Closed
Bug 1228077
Opened 9 years ago
Closed 9 years ago
third nsZipHandle::Init method doesn't initialize handle->mMap
Categories
(Core :: Networking: JAR, defect)
Core
Networking: JAR
Tracking
()
RESOLVED
INVALID
| Tracking | Status | |
|---|---|---|
| firefox45 | --- | affected |
People
(Reporter: dbaron, Assigned: dbaron)
References
Details
Attachments
(1 file)
|
878 bytes,
patch
|
jld
:
review+
|
Details | Diff | Splinter Review |
The third nsZipHandle::Init method, introduced in https://hg.mozilla.org/mozilla-central/rev/66d2a14f0fb0 , doesn't initialize handle->mMap, which means that ~nsZipHandle could try to call PR_MemUnmap and PR_CloseFileMap on things that it shouldn't. I found this by inspection while investigating bug 1194856.
|
Assignee | |
Comment 1•9 years ago
|
||
Attachment #8692108 -
Flags: review?(jld)
|
||
Comment 2•9 years ago
|
||
Comment on attachment 8692108 [details] [diff] [review] Initialize handle->mMap in third nsZipHandle::Init method Review of attachment 8692108 [details] [diff] [review]: ----------------------------------------------------------------- mMap is set to nullptr by the constructor; do we support calling Init more than once on the same object? (Both about this class in particular and as a matter of general style about Init* methods.)
Attachment #8692108 -
Flags: review?(jld) → review+
|
|
Assignee | |
Comment 3•9 years ago
|
||
(In reply to Jed Davis [:jld] from comment #2) > mMap is set to nullptr by the constructor Oops. I thought I looked and it wasn't. (I think I thought there wasn't a constructor in the .cpp file.)
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → INVALID
|
|
Assignee | |
Comment 4•9 years ago
|
||
(The Init method is static and calls the constructor, so it's fine.)
You need to log in
before you can comment on or make changes to this bug.
Description
•