Closed
Bug 354403
Opened 19 years ago
Closed 19 years ago
nssList_CreateIterator returns pointer to a freed memory if the function fails to allocate a lock
Categories
(NSS :: Libraries, defect)
Tracking
(Not tracked)
RESOLVED
FIXED
3.12
People
(Reporter: alvolkov.bgs, Assigned: alvolkov.bgs)
Details
Attachments
(1 file)
|
787 bytes,
patch
|
nelson
:
review+
|
Details | Diff | Splinter Review |
nss/lib/base/list.c: frees a pointer at list 381, and returns it at 384.
377 if (list->lock) {
378 rvIterator->lock = PZ_NewLock(nssILockOther);
379 if (!rvIterator->lock) {
380 nssList_Destroy(rvIterator->list);
381 nss_ZFreeIf(rvIterator);
382 }
383 }
384 return rvIterator;
|
Assignee | |
Comment 1•19 years ago
|
||
Attachment #240236 -
Flags: review?(nelson)
|
|
||
Updated•19 years ago
|
Attachment #240236 -
Flags: review?(nelson) → review+
|
|
Assignee | |
Comment 2•19 years ago
|
||
/cvsroot/mozilla/security/nss/lib/base/list.c,v <-- list.c
new revision: 1.20; previous revision: 1.19
Status: NEW → RESOLVED
Closed: 19 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•