This was found through a coverity scan. See <http://scan.coverity.com/>. Please refer to the sample URL. At line 1577, a variable |lm| is defined and initialized to NULL. At line 1590, a failure from |pr_UnlockedFindLibrary| causes a jump to the label |unlock|. Alternately, at line 1595 a failure from |PR_NEWZAP| (which is a wrapper around |calloc|) also causes a jump to |unlock|. In both cases, |lm| is still NULL. Following the |unlock| label is a |PR_LOG| call which dereferences |lm|.
Thanks for the bug report. There are many ways to fix this bug. I wrote this patch by emulating what we do at the end of pr_LoadLibraryByPathname, which is called by PR_LoadLibrary and PR_LoadLibraryWithFlags. Kenneth, could you verify this fix with a coverity scan?
(In reply to comment #1) > Kenneth, could you verify this fix with a coverity scan? Unfortunately, I don't think we have that much control over the process. Coverity is doing these scans on its own after presumably pulling source from CVS, then giving us access to the problems that it finds. If a fix is checked into the mozilla tree, I expect coverity will eventually rescan that file and flag any new problems. For what it's worth, the patch looks fine to me.
Comment on attachment 214929 [details] [diff] [review] Proposed patch I think you meant to request this from Kenneth.
Comment on attachment 214929 [details] [diff] [review] Proposed patch Gavin, I meant to ask you to review the patch because of your interest in NSPR bugs.
Comment on attachment 214929 [details] [diff] [review] Proposed patch Ah, I see. r=me, for what it's worth :).
Attachment #214929 - Flags: review+
Kenneth, Gavin, thanks for the code review. I checked in the patch on the NSPR trunk (NSPR 4.7) and the NSPRPUB_PRE_4_2_CLIENT_BRANCH (Mozilla 1.9 alpha). Since this function is not used by any Mozilla clients, it's not necessary to carry the fix back to any Mozilla branches. Checking in prlink.c; /cvsroot/mozilla/nsprpub/pr/src/linking/prlink.c,v <-- prlink.c new revision: 3.87; previous revision: 3.86 done Checking in prlink.c; /cvsroot/mozilla/nsprpub/pr/src/linking/prlink.c,v <-- prlink.c new revision: 184.108.40.206; previous revision: 220.127.116.11 done
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
Target Milestone: --- → 4.7
You need to log in before you can comment on or make changes to this bug.