Closed
Bug 43351
Opened 24 years ago
Closed 24 years ago
Potential null ptr deref in nsNativeComponentLoader.cpp
Categories
(Core :: XPCOM, defect, P3)
Tracking
()
RESOLVED
FIXED
M18
People
(Reporter: madams, Assigned: rayw)
References
Details
(Whiteboard: [nsbeta3+])
If the Unload() function of nsNativeComponentLoader is called when Init() hasn't
been (eg, if startup fails for some reason), this will crash due to mDllStore
being NULL.
Patch:
----------------------------------------
Index: nsNativeComponentLoader.cpp
===================================================================
RCS file: /cvsroot/mozilla/xpcom/components/nsNativeComponentLoader.cpp,v
retrieving revision 1.45
diff -u -r1.45 nsNativeComponentLoader.cpp
--- nsNativeComponentLoader.cpp 2000/06/03 09:45:55 1.45
+++ nsNativeComponentLoader.cpp 2000/06/21 20:25:04
@@ -982,7 +982,9 @@
callData.when = aWhen;
// Cycle through the dlls checking to see if they want to be unloaded
- mDllStore->Enumerate(nsFreeLibraryEnum, &callData);
+ if( mDllStore ) {
+ mDllStore->Enumerate(nsFreeLibraryEnum, &callData);
+ }
return NS_OK;
}
|
||
Updated•24 years ago
|
Status: UNCONFIRMED → NEW
Ever confirmed: true
|
Assignee | |
Comment 1•24 years ago
|
||
Please explain why it is proper to call Unload without calling Init, and why it
would be bad for this to raise an exception.
|
Reporter | |
Comment 2•24 years ago
|
||
This is hit if nsComponentManagerImpl::init() fails when called from
NS_InitXPCOM(). Here's the call sequence:
NS_InitXPCOM()
- compMgr = new nsComponentManagerImpl();
- rv = compMgr->Init();
- if (NS_FAILED(rv)) NS_RELEASE(compMgr);
- nsComponentManagerImpl())::~nsComponentManagerImpl()
- nsComponentManagerImpl()::Shutdown()
- nsComponentManagerImpl()::UnloadLibraries()
- nsNativeComponentLoader::UnloadAll()
- crash since nsNativeComponentLoader() never had Init() called, which
is normally called at the end of nsComponentManagerImpl::PlatformInit() (through
nsComponentManager::Init()) if everything succeeds
This was exposed by checking the return value of
nsComponentManagerImpl()::PlatformInit(). However, it would have happened later
anyways, just not as obviously.
|
|
Assignee | |
Comment 3•24 years ago
|
||
Thanks for the clarification that Unload was not being externally called, but
only internally by the destructor.
I think this suggested change should be applied fairly soon. It apparently does
not prevent mozilla from executing correctly, but it creates a messy-looking
crash in a case where it would have failed anyway.
is the crash that occurs when the component registry is not writeable.
Target Milestone: --- → M18
|
|
Assignee | |
Updated•24 years ago
|
Status: NEW → ASSIGNED
|
|
Assignee | |
Updated•24 years ago
|
|
|
Assignee | |
Updated•24 years ago
|
Whiteboard: [nsbeta3+]
|
|
Assignee | |
Comment 4•24 years ago
|
||
Applied the patch, exactly as given.
Status: ASSIGNED → RESOLVED
Closed: 24 years ago
Resolution: --- → FIXED
|
||
Comment 5•24 years ago
|
||
please verify
Mark, please mark verified if all is well. Fixed for you?
QA Contact: leger → madams
You need to log in
before you can comment on or make changes to this bug.
Description
•