335301 - Null pointer dereference in |PR_OpenDir| (pr/src/pthreads/ptio.c)

Status: RESOLVED FIXED

(NSPR :: NSPR, defect)

Description

[Kenneth Herron]

This was found through a coverity scan of the firefox source code. Please refer to the sample URL.

|PR_OpenDir| calls |PR_NEWZAP| to allocate a PRDir structure. |PR_NEWZAP| wraps |PR_Calloc|, which may call |calloc|, which may return NULL. |PR_OpenDir| then dereferences the pointer returned from |PR_NEWZAP| without testing it for NULL.

Comment 1

[Ryan Jones-Ward [:sciguyryan]]

Attachment: Patch v1

Only preform |dir->md.d = osdir| if |dir| is not null. Seeing as as |PR_OpenDir| can already return null (and thus any use should check for a null return) it should be OK to just skip and return a null for |dir|.

Comment 2

[Wan-Teh Chang]

Comment on attachment 242199 [details] [diff] [review]
Patch v1

Thanks for the patch.  Please add a
closedir(osdir) call if dir is NULL.

Comment 3

[Ryan Jones-Ward [:sciguyryan]]

Attachment: Patch v2

Updated patch to Wan-Teh Chang's comment. Added |closedir(osdir)| if |dir| is null.

Comment 4

[:Gavin Sharp [email: gavin@gavinsharp.com]]

I can't check this patch in, because NSPR is a restricted partition. Wtc, could you check the patch in on the trunk and any appropriate branches?

Comment 5

[Wan-Teh Chang]

Attachment: Patch as checked in

I checked in the patch (with a (void) cast to indicate
that we know we are ignoring the return value of closedir)
on the NSPR trunk (NSPR 4.7) and the NSPRPUB_PRE_4_2_CLIENT_BRANCH
(Mozilla 1.9 alpha).

Checking in ptio.c;
/cvsroot/mozilla/nsprpub/pr/src/pthreads/ptio.c,v  <--  ptio.c
new revision: 3.105; previous revision: 3.104
done

Checking in ptio.c;
/cvsroot/mozilla/nsprpub/pr/src/pthreads/ptio.c,v  <--  ptio.c
new revision: 3.71.2.26; previous revision: 3.71.2.25
done