This was found through a coverity scan of the firefox source code. Please refer to the sample URL. |PR_OpenDir| calls |PR_NEWZAP| to allocate a PRDir structure. |PR_NEWZAP| wraps |PR_Calloc|, which may call |calloc|, which may return NULL. |PR_OpenDir| then dereferences the pointer returned from |PR_NEWZAP| without testing it for NULL.
Created attachment 242199 [details] [diff] [review] Patch v1 Only preform |dir->md.d = osdir| if |dir| is not null. Seeing as as |PR_OpenDir| can already return null (and thus any use should check for a null return) it should be OK to just skip and return a null for |dir|.
Comment on attachment 242199 [details] [diff] [review] Patch v1 Thanks for the patch. Please add a closedir(osdir) call if dir is NULL.
Created attachment 242203 [details] [diff] [review] Patch v2 Updated patch to Wan-Teh Chang's comment. Added |closedir(osdir)| if |dir| is null.
I can't check this patch in, because NSPR is a restricted partition. Wtc, could you check the patch in on the trunk and any appropriate branches?
Created attachment 242521 [details] [diff] [review] Patch as checked in I checked in the patch (with a (void) cast to indicate that we know we are ignoring the return value of closedir) on the NSPR trunk (NSPR 4.7) and the NSPRPUB_PRE_4_2_CLIENT_BRANCH (Mozilla 1.9 alpha). Checking in ptio.c; /cvsroot/mozilla/nsprpub/pr/src/pthreads/ptio.c,v <-- ptio.c new revision: 3.105; previous revision: 3.104 done Checking in ptio.c; /cvsroot/mozilla/nsprpub/pr/src/pthreads/ptio.c,v <-- ptio.c new revision: 18.104.22.168; previous revision: 22.214.171.124 done
Attachment #242203 - Attachment is obsolete: true
Status: ASSIGNED → RESOLVED
Last Resolved: 12 years ago
Resolution: --- → FIXED
Whiteboard: [checkin needed]
Target Milestone: --- → 4.7
You need to log in before you can comment on or make changes to this bug.