Last Comment Bug 354403 - nssList_CreateIterator returns pointer to a freed memory if the function fails to allocate a lock
: nssList_CreateIterator returns pointer to a freed memory if the function fail...
Status: RESOLVED FIXED
:
Product: NSS
Classification: Components
Component: Libraries (show other bugs)
: 3.12
: All All
: -- normal (vote)
: 3.12
Assigned To: Alexei Volkov
:
Mentors:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2006-09-26 17:13 PDT by Alexei Volkov
Modified: 2006-09-29 13:13 PDT (History)
1 user (show)
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---


Attachments
set rvIterator to NULL (787 bytes, patch)
2006-09-26 17:15 PDT, Alexei Volkov
nelson: review+
Details | Diff | Splinter Review

Description Alexei Volkov 2006-09-26 17:13:37 PDT
nss/lib/base/list.c: frees a pointer at list 381, and returns it at 384.

377     if (list->lock) {
378         rvIterator->lock = PZ_NewLock(nssILockOther);
379         if (!rvIterator->lock) {
380             nssList_Destroy(rvIterator->list);
381             nss_ZFreeIf(rvIterator);
382         }
383     }
384     return rvIterator;
Comment 1 Alexei Volkov 2006-09-26 17:15:19 PDT
Created attachment 240236 [details] [diff] [review]
set rvIterator to NULL
Comment 2 Alexei Volkov 2006-09-29 13:13:43 PDT
/cvsroot/mozilla/security/nss/lib/base/list.c,v  <--  list.c
new revision: 1.20; previous revision: 1.19

Note You need to log in before you can comment on or make changes to this bug.