Last Comment Bug 334236 - double free in PK11_ListPrivKeysInSlot if keys allocation fails
: double free in PK11_ListPrivKeysInSlot if keys allocation fails
Status: RESOLVED FIXED
[CID 311 310]
: coverity, fixed1.8.0.10, fixed1.8.1.1
Product: NSS
Classification: Components
Component: Libraries (show other bugs)
: 3.11
: All Linux
: P2 critical (vote)
: 3.11.1
Assigned To: Alexei Volkov
:
Mentors:
http://bonsai.mozilla.org/cvsblame.cg...
: 337097 (view as bug list)
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2006-04-16 08:10 PDT by timeless
Modified: 2007-03-23 00:52 PDT (History)
3 users (show)
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---


Attachments
fix (886 bytes, patch)
2006-04-20 10:58 PDT, Alexei Volkov
nelson: review+
Details | Diff | Splinter Review

Description timeless 2006-04-16 08:10:50 PDT
found by coverity
Comment 1 Alexei Volkov 2006-04-20 10:58:49 PDT
Created attachment 219166 [details] [diff] [review]
fix

The code would crash even before second PORT_Free(key_ids) in case when objCount is grater 0, and keys is not allocated.
Comment 2 Nelson Bolyard (seldom reads bugmail) 2006-04-20 23:33:10 PDT
Comment on attachment 219166 [details] [diff] [review]
fix

r=nelson

As with all these Coverity bugs, please fix on both trunk and 3.11 branch, and add the checkin messages (showing old and new revision numbers) to this bug.
Comment 3 Alexei Volkov 2006-04-21 17:56:08 PDT
tip:
/cvsroot/mozilla/security/nss/lib/pk11wrap/pk11akey.c,v  <--  pk11akey.c
new revision: 1.12; previous revision: 1.11

3.11 branch:
/cvsroot/mozilla/security/nss/lib/pk11wrap/pk11akey.c,v  <--  pk11akey.c
new revision: 1.9.2.2; previous revision: 1.9.2.1
Comment 4 Nelson Bolyard (seldom reads bugmail) 2006-05-15 15:43:12 PDT
*** Bug 337097 has been marked as a duplicate of this bug. ***
Comment 5 Nelson Bolyard (seldom reads bugmail) 2006-06-10 19:00:32 PDT
CID 311
Comment 6 chris hofmann 2007-03-22 15:14:28 PDT
should this fix get picked up for the 2.0.0.4 firefox release?

Note You need to log in before you can comment on or make changes to this bug.