Closed Bug 11507 Opened 25 years ago Closed 25 years ago

nsWalletlibService has bad refcounting and QI

Categories

(Core :: XPCOM, defect, P3)

Product:
Core
Component:
XPCOM
Platform:
x86
Windows NT
Type:
defect

Tracking

()

Status:
VERIFIED FIXED

People

(Reporter: jband_mozilla, Assigned: morse)

Details

(Whiteboard: [19990823]waiting to hear back from reporter) 

nsWalletlibService::QueryInterface fails if given the IID for the nsISupports

That can be fixed with:

Index: nsWalletService.cpp
===================================================================
RCS file: /cvsroot/mozilla/extensions/wallet/src/nsWalletService.cpp,v
retrieving revision 1.24
diff -r1.24 nsWalletService.cpp
71c71,72
<   if (iid.Equals(kIWalletServiceIID)) {
---
>   if (iid.Equals(NS_GET_IID(nsISupports)) ||
>       iid.Equals(kIWalletServiceIID)) {


In WalletFactoryImpl::CreateInstance if the QI fails it does a 'delete inst'
(without setting 'inst' to null) and then the next line does
NS_IF_RELEASE(inst) which will crash.

Normally, the code should look like:

    rv = inst->QueryInterface(aIID, aResult);
    NS_IF_RELEASE(inst);
    return rv;

You are going to release the 'inst' anyway. However, I see that inst comes into
this with a refcount of 2 (rather than 1), so this would leak. The code sets
this object up as an observer of something else in its ctor and removes that
relationship in its dtor. So, I'm not seeing how the refcount would ever go to 0
and have the dtor get called anyway.
Status: NEW → ASSIGNED
Target Milestone: M9
Status: ASSIGNED → RESOLVED
Closed: 25 years ago
Resolution: --- → FIXED
Just checked in indicated changes.
Whiteboard: [19990823]waiting to hear back from reporter
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.