nssList_CreateIterator returns pointer to a freed memory if the function fails to allocate a lock

RESOLVED FIXED in 3.12

Status

RESOLVED FIXED
13 years ago
13 years ago

People

(Reporter: alvolkov.bgs, Assigned: alvolkov.bgs)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

(Assignee)

Description

13 years ago
nss/lib/base/list.c: frees a pointer at list 381, and returns it at 384.

377     if (list->lock) {
378         rvIterator->lock = PZ_NewLock(nssILockOther);
379         if (!rvIterator->lock) {
380             nssList_Destroy(rvIterator->list);
381             nss_ZFreeIf(rvIterator);
382         }
383     }
384     return rvIterator;
(Assignee)

Comment 1

13 years ago
Created attachment 240236 [details] [diff] [review]
set rvIterator to NULL
Attachment #240236 - Flags: review?(nelson)
Attachment #240236 - Flags: review?(nelson) → review+
(Assignee)

Comment 2

13 years ago
/cvsroot/mozilla/security/nss/lib/base/list.c,v  <--  list.c
new revision: 1.20; previous revision: 1.19
Status: NEW → RESOLVED
Last Resolved: 13 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.