Closed Bug 334186 Opened 19 years ago Closed 19 years ago

AsyncOpenExclusive returns freed value

Categories

(Core :: SQLite and Embedded Database Bindings, defect)

Product:
Core
Component:
SQLite and Embedded Database Bindings
Version:
1.8 Branch
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla1.8.1alpha2

People

(Reporter: timeless, Assigned: rflint)

References

(Blocks 1 open bug,
URL
)

Details

(Keywords: coverity, crash, fixed1.8.1)

Attachments

(1 file)

Change *aFile to osfile
799 bytes, patch
vlad
: approval-branch-1.8.1+
Details | Diff | Splinter Review
777 *aFile = nsnull; should read: 777 osfile = nsnull; then this problem wouldn't happen :)
Assignee: brettw → rflint
Status: NEW → ASSIGNED
Attachment #218571 - Flags: first-review?(brettw)
Depending on what is done with this dangling pointer and what conditions are required for taking the if-branch, this might be a security hole.
Flags: blocking-firefox2?
Whiteboard: [sg:investigate]
Attachment #218571 - Flags: first-review?(brettw) → first-review+
Note: I'm pretty sure this is not a security hole. This condition is only triggered when there is a local filesystem error.
Whiteboard: [sg:investigate] → [sg:investigate][checkin needed]
mozilla/storage/src/mozStorageAsyncIO.cpp 1.10
Status: ASSIGNED → RESOLVED
Closed: 19 years ago
OS: Linux → All
Hardware: PC → All
Resolution: --- → FIXED
Whiteboard: [sg:investigate][checkin needed] → [sg:investigate]
Target Milestone: --- → mozilla1.8.1alpha2
Version: unspecified → 1.8 Branch
Attachment #218571 - Flags: approval-branch-1.8.1?(vladimir)
Attachment #218571 - Flags: approval-branch-1.8.1?(vladimir) → approval-branch-1.8.1+
mozilla/storage/src/mozStorageAsyncIO.cpp 1.1.2.10
Flags: blocking-firefox2?
Keywords: fixed1.8.1
Whiteboard: [sg:investigate]
Product: Toolkit → Core
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: