(coverity) resource leak: /mailnews/extensions/mdn/src/nsMsgMdnGenerator.cpp: convbuf is not released in early error exit.

NEW
Unassigned

Status

2 years ago
2 years ago

People

(Reporter: ishikawa, Unassigned)

Tracking

(Blocks: 1 bug, {coverity})

Trunk
coverity

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: CID 1137469)

(Reporter)

Description

2 years ago
Coverity found this:


546    PUSH_N_FREE_STRING(tmpBuffer);
   1. Starting defect path here.
547    PR_Free(convbuf);
548    PR_Free(encodedReceiptString);
549
   2. alloc_fn: Storage is returned from allocation function nsMsgI18NEncodeMimePartIIStr. [show details]
   3. var_assign: Assigning: convbuf = storage returned from nsMsgI18NEncodeMimePartIIStr(this->m_dntRrt.get(), true, this->m_charset.get(), 0, conformToStandard).
550    convbuf = nsMsgI18NEncodeMimePartIIStr(m_dntRrt.get(), true, m_charset.get(), 0, conformToStandard);
   4. Condition convbuf, taking true branch
   5. noescape: Resource convbuf ? convbuf : this->m_dntRrt.get() is not freed or pointed-to in PR_smprintf.
551    tmpBuffer = PR_smprintf("To: %s" CRLF, convbuf ? convbuf :
552                            m_dntRrt.get());
   6. Condition tmpBuffer, taking false branch
   CID 1137469 (#1 of 1): Resource leak (RESOURCE_LEAK)7. leaked_storage: Variable convbuf going out of scope leaks the storage it points to.
553    PUSH_N_FREE_STRING(tmpBuffer);
554
555    PR_Free(convbuf);
556

It looks PR_Free on line 555 seems to free convbuf. But maybe PUSH_N_FREE_STRING(tmBuffer) may have an early exit/return due to some error? EXACTLY. 
57 #define PUSH_N_FREE_STRING(p) \ 
58 do { if (p) { rv = WriteString(p); PR_smprintf_free(p); p=0; \ 
59 if (NS_FAILED(rv)) return rv; } \ 
60 else { return NS_ERROR_OUT_OF_MEMORY; } } while (0) 

We should probably unmacrofy this operation to release convbuf here.

I am still experimenting what is the best method/process to file a bugzilla from Coverity database. Any suggestion and tips will be appreciated.

It is really a pain that there is no corresponding entry for the main subdirectory of C-C tree in the component list: this ought to be fixed somehow.

Updated

2 years ago
Component: Untriaged → Backend
Product: Thunderbird → MailNews Core
(Reporter)

Comment 1

2 years ago
Wayne,

Sorry as to my being cluelessness: I didn't realize that I have to go to "OTHER PRODUCTS" category to find "MailNews Core" entry. I wonder why it is not available from Thunderbird entry (when one wants to file a new bug...)
You need to log in before you can comment on or make changes to this bug.