Closed
Bug 505771
Opened 15 years ago
Closed 15 years ago
double free [@ JS_free - snarf] in jsshell
Categories
(Core :: JavaScript Engine, defect)
Core
JavaScript Engine
Tracking
()
RESOLVED
FIXED
People
(Reporter: timeless, Assigned: timeless)
References
(Blocks 1 open bug, )
Details
(Keywords: coverity, crash)
Crash Data
Attachments
(1 file, 1 obsolete file)
|
619 bytes,
patch
|
timeless
:
review+
|
Details | Diff | Splinter Review |
there's an extra free in an error case :(
|
||
Comment 2•15 years ago
|
||
Comment on attachment 390179 [details] [diff] [review] patch The !ok path further down is really non-obvious. This should really be rewritten to take an early out, but your 1-liner works too of course. Nice catch. Thanks for the coverity run. (stealing jorendorff's review, I don't think he minds)
Attachment #390179 -
Flags: review?(jorendorff) → review+
|
|
||
Comment 3•15 years ago
|
||
Leaving the bug open. Its shell only, and in an exception path.
Attachment #390179 -
Attachment is obsolete: true
Attachment #393736 -
Flags: review+
http://hg.mozilla.org/mozilla-central/rev/e2f495fc448e
Status: ASSIGNED → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
|
||
Updated•13 years ago
|
Crash Signature: [@ JS_free - snarf]
|
||
Updated•6 years ago
|
Blocks: coverity-analysis
You need to log in
before you can comment on or make changes to this bug.
Description
•