Closed Bug 334186 Opened 14 years ago Closed 14 years ago

AsyncOpenExclusive returns freed value

Categories

(Toolkit :: Storage, defect, critical)

1.8 Branch
defect
Not set
critical

Tracking

()

RESOLVED FIXED
mozilla1.8.1alpha2

People

(Reporter: timeless, Assigned: rflint)

References

(Blocks 1 open bug, )

Details

(Keywords: coverity, crash, fixed1.8.1)

Attachments

(1 file)

777  	    *aFile = nsnull;
should read:
777  	    osfile = nsnull;

then this problem wouldn't happen :)
Assignee: brettw → rflint
Status: NEW → ASSIGNED
Attachment #218571 - Flags: first-review?(brettw)
Depending on what is done with this dangling pointer and what conditions are required for taking the if-branch, this might be a security hole.
Flags: blocking-firefox2?
Whiteboard: [sg:investigate]
Attachment #218571 - Flags: first-review?(brettw) → first-review+
Note: I'm pretty sure this is not a security hole. This condition is only triggered when there is a local filesystem error.
Whiteboard: [sg:investigate] → [sg:investigate][checkin needed]
mozilla/storage/src/mozStorageAsyncIO.cpp 	1.10
Status: ASSIGNED → RESOLVED
Closed: 14 years ago
OS: Linux → All
Hardware: PC → All
Resolution: --- → FIXED
Whiteboard: [sg:investigate][checkin needed] → [sg:investigate]
Target Milestone: --- → mozilla1.8.1alpha2
Version: unspecified → 1.8 Branch
Attachment #218571 - Flags: approval-branch-1.8.1?(vladimir)
Attachment #218571 - Flags: approval-branch-1.8.1?(vladimir) → approval-branch-1.8.1+
mozilla/storage/src/mozStorageAsyncIO.cpp 	1.1.2.10
Flags: blocking-firefox2?
Keywords: fixed1.8.1
Whiteboard: [sg:investigate]
You need to log in before you can comment on or make changes to this bug.