NULL pointer dereference in PR_LoadStaticLibrary (pr/src/linking/prlink.c)

RESOLVED FIXED in 4.7

Status

defect
RESOLVED FIXED
14 years ago
14 years ago

People

(Reporter: kherron+mozilla, Assigned: wtc)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

()

Attachments

(1 attachment)

Reporter

Description

14 years ago
This was found through a coverity scan. See <http://scan.coverity.com/>.

Please refer to the sample URL. At line 1577, a variable |lm| is defined and initialized to NULL. At line 1590, a failure from |pr_UnlockedFindLibrary| causes a jump to the label |unlock|. Alternately, at line 1595 a failure from |PR_NEWZAP| (which is a wrapper around |calloc|) also causes a jump to |unlock|. In both cases, |lm| is still NULL. Following the |unlock| label is a |PR_LOG| call which dereferences |lm|.
Assignee

Comment 1

14 years ago
Thanks for the bug report.  There are many ways to fix this
bug.  I wrote this patch by emulating what we do at the end
of pr_LoadLibraryByPathname, which is called by PR_LoadLibrary
and PR_LoadLibraryWithFlags.

Kenneth, could you verify this fix with a coverity scan?
Attachment #214929 - Flags: review?(gavin.sharp)
Reporter

Comment 2

14 years ago
(In reply to comment #1)
> Kenneth, could you verify this fix with a coverity scan?

Unfortunately, I don't think we have that much control over the process. Coverity is doing these scans on its own after presumably pulling source from CVS, then giving us access to the problems that it finds. If a fix is checked into the mozilla tree, I expect coverity will eventually rescan that file and flag any new problems.

For what it's worth, the patch looks fine to me.

Comment on attachment 214929 [details] [diff] [review]
Proposed patch

I think you meant to request this from Kenneth.
Attachment #214929 - Flags: review?(gavin.sharp)
Assignee

Comment 4

14 years ago
Comment on attachment 214929 [details] [diff] [review]
Proposed patch

Gavin, I meant to ask you to review the patch because of
your interest in NSPR bugs.
Comment on attachment 214929 [details] [diff] [review]
Proposed patch

Ah, I see. r=me, for what it's worth :).
Attachment #214929 - Flags: review+
Assignee

Comment 6

14 years ago
Kenneth, Gavin, thanks for the code review.  I checked in the
patch on the NSPR trunk (NSPR 4.7) and the NSPRPUB_PRE_4_2_CLIENT_BRANCH
(Mozilla 1.9 alpha).  Since this function is not used by any
Mozilla clients, it's not necessary to carry the fix back to
any Mozilla branches.

Checking in prlink.c;
/cvsroot/mozilla/nsprpub/pr/src/linking/prlink.c,v  <--  prlink.c
new revision: 3.87; previous revision: 3.86
done

Checking in prlink.c;
/cvsroot/mozilla/nsprpub/pr/src/linking/prlink.c,v  <--  prlink.c
new revision: 3.51.2.32; previous revision: 3.51.2.31
done
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
Target Milestone: --- → 4.7
You need to log in before you can comment on or make changes to this bug.