Closed Bug 339916 Opened 15 years ago Closed 15 years ago

Coverity 464, leak after OOM in CERT_DistNamesFromNicknames

Categories

(NSS :: Libraries, defect, P2)

3.11.1
defect

Tracking

(Not tracked)

RESOLVED FIXED
3.11.2

People

(Reporter: nelson, Assigned: nelson)

Details

(Keywords: coverity, memory-leak)

Attachments

(1 file)

In CERT_DistNamesFromNicknames (file nss/lib/certhigh/certhigh.c )
after allocating "dnames", if the allocation of "names" gets NULL,
we leak dnames.

One question to investigate while working on this: 
Is this function dead code?  
If so, the solution is to remove it.
Priority: -- → P2
Target Milestone: --- → 3.11.2
This problem is much worse than Coverity indicated. 
All the things allocated in CERT_DistNamesFromNicknames are supposed to 
be part of the CERTDistNames object it returns, and are supposed to be
allocated from its one arenapool.  

When this object is destroyed, function CERT_FreeDistNames merely frees
the arena.   All the parts of the object are supposed to go away when 
that happens, but the parts not allocated from the arena will be leaked
at that time.  

So, the fix is not to free dnames at loser, but rather to ensure that 
dnames and names are both allocated from the arenapool, and that it is 
destroyed.
Attached patch patch v1Splinter Review
Alexei, please review this patch very thoroughly, making sure that no
users of CERTDistNames objects depend on dnames or names being allocated
directly from the heap, rather than from an arenapool.
Assignee: alexei.volkov.bugs → nelson
Status: NEW → ASSIGNED
Attachment #224833 - Flags: review?(alexei.volkov.bugs)
Comment on attachment 224833 [details] [diff] [review]
patch v1

r=alexei
Attachment #224833 - Flags: review?(alexei.volkov.bugs) → review+
Fix leaks in CERT_DistNamesFromNicknames (bug 339916) and in
CERT_GetCertNicknames (bug 339919). Coverity bugs. r=alexei.volkov

Checking in certhigh.c; new revision: 1.34.2.3; previous revision: 1.34.2.2
Checking in certhigh.c; new revision: 1.37;     previous revision: 1.36
Status: ASSIGNED → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.