Closed
Bug 1315936
Opened 8 years ago
Closed 8 years ago
Memory error introduced by bug 1287271
Categories
(NSS :: Libraries, defect)
Tracking
(Not tracked)
RESOLVED
FIXED
3.28
People
(Reporter: KaiE, Assigned: KaiE)
References
Details
Attachments
(1 file)
606 bytes,
patch
|
mt
:
review+
|
Details | Diff | Splinter Review |
Bug 1287271 introduced a memory error. If the memory was taken from an arena, calling PORT_Free on it crashes. SignatureScheme *schemes; ... if (arena) { schemes = PORT_ArenaZNewArray(arena, SignatureScheme, max); } else { schemes = PORT_ZNewArray(SignatureScheme, max); } ... if (!numSchemes) { /* Bug 1295060 - We fall back to defaults if we have no common * algorithms. We should instead avoid signatures. */ PORT_Free(schemes); schemes = NULL; }
Assignee | ||
Comment 1•8 years ago
|
||
Assignee: nobody → kaie
Attachment #8808576 -
Flags: review?(martin.thomson)
Updated•8 years ago
|
Attachment #8808576 -
Flags: review?(martin.thomson) → review+
Assignee | ||
Comment 2•8 years ago
|
||
https://hg.mozilla.org/projects/nss/rev/6107cdc34be7871cf9fced4de5739bb755ad8e85 This should get fixed in NSS 3.28 If this landed after the branch point, we should land it into the branch, too.
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
Target Milestone: --- → 3.28
Assignee | ||
Comment 3•8 years ago
|
||
3.28 Branch commit https://hg.mozilla.org/projects/nss/rev/3758422e2e2d
You need to log in
before you can comment on or make changes to this bug.
Description
•