Closed
Bug 11507
Opened 25 years ago
Closed 25 years ago
nsWalletlibService has bad refcounting and QI
Categories
(Core :: XPCOM, defect, P3)
Tracking
()
VERIFIED
FIXED
M9
People
(Reporter: jband_mozilla, Assigned: morse)
Details
(Whiteboard: [19990823]waiting to hear back from reporter)
nsWalletlibService::QueryInterface fails if given the IID for the nsISupports
That can be fixed with:
Index: nsWalletService.cpp
===================================================================
RCS file: /cvsroot/mozilla/extensions/wallet/src/nsWalletService.cpp,v
retrieving revision 1.24
diff -r1.24 nsWalletService.cpp
71c71,72
< if (iid.Equals(kIWalletServiceIID)) {
---
> if (iid.Equals(NS_GET_IID(nsISupports)) ||
> iid.Equals(kIWalletServiceIID)) {
In WalletFactoryImpl::CreateInstance if the QI fails it does a 'delete inst'
(without setting 'inst' to null) and then the next line does
NS_IF_RELEASE(inst) which will crash.
Normally, the code should look like:
rv = inst->QueryInterface(aIID, aResult);
NS_IF_RELEASE(inst);
return rv;
You are going to release the 'inst' anyway. However, I see that inst comes into
this with a refcount of 2 (rather than 1), so this would leak. The code sets
this object up as an observer of something else in its ctor and removes that
relationship in its dtor. So, I'm not seeing how the refcount would ever go to 0
and have the dtor get called anyway.
Assignee | ||
Updated•25 years ago
|
Status: NEW → ASSIGNED
Target Milestone: M9
Assignee | ||
Updated•25 years ago
|
Status: ASSIGNED → RESOLVED
Closed: 25 years ago
Resolution: --- → FIXED
Assignee | ||
Comment 1•25 years ago
|
||
Just checked in indicated changes.
Updated•25 years ago
|
Whiteboard: [19990823]waiting to hear back from reporter
Reporter | ||
Updated•25 years ago
|
Status: RESOLVED → VERIFIED
Comment hidden (collapsed) |
You need to log in
before you can comment on or make changes to this bug.
Description
•