Closed Bug 336192 Opened 19 years ago Closed 12 years ago

Mishandling of out-of-memory in profile/src/nsProfileAccess.cpp

Categories

(Core Graveyard :: Profile: BackEnd, defect)

defect
Not set
normal

Tracking

(Not tracked)

RESOLVED INCOMPLETE

People

(Reporter: vda, Unassigned)

Details

User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8) Gecko/20060320 Firefox/1.5 Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8) Gecko/20060320 Firefox/1.5 Constructor initializes mProfiles with new nsVoidArray, but never checks for NULL. nsProfileAccess::nsProfileAccess() { mProfileDataChanged = PR_FALSE; mForgetProfileCalled = PR_FALSE; m4xProfilesAdded = PR_FALSE; mStartWithLastProfile = PR_FALSE; mProfiles = new nsVoidArray(); ... However, looks like some member functions assume that mProfiles cannot be NULL: PRInt32 nsProfileAccess::FindProfileIndex(const PRUnichar* profileName, PRBool forImport) { NS_ASSERTION(profileName, "Invalid profile name"); PRInt32 retval = -1; PRInt32 index, numElems = mProfiles->Count(); ... Destructor doesn't expect mProfiles == NULL either: // On the way out, close the registry if it is // still opened and free up the resources. nsProfileAccess::~nsProfileAccess() { // Release all resources. mNewRegFile = nsnull; FreeProfileMembers(mProfiles); } // Free up the member profile structs void nsProfileAccess::FreeProfileMembers(nsVoidArray *profiles) { NS_ASSERTION(profiles, "Invalid profiles"); PRInt32 index = 0; PRInt32 numElems = profiles->Count(); ... Reproducible: Always
Component: General → Profile: BackEnd
Product: Firefox → Core
QA Contact: general → profile-manager-backend
Version: unspecified → Trunk
Code is gone.
Status: UNCONFIRMED → RESOLVED
Closed: 12 years ago
Resolution: --- → INCOMPLETE
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.