Closed
Bug 337101
Opened 19 years ago
Closed 19 years ago
Coverity Crash [@ nssPKIObject_Destroy - nssSMIMEProfile_Create] Variable "object" tracked as NULL was passed to a function that dereferences it.
Categories
(NSS :: Libraries, defect, P2)
Tracking
(Not tracked)
RESOLVED
FIXED
3.11.2
People
(Reporter: timeless, Assigned: nelson)
References
()
Details
(Keywords: coverity, crash, Whiteboard: CID 305)
Crash Data
Attachments
(1 file, 1 obsolete file)
|
750 bytes,
patch
|
alvolkov.bgs
:
review+
|
Details | Diff | Splinter Review |
|
Assignee | |
Updated•19 years ago
|
Hardware: PC → All
Target Milestone: --- → 3.11.2
|
|
Assignee | |
Updated•19 years ago
|
Priority: -- → P2
|
|
Assignee | |
Comment 1•19 years ago
|
||
There are two problems here, both in nssSMIMEProfile_Create(), at about
line 913, if nssPKIObject_Create() returns NULL.
1. arena is leaked.
2. It goes to label loser, where nssPKIObject_Destroy is called with NULL,
which crashes.
Assignee: nobody → nelson
|
|
Assignee | |
Comment 2•19 years ago
|
||
Alexei.please review
Attachment #222470 -
Flags: review?(alexei.volkov.bugs)
|
|
||
Comment 3•19 years ago
|
||
Comment on attachment 222470 [details] [diff] [review]
plug leak, don't crash, v1
if object was created, arena will be destroyed as a part of the destruction process of object. New changes will create double free for arena.
Attachment #222470 -
Flags: review?(alexei.volkov.bugs) → review-
|
|
Assignee | |
Comment 4•19 years ago
|
||
Good catch Alexei. Thanks. Is this better?
Attachment #222543 -
Flags: review?(alexei.volkov.bugs)
|
|
||
Comment 5•19 years ago
|
||
Comment on attachment 222543 [details] [diff] [review]
patch v2
looks good!
Attachment #222543 -
Flags: review?(alexei.volkov.bugs) → review+
|
|
Assignee | |
Comment 6•19 years ago
|
||
Comment on attachment 222470 [details] [diff] [review]
plug leak, don't crash, v1
obsoleting old patch.
Attachment #222470 -
Attachment is obsolete: true
|
|
Assignee | |
Comment 7•19 years ago
|
||
pki/certificate.c; new revision: 1.58; previous revision: 1.57
pki/certificate.c; new revision: 1.56.2.2; previous revision: 1.56.2.1
Status: NEW → RESOLVED
Closed: 19 years ago
Resolution: --- → FIXED
|
|
||
Updated•19 years ago
|
Summary: Crash [@ nssPKIObject_Destroy - nssSMIMEProfile_Create] Variable "object" tracked as NULL was passed to a function that dereferences it. → Coverity Crash [@ nssPKIObject_Destroy - nssSMIMEProfile_Create] Variable "object" tracked as NULL was passed to a function that dereferences it.
|
||
Updated•14 years ago
|
Crash Signature: [@ nssPKIObject_Destroy - nssSMIMEProfile_Create]
You need to log in
before you can comment on or make changes to this bug.
Description
•