Closed Bug 1218792 Opened 10 years ago Closed 10 years ago

[CID 222162][CID 222161] overwrite_var: Overwriting subiter in subiter = Pk11Install_ListIter_new

Categories

(NSS :: Libraries, defect)

defect
Not set
normal

Tracking

(firefox44 affected)

RESOLVED FIXED
Tracking Status
firefox44 --- affected

People

(Reporter: franziskus, Assigned: franziskus)

References

(Blocks 1 open bug)

Details

(Keywords: coverity)

Attachments

(1 file, 1 obsolete file)

Coverity complains that subiter is overwritten here and thus leaks storage. > subiter = Pk11Install_ListIter_new(subpair->list); > [...] > Pk11Install_ListIter_delete(subiter); > subiter = NULL; I'm not sure what Pk11Install_ListIter_delete is supposed to do (delete probably), but it only sets > _this->list=NULL; > _this->current=NULL; without freeing anything. To make this work properly we have to free _this. We can also pull the subiter=NULL in the delete function.
Attached patch don't leak the iter (obsolete) — Splinter Review
moved the free and null in the delete function
Attachment #8679460 - Flags: review?(martin.thomson)
Comment on attachment 8679460 [details] [diff] [review] don't leak the iter Review of attachment 8679460 [details] [diff] [review]: ----------------------------------------------------------------- This might have been a double-free in the past, but removing the NULL assignments means that you have a new type of double-free. ::: cmd/modutil/install-ds.c @@ +1334,5 @@ > { > _this->list=NULL; > _this->current=NULL; > + PR_Free(_this); > + _this=NULL; This isn't going to do what you think it does.
Attachment #8679460 - Flags: review?(martin.thomson) → review-
uh, right. how about this?
Attachment #8679460 - Attachment is obsolete: true
Attachment #8680010 - Flags: review?(martin.thomson)
Comment on attachment 8680010 [details] [diff] [review] don't leak the iter Review of attachment 8680010 [details] [diff] [review]: ----------------------------------------------------------------- LGTM Deferring the commit.
Attachment #8680010 - Flags: review?(martin.thomson) → review+
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Target Milestone: --- → 3.22
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: