Closed Bug 334541 Opened 14 years ago Closed 13 years ago
Use after free in XPCOM testcase
in TestHashtables.cpp IFoo::Release references its refcount_ member after deleting 'this'. Found by coverity
Looking for trivial r/sr
I think this patch changes the behavior when wrap_message is true, by making it skip a printf. I don't understand what the code is trying to accomplish or why wrap_message is a different test than !refcount_, though.
Comment on attachment 218891 [details] [diff] [review] TestCOMPtr.cpp has the same problem (combined patch) You would just be introducing another coverity warning, I think... it seems like if (!refcount_) and if (wrap_message) are the exact same test. The easy way out is to store int stored_refcount = --refcount_ and return that.
> if (!refcount_) and if (wrap_message) are the exact same test. Not quite: refcount_ is a member, wrap_message is safely on the stack. This version keeps us from dropping the closing wrap message.
/cvsroot/mozilla/xpcom/tests/TestCOMPtr.cpp,v <-- TestCOMPtr.cpp new revision: 1.29; previous revision: 1.28 /cvsroot/mozilla/xpcom/tests/TestHashtables.cpp,v <-- TestHashtables.cpp new revision: 1.9; previous revision: 1.8
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.