28.10 KB, patch
|Details | Diff | Splinter Review|
suspect call sites: http://lxr.mozilla.org/seamonkey/source/widget/src/gtk/nsWindow.cpp#296 http://lxr.mozilla.org/seamonkey/source/content/xul/templates/src/nsTemplateMap.h#56 http://lxr.mozilla.org/seamonkey/source/content/base/src/nsPropertyTable.cpp#307 http://lxr.mozilla.org/seamonkey/source/content/base/src/nsContentList.cpp#230 (checks for success but doesn't return OOM) http://lxr.mozilla.org/seamonkey/source/security/manager/boot/src/nsSecureBrowserUIImpl.cpp#423 (needs member variable tracking init state) http://lxr.mozilla.org/seamonkey/source/security/manager/ssl/src/nsNSSShutDown.cpp#85 (needs member variable tracking init state) http://lxr.mozilla.org/seamonkey/source/layout/style/nsCSSRuleProcessor.cpp#410 http://lxr.mozilla.org/seamonkey/source/caps/include/nsScriptSecurityManager.h#296 http://lxr.mozilla.org/seamonkey/source/netwerk/dns/src/nsHostResolver.cpp#332 http://lxr.mozilla.org/seamonkey/source/netwerk/cache/src/nsCacheEntry.cpp#427 (null out ops?) http://lxr.mozilla.org/seamonkey/source/netwerk/cache/src/nsDiskCacheBinding.cpp#188 (null out ops?)
Created attachment 269272 [details] [diff] [review] null out ops if Init fails, and check it before using PL_DHashTableOperate shows up in a lot of stacks on crash-reports.mozilla.com. At the very least, this patch prevents a known crasher in nsCSSRuleProcessor under OOM conditions (though the OOM crash just pops up elsewhere for that particular case).
Attachment #269272 - Flags: superreview? → superreview?(cbiesinger)
Created attachment 269274 [details] [diff] [review] null out ops if Init fails, and check it before using v2 oops, attached the wrong patch before
Attachment #269274 - Flags: superreview? → superreview?(cbiesinger)
I think these need to be separate review requests for separate areas of code -- what the correct error handling is in each case requires understanding what the code does. We're better off crashing than violating invariants in ways that could lead to exploitable security bugs.
Comment on attachment 269274 [details] [diff] [review] null out ops if Init fails, and check it before using v2 ok
Status: NEW → RESOLVED
Last Resolved: 11 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 211260
You need to log in before you can comment on or make changes to this bug.