Closed Bug 134119 Opened 23 years ago Closed 23 years ago

memory corruption in mdn code

Categories

(MailNews Core :: Backend, defect)

Product:
MailNews Core
Component:
Backend
Platform:
x86
Windows 2000
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
VERIFIED FIXED
Milestone:
mozilla1.0

People

(Reporter: Bienvenu, Assigned: Bienvenu)

References

(Blocks 1 open bug)

Details

(Keywords: crash, regression)

Attachments

(1 file)

proposed fix
1.84 KB, patch
jt95070
: review+
sspitzer
: superreview+
Details | Diff | Splinter Review
nsParseMailMessageState::GetAllHeaders(char ** pHeaders, PRInt32 *pHeadersSize) is used like this: rv = m_msgParser->GetAllHeaders(getter_Copies(headers), but it's not allocating a copy of the headers, so memory gets corrupted. Fix upcoming.
Attached patch proposed fixSplinter Review
GetAllHeaders doesn't dup the headers, so can't use nsXPIDLCString or getter_Copies
this was found with purify. I'm not sure why we're getting into this code - I'll look into that as well.
Looks like m_headers is a nsByteArray and GetAllHeaders() simply returns pointer to the buffer without allocating new buffer that's why we got memory corruptions. The patch looks good to me. r=jefft
Comment on attachment 76697 [details] [diff] [review] proposed fix r=jefft
Attachment #76697 - Flags: review+
QA Contact: gayatri → gchan
Comment on attachment 76697 [details] [diff] [review] proposed fix sr=sspitzer
Attachment #76697 - Flags: superreview+
adding keywords.
Keywords: crash, nsbeta1, regression
Target Milestone: --- → mozilla1.0
fix checked in for bienvenu, granrose approved it. I'll send mail to antitux, so that we can get this in the next respin this morning.
Status: NEW → RESOLVED
Closed: 23 years ago
Resolution: --- → FIXED
silly question: how do I confirm this? What happened before it was fixed (i see keyword crash). thnx
David, I should be able to help Gary out with the verification of this. Was this a UMR, FMM, or a straight leak? Thanks!
this was a Freed memory read, write (FMR, FMW?)
I don't see anything in Purify other than the usual leaks and UMRs... I ran with the pref enabled and sent a message that requires an MDN, and read that same message and sent acknowledgement. Verified FIXED with a current opt trunk build.
Status: RESOLVED → VERIFIED
Product: MailNews → Core
Product: Core → MailNews Core
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: