Closed
Bug 334458
Opened 19 years ago
Closed 19 years ago
Variable "(cache)->sharedCache" tracked as NULL was passed to a function that dereferences it. [@ CloseCache - InitCache]
Categories
(NSS :: Libraries, defect, P2)
Tracking
(Not tracked)
RESOLVED
FIXED
3.11.3
People
(Reporter: timeless, Assigned: alvolkov.bgs)
References
()
Details
(Keywords: coverity, crash, Whiteboard: [CID 203])
Crash Data
Attachments
(1 file)
|
1.94 KB,
patch
|
nelson
:
review+
|
Details | Diff | Splinter Review |
found by coverity
|
||
Updated•19 years ago
|
Target Milestone: --- → 3.11.1
|
|
||
Updated•19 years ago
|
Priority: -- → P2
Hardware: PC → All
|
|
Assignee | |
Comment 1•19 years ago
|
||
Does not look like a bug to me.
sharedCache and cacheMem both get assigned to NULL/0 in the beginning of InitCache function.
939 cache->shared = shared;
940 cache->cacheMem = cacheMem = NULL;
941 cache->cacheMemMap = cacheMemMap = NULL;
942 cache->sharedCache = (cacheDesc *)0;
Later in the same function, both variable get set to cacheMem, but only after cacheMem allocation is successful.
1071 cache->cacheMem = cacheMem;
1072 cache->sharedCache = (cacheDesc *)cacheMem;
Therefore it is sufficient to verify that cacheMem is not NULL to proceed with
dereferencing of sharedCache in function CloseCash.
|
|
Assignee | |
Updated•19 years ago
|
Status: NEW → RESOLVED
Closed: 19 years ago
Resolution: --- → INVALID
|
|
||
Comment 2•19 years ago
|
||
In this function, there are some lines of code that look like this:
cfn = PR_smprintf( ...
PR_smprintf allocates the memory it returns.
If it fails to allocate that memory (out of memory),
then the code below it goes to loser
with (cache)->sharedCache still NULL.
Status: RESOLVED → REOPENED
Resolution: INVALID → ---
|
|
||
Updated•19 years ago
|
Assignee: nobody → alexei.volkov.bugs
Status: REOPENED → NEW
Target Milestone: 3.11.1 → 3.11.2
|
|
Assignee | |
Comment 5•19 years ago
|
||
Attachment #226831 -
Flags: review?(nelson)
|
|
||
Comment 6•19 years ago
|
||
Comment on attachment 226831 [details] [diff] [review]
fix
r=nelson
Attachment #226831 -
Flags: review?(nelson) → review+
|
|
Assignee | |
Comment 7•19 years ago
|
||
tip:
new revision: 1.38; previous revision: 1.37
3.11 branch:
new revision: 1.36.2.2; previous revision: 1.36.2.1
Assignee: alexei.volkov.bugs → nobody
|
|
Assignee | |
Comment 8•19 years ago
|
||
tip:
new revision: 1.38; previous revision: 1.37
3.11 branch:
new revision: 1.36.2.2; previous revision: 1.36.2.1
Assignee: nobody → alexei.volkov.bugs
|
|
Assignee | |
Updated•19 years ago
|
Status: NEW → RESOLVED
Closed: 19 years ago → 19 years ago
Resolution: --- → FIXED
|
||
Updated•14 years ago
|
Crash Signature: [@ CloseCache - InitCache]
You need to log in
before you can comment on or make changes to this bug.
Description
•