Closed Bug 1142681 Opened 5 years ago Closed 5 years ago

[WebCrypto] |CreateECParamsForCurve| leaks |params|

Categories

(Core :: DOM: Security, defect)

x86_64
Linux
defect
Not set

Tracking

()

RESOLVED FIXED
mozilla39
Tracking Status
firefox39 --- fixed

People

(Reporter: erahm, Assigned: ttaubert)

References

(Blocks 1 open bug)

Details

(Keywords: coverity, Whiteboard: [MemShrink][CID 1286416])

Attachments

(1 file)

Coverity indicates that |CreateECParamsForCurve| leaks |params| if the sanity check [1] fails.

[1] https://hg.mozilla.org/mozilla-central/annotate/0190a1d17294/dom/crypto/WebCryptoCommon.h#l320
The SECItem is alloced in the ScopedPLArenaPool given by the caller. Once that goes out of scope we should free the memory as well here. This is assuming that aArena ≠ null, so should we maybe add an assertion here? All existing callers pass a non-null arena but we could avoid future accidental leaks?
Flags: needinfo?(dkeeler)
That sounds reasonable. I don't know if coverity will be satisfied by that, but maybe we could annotate it or something.
Flags: needinfo?(dkeeler)
An assertion sounds good. If Coverity doesn't pick up on it someone triaging defects probably will.
Assignee: nobody → ttaubert
Status: NEW → ASSIGNED
Attachment #8577455 - Flags: review?(dkeeler)
https://hg.mozilla.org/mozilla-central/rev/fcf4cac17e3a
Status: ASSIGNED → RESOLVED
Closed: 5 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla39
Eric, out of curiosity: does Coverity still report a leak?
Flags: needinfo?(erahm)
(In reply to Tim Taubert [:ttaubert] from comment #7)
> Eric, out of curiosity: does Coverity still report a leak?

The latest run shows it as fixed, so a release assertion seems to have done the job.
Flags: needinfo?(erahm)
You need to log in before you can comment on or make changes to this bug.