Closed
Bug 180916
Opened 22 years ago
Closed 21 years ago
nsPermission::~nsPermission frees uninitialized values
Categories
(Core :: Networking: Cookies, defect)
Tracking
()
RESOLVED
FIXED
People
(Reporter: timeless, Assigned: timeless)
References
Details
(Keywords: crash)
Attachments
(1 file)
|
761 bytes,
patch
|
morse
:
review+
bzbarsky
:
superreview-
|
Details | Diff | Splinter Review |
nsCRT::free(permissionHost); nsCRT::free(char * 0xcdcdcdcd) line 179 + 9 bytes nsPermission::~nsPermission() line 62 + 13 bytes nsPermission::`scalar deleting destructor'() + 15 bytes nsPermission::Release(nsPermission * const 0x02d39870) line 45 + 183 bytes XPCWrappedNative::~XPCWrappedNative() line 547 + 18 bytes XPCWrappedNative::`scalar deleting destructor'(unsigned int 1) + 15 bytes XPCWrappedNative::Release(XPCWrappedNative * const 0x02d39810) line 777 + 147 bytes XPCWrappedNative::FlatJSObjectFinalized(JSContext * 0x004f0e70, JSObject * 0x0145b138) line 897 XPC_WN_NoHelper_Finalize(JSContext * 0x004f0e70, JSObject * 0x0145b138) line 632 js_FinalizeObject(JSContext * 0x004f0e70, JSObject * 0x0145b138) line 1840 + 96 bytes js_GC(JSContext * 0x004f0e70, unsigned int 5) line 1311 + 11 bytes js_AllocGCThing(JSContext * 0x004f0e70, unsigned int 1) line 523 + 11 bytes js_NewString(JSContext * 0x004f0e70, unsigned short * 0x05052f80, unsigned int 21, unsigned int 0) line 2418 + 16 bytes JS_NewStringCopyZ(JSContext * 0x004f0e70, const char * 0x01043ba1) line 3542 + 19 bytes nsXPCComponents_Interfaces::NewEnumerate(nsXPCComponents_Interfaces * const 0x00508d84, nsIXPConnectWrappedNative * 0x00508ba0, JSContext * 0x004f0e70, JSObject * 0x0108edc0, unsigned int 1, long * 0x0012ed34, long * 0x0012ecc8, int * 0x0012e508) line 195 + 56 bytes XPC_WN_JSOp_Enumerate(JSContext * 0x004f0e70, JSObject * 0x0108edc0, JSIterateOp JSENUMERATE_NEXT, long * 0x0012ed34, long * 0x0012ecc8) line 1058 + 66 bytes js_Interpret(JSContext * 0x004f0e70, long * 0x0012fe50) line 1775 + 38 bytes js_Execute(JSContext * 0x004f0e70, JSObject * 0x0108e4c0, JSScript * 0x00503560, JSStackFrame * 0x00000000, unsigned int 0, long * 0x0012fe50) line 1020 + 13 bytes JS_ExecuteScript(JSContext * 0x004f0e70, JSObject * 0x0108e4c0, JSScript * 0x00503560, long * 0x0012fe50) line 3277 + 25 bytes Process(JSContext * 0x004f0e70, JSObject * 0x0108e4c0, char * 0x004a46c5, _iobuf * 0x00000000) line 479 + 22 bytes ProcessArgs(JSContext * 0x004f0e70, JSObject * 0x0108e4c0, char * * 0x004a46b4, int 1) line 655 + 33 bytes main(int 1, char * * 0x004a46b4) line 912 + 21 bytes mainCRTStartup() line 338 + 17 bytes
Attachment #106812 -
Flags: superreview?(bzbarsky)
Attachment #106812 -
Flags: review?(morse)
|
||
Comment 2•22 years ago
|
||
Comment on attachment 106812 [details] [diff] [review] patch Why is this using nsCRT::free? As far as I can tell, the pointer is always allocated via PL_strdup, so you should be using PL_strfree. Why does the no-arguments constructor even exist? It serves no purpose and is not calle. Further, it is not really usable because nsPermission has no setters. Just remove it.
Attachment #106812 -
Flags: superreview?(bzbarsky) → superreview-
|
||
Comment 3•22 years ago
|
||
Comment on attachment 106812 [details] [diff] [review] patch I agree with Boris' comments
Attachment #106812 -
Flags: review?(morse) → review+
|
||
Comment 4•21 years ago
|
||
mvl: this bug might interest you.
|
||
Comment 5•21 years ago
|
||
darin: if you SR mvl's phase 1 patch before 1.4a, we can cvs remove all these nasty nasty bugs in one fell swoop :) even dougt's nsIFile crasher can be cvs removed! so what do you think? :)
i checked in the patch w/ PL_strfree r+sr=darin
Status: NEW → RESOLVED
Closed: 21 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•