Closed
Bug 1218792
Opened 10 years ago
Closed 10 years ago
[CID 222162][CID 222161] overwrite_var: Overwriting subiter in subiter = Pk11Install_ListIter_new
Categories
(NSS :: Libraries, defect)
NSS
Libraries
Tracking
(firefox44 affected)
RESOLVED
FIXED
3.22
| Tracking | Status | |
|---|---|---|
| firefox44 | --- | affected |
People
(Reporter: franziskus, Assigned: franziskus)
References
(Blocks 1 open bug)
Details
(Keywords: coverity)
Attachments
(1 file, 1 obsolete file)
|
9.55 KB,
patch
|
mt
:
review+
|
Details | Diff | Splinter Review |
Coverity complains that subiter is overwritten here and thus leaks storage.
> subiter = Pk11Install_ListIter_new(subpair->list);
> [...]
> Pk11Install_ListIter_delete(subiter);
> subiter = NULL;
I'm not sure what Pk11Install_ListIter_delete is supposed to do (delete probably), but it only sets
> _this->list=NULL;
> _this->current=NULL;
without freeing anything. To make this work properly we have to free _this. We can also pull the subiter=NULL in the delete function.
| Assignee | ||
Comment 1•10 years ago
|
||
moved the free and null in the delete function
Attachment #8679460 -
Flags: review?(martin.thomson)
Comment 2•10 years ago
|
||
Comment on attachment 8679460 [details] [diff] [review]
don't leak the iter
Review of attachment 8679460 [details] [diff] [review]:
-----------------------------------------------------------------
This might have been a double-free in the past, but removing the NULL assignments means that you have a new type of double-free.
::: cmd/modutil/install-ds.c
@@ +1334,5 @@
> {
> _this->list=NULL;
> _this->current=NULL;
> + PR_Free(_this);
> + _this=NULL;
This isn't going to do what you think it does.
Attachment #8679460 -
Flags: review?(martin.thomson) → review-
| Assignee | ||
Comment 3•10 years ago
|
||
uh, right. how about this?
Attachment #8679460 -
Attachment is obsolete: true
Attachment #8680010 -
Flags: review?(martin.thomson)
Comment 4•10 years ago
|
||
Comment on attachment 8680010 [details] [diff] [review]
don't leak the iter
Review of attachment 8680010 [details] [diff] [review]:
-----------------------------------------------------------------
LGTM Deferring the commit.
Attachment #8680010 -
Flags: review?(martin.thomson) → review+
Comment 5•10 years ago
|
||
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Target Milestone: --- → 3.22
You need to log in
before you can comment on or make changes to this bug.
Description
•