Closed Bug 1458126 Opened 3 years ago Closed 3 years ago

Potential double free bugs in nsXBLProtoImplProperty.cpp

Categories

(Core :: XBL, defect)

defect
Not set
normal

Tracking

()

RESOLVED INVALID

People

(Reporter: pauljt, Unassigned)

References

(Blocks 1 open bug)

Details

Semmle has reported several double free issues in nsXBLProtoImplProperty.cpp. I'm not sure if there is any risk here, as I assume this would only be exploitable from XBL code if anywhere, and Im not aware that we have any untrusted XBL contexts. I'm filing this for completeness sake though, and just to make sure. I'll wontfix once Im sure its not a bug. 

Actually it isn't a bug, but the code could maybe be improved. I'm filing anyways just so I have a track of the bugs ive triaged. 

The issue reported is a double free with setterText and getterText. We have a pattern where delete the variable, and then set a boolean to say that its deleted:

delete setterText;
deletedSetter = true; 

Just after this, we check the boolean, and then delete if not set:

if (!deletedSetter) {  // Empty setter
    delete setterText;
    mSetter.SetJSFunction(nullptr);
  }

So this combination is confusing the static anlaysis since it looks like a potential double free. Filing just so that we know weve triaged it.
Status: NEW → RESOLVED
Closed: 3 years ago
Resolution: --- → INVALID
Type: enhancement → defect
You need to log in before you can comment on or make changes to this bug.