Closed Bug 235745 Opened 20 years ago Closed 20 years ago

Possible leak or crash in nsStorageStream

Categories

(Core :: XPCOM, defect)

Product:
Core
Component:
XPCOM
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: nsayer, Assigned: nsayer)

Details

Attachments

(1 file)

Proposed patch
790 bytes, patch
darin.moz
: review+
darin.moz
: superreview+
Details | Diff | Splinter Review 
User-Agent:       
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6) Gecko/20040113

It is conceivable that since the return value of nsStorageStream->Init() is not
being checked that an uninitialized nsStorageStream could be returned.

Reproducible: Didn't try
Steps to Reproduce:




See patch
Attached patch Proposed patchSplinter Review 

    
  
Assignee: wchang0222 → dougt
Component: NSPR → XPCOM
Product: NSPR → Browser
Version: other → Trunk

    
  
QA Contact: wchang0222 → dougt

    
    

    
  
Comment on attachment 142358 [details] [diff] [review]
Proposed patch

>Index: io/nsStorageStream.cpp

>     nsStorageStream* storageStream = new nsStorageStream();
>     if (!storageStream) return NS_ERROR_OUT_OF_MEMORY;
>     
>+    nsresult rv = storageStream->Init(segmentSize, maxSize);
>     NS_ADDREF(storageStream);
>+    if (NS_FAILED(rv)) {
>+        NS_RELEASE(storageStream);
>+        return rv;
>+    }
>     *result = storageStream;
>     return NS_OK;
>+}

move the NS_ADDREF above the Init call.  that way, if Init ever changes
such that it needs to call AddRef/Release/QI on |this|, we won't get in
trouble.

r+sr=darin with that.

        Attachment #142358 -
        Flags: superreview+

        Attachment #142358 -
        Flags: review+

    
  
Assignee: dougt → nsayer

    
    

    
  
mozilla/xpcom/io/nsStorageStream.cpp 	1.26
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago
Resolution: --- → FIXED

          You need to log in
          before you can comment on or make changes to this bug.