Last Comment Bug 334240 - double free in nsslowkey_ConvertToPublicKey if SECITEM_CopyItem or SECITEM_CopyItem fail
: double free in nsslowkey_ConvertToPublicKey if SECITEM_CopyItem or SECITEM_Co...
Status: RESOLVED FIXED
CID 500
: coverity, fixed1.8.0.10, fixed1.8.1.1
Product: NSS
Classification: Components
Component: Libraries (show other bugs)
: 3.11
: All Linux
: P2 critical (vote)
: 3.11.1
Assigned To: Alexei Volkov
:
:
Mentors:
http://bonsai.mozilla.org/cvsblame.cg...
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2006-04-16 08:31 PDT by timeless
Modified: 2007-03-23 00:53 PDT (History)
3 users (show)
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---


Attachments
fix (952 bytes, patch)
2006-04-20 11:08 PDT, Alexei Volkov
nelson: review+
Details | Diff | Splinter Review

Description timeless 2006-04-16 08:31:53 PDT
PORT_FreeArena
nsslowkey_DestroyPublicKey 
nsslowkey_ConvertToPublicKey

PORT_FreeArena
nsslowkey_ConvertToPublicKey
Comment 1 Alexei Volkov 2006-04-20 11:08:17 PDT
Created attachment 219167 [details] [diff] [review]
fix

remove nsslowkey_DestroyPublicKey (pubk) and make arena(and the pubkey) to be freed at the and of the function.
Comment 2 Nelson Bolyard (seldom reads bugmail) 2006-04-20 23:36:26 PDT
Comment on attachment 219167 [details] [diff] [review]
fix

r=nelson
Comment 3 Alexei Volkov 2006-04-21 18:00:09 PDT
tip:
/cvsroot/mozilla/security/nss/lib/softoken/lowkey.c,v  <--  lowkey.c
new revision: 1.7; previous revision: 1.6

3.11 branch:
/cvsroot/mozilla/security/nss/lib/softoken/lowkey.c,v  <--  lowkey.c
new revision: 1.6.30.1; previous revision: 1.6

Comment 4 Nelson Bolyard (seldom reads bugmail) 2006-06-10 19:02:43 PDT
CID 500
Comment 5 chris hofmann 2007-03-22 15:15:17 PDT
should this fix get picked up for the 2.0.0.4 firefox release?

Note You need to log in before you can comment on or make changes to this bug.