Closed Bug 505771 Opened 11 years ago Closed 11 years ago

double free [@ JS_free - snarf] in jsshell

Categories

(Core :: JavaScript Engine, defect, critical)

defect
Not set
critical

Tracking

()

RESOLVED FIXED

People

(Reporter: timeless, Assigned: timeless)

References

(Blocks 1 open bug, )

Details

(Keywords: coverity, crash)

Crash Data

Attachments

(1 file, 1 obsolete file)

there's an extra free in an error case :(
Attached patch patch (obsolete) — Splinter Review
Assignee: general → timeless
Status: NEW → ASSIGNED
Attachment #390179 - Flags: review?(jorendorff)
Comment on attachment 390179 [details] [diff] [review]
patch

The !ok path further down is really non-obvious. This should really be rewritten to take an early out, but your 1-liner works too of course. Nice catch. Thanks for the coverity run. (stealing jorendorff's review, I don't think he minds)
Attachment #390179 - Flags: review?(jorendorff) → review+
Leaving the bug open. Its shell only, and in an exception path.
Attached patch with reviewerSplinter Review
Attachment #390179 - Attachment is obsolete: true
Attachment #393736 - Flags: review+
http://hg.mozilla.org/mozilla-central/rev/e2f495fc448e
Status: ASSIGNED → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Crash Signature: [@ JS_free - snarf]
You need to log in before you can comment on or make changes to this bug.