Closed
Bug 1458126
Opened 7 years ago
Closed 7 years ago
Potential double free bugs in nsXBLProtoImplProperty.cpp
Categories
(Core :: XBL, defect)
Core
XBL
Tracking
()
RESOLVED
INVALID
People
(Reporter: pauljt, Unassigned)
References
Details
Semmle has reported several double free issues in nsXBLProtoImplProperty.cpp. I'm not sure if there is any risk here, as I assume this would only be exploitable from XBL code if anywhere, and Im not aware that we have any untrusted XBL contexts. I'm filing this for completeness sake though, and just to make sure. I'll wontfix once Im sure its not a bug.
Actually it isn't a bug, but the code could maybe be improved. I'm filing anyways just so I have a track of the bugs ive triaged.
The issue reported is a double free with setterText and getterText. We have a pattern where delete the variable, and then set a boolean to say that its deleted:
delete setterText;
deletedSetter = true;
Just after this, we check the boolean, and then delete if not set:
if (!deletedSetter) { // Empty setter
delete setterText;
mSetter.SetJSFunction(nullptr);
}
So this combination is confusing the static anlaysis since it looks like a potential double free. Filing just so that we know weve triaged it.
|
Reporter | |
Updated•7 years ago
|
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → INVALID
|
|
Reporter | |
Updated•7 years ago
|
Blocks: semmle-analysis
|
||
Updated•6 years ago
|
Type: enhancement → defect
|
||
Updated•5 years ago
|
Group: mozilla-employee-confidential
You need to log in
before you can comment on or make changes to this bug.
Description
•