Closed
Bug 180916
Opened 23 years ago
Closed 22 years ago
nsPermission::~nsPermission frees uninitialized values
Categories
(Core :: Networking: Cookies, defect)
Tracking
()
RESOLVED
FIXED
People
(Reporter: timeless, Assigned: timeless)
References
Details
(Keywords: crash)
Attachments
(1 file)
|
761 bytes,
patch
|
morse
:
review+
bzbarsky
:
superreview-
|
Details | Diff | Splinter Review |
nsCRT::free(permissionHost);
nsCRT::free(char * 0xcdcdcdcd) line 179 + 9 bytes
nsPermission::~nsPermission() line 62 + 13 bytes
nsPermission::`scalar deleting destructor'() + 15 bytes
nsPermission::Release(nsPermission * const 0x02d39870) line 45 + 183 bytes
XPCWrappedNative::~XPCWrappedNative() line 547 + 18 bytes
XPCWrappedNative::`scalar deleting destructor'(unsigned int 1) + 15 bytes
XPCWrappedNative::Release(XPCWrappedNative * const 0x02d39810) line 777 + 147 bytes
XPCWrappedNative::FlatJSObjectFinalized(JSContext * 0x004f0e70, JSObject *
0x0145b138) line 897
XPC_WN_NoHelper_Finalize(JSContext * 0x004f0e70, JSObject * 0x0145b138) line 632
js_FinalizeObject(JSContext * 0x004f0e70, JSObject * 0x0145b138) line 1840 + 96
bytes
js_GC(JSContext * 0x004f0e70, unsigned int 5) line 1311 + 11 bytes
js_AllocGCThing(JSContext * 0x004f0e70, unsigned int 1) line 523 + 11 bytes
js_NewString(JSContext * 0x004f0e70, unsigned short * 0x05052f80, unsigned int
21, unsigned int 0) line 2418 + 16 bytes
JS_NewStringCopyZ(JSContext * 0x004f0e70, const char * 0x01043ba1) line 3542 +
19 bytes
nsXPCComponents_Interfaces::NewEnumerate(nsXPCComponents_Interfaces * const
0x00508d84, nsIXPConnectWrappedNative * 0x00508ba0, JSContext * 0x004f0e70,
JSObject * 0x0108edc0, unsigned int 1, long * 0x0012ed34, long * 0x0012ecc8, int
* 0x0012e508) line 195 + 56 bytes
XPC_WN_JSOp_Enumerate(JSContext * 0x004f0e70, JSObject * 0x0108edc0, JSIterateOp
JSENUMERATE_NEXT, long * 0x0012ed34, long * 0x0012ecc8) line 1058 + 66 bytes
js_Interpret(JSContext * 0x004f0e70, long * 0x0012fe50) line 1775 + 38 bytes
js_Execute(JSContext * 0x004f0e70, JSObject * 0x0108e4c0, JSScript * 0x00503560,
JSStackFrame * 0x00000000, unsigned int 0, long * 0x0012fe50) line 1020 + 13 bytes
JS_ExecuteScript(JSContext * 0x004f0e70, JSObject * 0x0108e4c0, JSScript *
0x00503560, long * 0x0012fe50) line 3277 + 25 bytes
Process(JSContext * 0x004f0e70, JSObject * 0x0108e4c0, char * 0x004a46c5, _iobuf
* 0x00000000) line 479 + 22 bytes
ProcessArgs(JSContext * 0x004f0e70, JSObject * 0x0108e4c0, char * * 0x004a46b4,
int 1) line 655 + 33 bytes
main(int 1, char * * 0x004a46b4) line 912 + 21 bytes
mainCRTStartup() line 338 + 17 bytes
Attachment #106812 -
Flags: superreview?(bzbarsky)
Attachment #106812 -
Flags: review?(morse)
|
||
Comment 2•23 years ago
|
||
Comment on attachment 106812 [details] [diff] [review]
patch
Why is this using nsCRT::free? As far as I can tell, the pointer is always
allocated via PL_strdup, so you should be using PL_strfree.
Why does the no-arguments constructor even exist? It serves no purpose and is
not calle. Further, it is not really usable because nsPermission has no
setters. Just remove it.
Attachment #106812 -
Flags: superreview?(bzbarsky) → superreview-
|
|
||
Comment 3•23 years ago
|
||
Comment on attachment 106812 [details] [diff] [review]
patch
I agree with Boris' comments
Attachment #106812 -
Flags: review?(morse) → review+
|
|
||
Comment 4•22 years ago
|
||
mvl: this bug might interest you.
|
|
||
Comment 5•22 years ago
|
||
darin: if you SR mvl's phase 1 patch before 1.4a, we can cvs remove all these
nasty nasty bugs in one fell swoop :)
even dougt's nsIFile crasher can be cvs removed!
so what do you think? :)
i checked in the patch w/ PL_strfree r+sr=darin
Status: NEW → RESOLVED
Closed: 22 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•