Closed
Bug 320520
Opened 19 years ago
Closed 19 years ago
js_ExpandErrorArguments(): jschar* arguments are not malloc'ed
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
VERIFIED
INVALID
People
(Reporter: daumling, Unassigned)
Details
The JSErrorReport filled in by js_ExpandErrorArguments() expects all of its members to be allocated on the heap. If the arguments to the errors are jschar*, the pointers to the strings are copied instead of a copy being created. This leads to double free's, because callers of js_ExpandErrorArguments() free the report elements (in this case, report.messageArgs and its elements).
Reporter | ||
Updated•19 years ago
|
Status: NEW → ASSIGNED
Reporter | ||
Comment 1•19 years ago
|
||
Sorry, my fault - I should have read the sources more carefully. This bugs is invalid.
Status: ASSIGNED → RESOLVED
Closed: 19 years ago
Resolution: --- → INVALID
Comment 2•19 years ago
|
||
For the record I tried auditing all users of js_ExpandErrorArguments when I wrote the patch for bug 319264.
Status: RESOLVED → VERIFIED
You need to log in
before you can comment on or make changes to this bug.
Description
•