Memory leak in _MD_OpenSharedMemory (nsprpub/pr/src/md/unix/uxshm.c)

RESOLVED FIXED in 4.7

Status

NSPR
NSPR
--
minor
RESOLVED FIXED
12 years ago
11 years ago

People

(Reporter: Kenneth Herron, Assigned: Wan-Teh Chang)

Tracking

({coverity})

other
All
Linux
coverity

Firefox Tracking Flags

(Not tracked)

Details

(URL)

Attachments

(1 attachment)

(Reporter)

Description

12 years ago
This is coverity CID 902. Please see the sample URL. If the allocation at line 100 fails, the allocation at line 92 is leaked.
Created attachment 237543 [details] [diff] [review]
Patch v1

Call PR_DELETE( shm ) before returning NULL in case of a failed malloc for shm->ipcname.
Attachment #237543 - Flags: review?(wtchang)
(Assignee)

Comment 2

11 years ago
Comment on attachment 237543 [details] [diff] [review]
Patch v1

r=wtc.  Thanks for the patch.

You can use PR_Free instead of PR_DELETE here.
PR_DELETE is a macro that not only calls PR_Free
but also sets its argument to NULL.  (See
http://lxr.mozilla.org/nspr/ident?i=PR_DELETE)
Since 'shm' is a local variable that is going out
of scope here, it's not necessary to set 'shm' to
NULL after freeing.
Attachment #237543 - Flags: review?(wtchang) → review+
(Assignee)

Comment 3

11 years ago
I found that in that function we already use PR_DELETE to free 'shm'.
So it's fine to be consistent.

I checked in the patch on the NSPR trunk (NSPR 4.7) and the
NSPRPUB_PRE_4_2_CLIENT_BRANCH (Mozilla 1.9 alpha).

Checking in uxshm.c;
/cvsroot/mozilla/nsprpub/pr/src/md/unix/uxshm.c,v  <--  uxshm.c
new revision: 3.12; previous revision: 3.11
done

Bugzilla Bug 337637: fixed a memory leak on error in _MD_OpenSharedMemory.
The patch is contributed by Bruno 'Aqualon' Escherl  <aqualon@aquachan.de>.
r=wtc.
Status: NEW → RESOLVED
Last Resolved: 11 years ago
Resolution: --- → FIXED
Target Milestone: --- → 4.7
(Assignee)

Comment 4

11 years ago
Checking in uxshm.c;
/cvsroot/mozilla/nsprpub/pr/src/md/unix/uxshm.c,v  <--  uxshm.c
new revision: 3.7.4.5; previous revision: 3.7.4.4
done
You need to log in before you can comment on or make changes to this bug.