Closed Bug 339913 Opened 18 years ago Closed 18 years ago

Coverity OOM leak in sec_asn1d_add_to_subitems

Categories

(NSS :: Libraries, defect, P2)

Product:
NSS
Component:
Libraries
Version:
3.11.1
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED FIXED
Milestone:
3.11.2

People

(Reporter: nelson, Assigned: nelson)

Details

(Keywords: coverity, memory-leak, Whiteboard: CID 296)

Attachments

(1 file)

patch v1
1.17 KB, patch
alvolkov.bgs
: review+
Details | Diff | Splinter Review
Coverity CID 296. In file nss/lib/util/secasn1d.c, in function sec_asn1d_add_to_subitems, if sec_asn1d_alloc gets assigned NULL (returned by sec_asn1d_alloc()), then the function returns without freeing "thing".
Priority: -- → P2
Target Milestone: --- → 3.11.2
I surely mistyped that description. I meant that if "thing" gets allocated, but then "copy" does not (gets NUL), the funtion returns without freeing "thing". That's what CID 296 reports. I think the writer of this function assumed that state->top->our_pool would always be non-NULL, but we know that is not always true, and that the decoder is sometimes used without an arenapool. So, the correct code should free "thing" if "copy" is NULL, AND state->top->our_pool is NULL.
Attached patch patch v1Splinter Review
Attachment #224826 - Flags: review?(alexei.volkov.bugs)
Comment on attachment 224826 [details] [diff] [review] patch v1 r=alexei
Attachment #224826 - Flags: review?(alexei.volkov.bugs) → review+
Fix leak in sec_asn1d_add_to_subitems. Bug 339913. r=alexei.volkov Checking in secasn1d.c; new revision: 1.33.28.2; previous revision: 1.33.28.1 Checking in secasn1d.c; new revision: 1.35; previous revision: 1.34
Status: NEW → RESOLVED
Closed: 18 years ago
Resolution: --- → FIXED
Whiteboard: CID 296
Summary: OOM leak in sec_asn1d_add_to_subitems → Coverity OOM leak in sec_asn1d_add_to_subitems
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: