-central/annotate/0190a1d17294/dom/crypto/WebCryptoCommon.h#l320
Assignee | ||
Comment 1•10 years ago
|
||
The SECItem is alloced in the ScopedPLArenaPool given by the caller. Once that goes out of scope we should free the memory as well here. This is assuming that aArena ≠ null, so should we maybe add an assertion here? All existing callers pass a non-null arena but we could avoid future accidental leaks?
Flags: needinfo?(dkeeler)
Comment 2•10 years ago
|
||
That sounds reasonable. I don't know if coverity will be satisfied by that, but maybe we could annotate it or something.
Flags: needinfo?(dkeeler)
Reporter | ||
Comment 3•10 years ago
|
||
An assertion sounds good. If Coverity doesn't pick up on it someone triaging defects probably will.
Assignee | ||
Comment 4•10 years ago
|
||
Updated•10 years ago
|
Attachment #8577455 -
Flags: review?(dkeeler) → review+
Assignee | ||
Comment 5•10 years ago
|
||
Comment 6•10 years ago
|
||
Status: ASSIGNED → RESOLVED
Closed: 10 years ago
status-firefox39:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla39
Assignee | ||
Comment 7•10 years ago
|
||
Eric, out of curiosity: does Coverity still report a leak?
Flags: needinfo?(erahm)
Reporter | ||
Comment 8•10 years ago
|
||
(In reply to Tim Taubert [:ttaubert] from comment #7)
> Eric, out of curiosity: does Coverity still report a leak?
The latest run shows it as fixed, so a release assertion seems to have done the job.
Reporter | ||
Updated•10 years ago
|
Flags: needinfo?(erahm)
Updated•6 years ago
|
Blocks: coverity-analysis
You need to log in
before you can comment on or make changes to this bug.
Description
•