Closed Bug 1234540 Opened 9 years ago Closed 9 years ago

[Static Analysis][Dereference null return value] In function nsCacheEntryHashTable::AddEntry from nsCacheEntry.cpp

Tracking

()

Status:

RESOLVED FIXED

Milestone:

mozilla47

Tracking Flags:

Tracking

Status

firefox46

---

affected

firefox47

---

fixed

People

(Reporter: andi, Assigned: andi)

References

(Blocks 1 open bug)

Details

(Keywords: coverity, Whiteboard: CID 1324686 [necko-active])

Attachments

(1 file, 1 obsolete file)

Bug 1234540.diff 9 years ago Andi [:andi] 163 bytes, patch		Details \| Diff \| Splinter Review
Bug 1234540.diff 9 years ago Andi [:andi] 1003 bytes, patch	michal : review+	Details \| Diff \| Splinter Review

Andi [:andi]

Assignee

Description

•

9 years ago

The Static Analysis tool Coverity added that pointer hashEntry can be null thus having a null pointer dereference: >> hashEntry = table.Add(&(cacheEntry->mKey), fallible); >>#ifndef DEBUG_dougt >> NS_ASSERTION(((nsCacheEntryHashTableEntry *)hashEntry)->cacheEntry == 0, >> "### nsCacheEntryHashTable::AddEntry - entry already used"); >>#endif >> ((nsCacheEntryHashTableEntry *)hashEntry)->cacheEntry = cacheEntry; This can happen if in function table->Add malloc fails because of oom: >> MOZ_RELEASE_ASSERT(SizeOfEntryStore(CapacityFromHashShift(), mEntrySize, >> &nbytes)); >> mEntryStore.Set((char*)malloc(nbytes)); >> if (!mEntryStore.Get()) { >> return nullptr; >> }

Andi [:andi]

Assignee

Comment 1

•

9 years ago

Attached patch Bug 1234540.diff (obsolete) — Details — Splinter Review

Attachment #8701042 - Flags: review?(mcmanus)

Patrick McManus [:mcmanus]

Updated

•

9 years ago

Attachment #8701042 - Flags: review?(mcmanus) → review?(michal.novotny)

Andi [:andi]

Assignee

Comment 2

•

9 years ago

Attached patch Bug 1234540.diff — Details — Splinter Review

Attachment #8701042 - Attachment is obsolete: true

Attachment #8701042 - Flags: review?(michal.novotny)

Attachment #8701045 - Flags: review?(michal.novotny)

Michal Novotny [:michal]

Updated

•

9 years ago

Attachment #8701045 - Flags: review?(michal.novotny) → review+

Patrick McManus [:mcmanus]

Comment 3

•

9 years ago

please check in the reviewed patch or otherwise resolve this bug. thanks

Flags: needinfo?(bogdan.postelnicu)

Whiteboard: CID 1324686 → CID 1324686 [necko-active]

Pulsebot

Comment 4

•

9 years ago

https://hg.mozilla.org/integration/mozilla-inbound/rev/d0459ee243da

Andi [:andi]

Assignee

Comment 5

•

9 years ago

it's been pushed to inbound.

Flags: needinfo?(bogdan.postelnicu)

Wes Kocher (:KWierso) (Not reading bugmail; email directly if needed)

Comment 6

•

9 years ago

bugherder

https://hg.mozilla.org/mozilla-central/rev/d0459ee243da

Status: NEW → RESOLVED

Closed: 9 years ago

status-firefox47: --- → fixed

Resolution: --- → FIXED

Target Milestone: --- → mozilla47

You need to log in before you can comment on or make changes to this bug.

Bugzilla

[Static Analysis][Dereference null return value] In function nsCacheEntryHashTable::AddEntry from nsCacheEntry.cpp

Categories

(Core :: Networking: Cache, defect)

Tracking

()

People

(Reporter: andi, Assigned: andi)

References

(Blocks 1 open bug)

Details

(Keywords: coverity, Whiteboard: CID 1324686 [necko-active])

Crash Data

Security

(public)

User Story

Attachments

(1 file, 1 obsolete file)

Description

Comment 1

Updated

Comment 2

Updated

Comment 3

Comment 4

Comment 5

Comment 6

Attachment

General

Description

File Name

Content Type