Closed
Bug 353908
Opened 18 years ago
Closed 18 years ago
klocwork OOM crash in tdcache.c
Categories
(NSS :: Libraries, defect, P2)
NSS
Libraries
Tracking
(Not tracked)
RESOLVED
FIXED
3.12
People
(Reporter: nelson, Assigned: alvolkov.bgs)
Details
(Keywords: klocwork)
Attachments
(1 file)
1019 bytes,
patch
|
nelson
:
review+
|
Details | Diff | Splinter Review |
ID: 90055 Function: collect_subject_certs Location: nss/lib/pki/tdcache.c : 901 Pointer 'iter' returned from call to function 'nssList_CreateIterator' at line 900 may be NULL and will be dereferenced by passing argument 1 to function 'nssListIterator_Start' at line 901. 900 nssListIterator *iter = nssList_CreateIterator(subjectList); 901 for (c = (NSSCertificate *)nssListIterator_Start(iter);
Reporter | ||
Updated•18 years ago
|
Priority: -- → P2
Target Milestone: --- → 3.12
Assignee | ||
Comment 1•18 years ago
|
||
Assignee: nobody → alexei.volkov.bugs
Status: NEW → ASSIGNED
Attachment #241226 -
Flags: review?(nelson)
Reporter | ||
Comment 2•18 years ago
|
||
Comment on attachment 241226 [details] [diff] [review] partial fix This patch is correct with respect to preventing the crash. It makes the "if (rvCertListOpt)" code be as correct as the "else" code. But it appears to me that there is a reference leak (actually, a bunch of them) in both of those two paths. Notice the call to nssCertificateList_AddReferences. It adds a reference to every cert in the "subjectList". If we fail to creat the iterator, those new references must be released, or else those references will be leaked. We can either (a) commit this patch and file a separate bug about that leak or (b) try to fix that leak for this bug in a new patch. Alexei, I'll let you decide.
Attachment #241226 -
Attachment description: fix → partial fix
Attachment #241226 -
Flags: review?(nelson) → review+
Assignee | ||
Comment 3•18 years ago
|
||
/cvsroot/mozilla/security/nss/lib/pki/tdcache.c,v <-- tdcache.c new revision: 1.45; previous revision: 1.44
Status: ASSIGNED → RESOLVED
Closed: 18 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•