Closed
Bug 1245441
Opened 8 years ago
Closed 8 years ago
[Coverity 220566] Free a pointer
Categories
(NSS :: Libraries, defect)
NSS
Libraries
Tracking
(Not tracked)
RESOLVED
FIXED
3.24
People
(Reporter: paul.bignier, Assigned: paul.bignier)
References
(Blocks 1 open bug)
Details
(Keywords: coverity)
Attachments
(1 file, 4 obsolete files)
|
1.25 KB,
patch
|
franziskus
:
review+
franziskus
:
checked-in+
|
Details | Diff | Splinter Review |
User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Firefox/38.0 Build ID: 20160127060627 Steps to reproduce: Coverity's CID: 220566
|
Assignee | |
Updated•8 years ago
|
Attachment #8715232 -
Flags: review?(kaie)
|
||
Updated•8 years ago
|
Assignee: nobody → paul.bignier
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
|
|
||
Updated•8 years ago
|
Blocks: nss-coverity
|
||
Comment 1•8 years ago
|
||
Comment on attachment 8715232 [details] [diff] [review] 0001-Coverity-220566-Free-a-pointer.patch It seems that it's possible that no value is assigned to variable phy. Then you'd attempt to free a random pointer. You could probably solve that by initializing phy to NULL at declaration time.
Attachment #8715232 -
Flags: review?(kaie) → review-
|
|
Assignee | |
Comment 2•8 years ago
|
||
Attachment #8715232 -
Attachment is obsolete: true
Attachment #8716330 -
Flags: review?(kaie)
|
|
||
Updated•8 years ago
|
Attachment #8716330 -
Flags: review?(kaie) → review+
|
|
||
Updated•8 years ago
|
Keywords: checkin-needed
|
|
||
Comment 3•8 years ago
|
||
https://hg.mozilla.org/projects/nss/rev/9448cd7cf830
Status: ASSIGNED → RESOLVED
Closed: 8 years ago
Keywords: checkin-needed
Resolution: --- → FIXED
Target Milestone: --- → 3.23
|
|
||
Comment 4•8 years ago
|
||
I've backed this out. https://hg.mozilla.org/projects/nss/rev/ccaddca3b86b I believe it is responsible for a buildbot bustage. I should have reviewed the patch more carefully. Apparently the code may transfer ownership of the allocated phy pointer to a list, and we must not free that pointer when that happens. it->data = (unsigned char *) phy; It might be sufficient to set "phy=NULL" after that transfer. But I'd like to ask you to please investigate the code more carefully.
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
|
|
Assignee | |
Comment 5•8 years ago
|
||
'phy' should indeed be freed only if 'it' didn't manage to be allocated. No need to initialize 'it' because it is given a value right after 'phy'. Poor indentation got me confused, I didn't see we were in the while loop.
Attachment #8716330 -
Attachment is obsolete: true
Attachment #8716871 -
Flags: review?(kaie)
|
||
Comment 6•8 years ago
|
||
Comment on attachment 8716871 [details] [diff] [review] 0001-Coverity-220566-Free-a-pointer.patch Review of attachment 8716871 [details] [diff] [review]: ----------------------------------------------------------------- lgtm
Attachment #8716871 -
Flags: review?(kaie) → review+
|
|
||
Comment 7•8 years ago
|
||
could you make a patch against NSS trunk?
Flags: needinfo?(paul.bignier)
Target Milestone: 3.23 → 3.24
|
|
Assignee | |
Comment 8•8 years ago
|
||
> could you make a patch against NSS trunk?
Hi, sure, here it is.
The content is the same as the previous patch, I hope it's all right for you because I'm having errors when applying it ("space before tab in indent" error).
Regards,
Paul
Attachment #8716871 -
Attachment is obsolete: true
Flags: needinfo?(paul.bignier)
Attachment #8730596 -
Flags: review?(franziskuskiefer)
|
|
||
Comment 9•8 years ago
|
||
thanks, though I landed the clang-format patch earlier today. Had to change your patch again.
Attachment #8730596 -
Attachment is obsolete: true
Attachment #8730596 -
Flags: review?(franziskuskiefer)
Attachment #8730667 -
Flags: review+
Attachment #8730667 -
Flags: checked-in+
|
|
||
Comment 10•8 years ago
|
||
https://hg.mozilla.org/projects/nss/rev/7208817c1958
Status: REOPENED → RESOLVED
Closed: 8 years ago → 8 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•