Closed Bug 505820 Opened 15 years ago Closed 14 years ago

nssTokenObjectCache_Create leaks rvCache if PZ_NewLock fails

Categories

(NSS :: Libraries, defect, P2)

Product:
NSS
Component:
Libraries
Version:
3.12.2
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED FIXED
Milestone:
3.12.7

People

(Reporter: timeless, Assigned: shailen.n.jain)

References

(
URL
)

Details

(Keywords: coverity, memory-leak)

Attachments

(1 file, 1 obsolete file)

Patch Version 2
1.27 KB, patch
nelson
: review+
Details | Diff | Splinter Review 
253     rvCache = nss_ZNEW(NULL, nssTokenObjectCache);

257 rvCache->lock = PZ_NewLock(nssILockOther); /* XXX */
258 if (!rvCache->lock) {
259 goto loser;

266 loser:
267 return (nssTokenObjectCache *)NULL;
Severity: normal → minor
OS: Mac OS X → All
Hardware: x86 → All
Assignee: nobody → julien.pierre.boogz
Priority: -- → P2
Target Milestone: --- → 3.12.4
Target Milestone: 3.12.4 → ---
Attached patch Patch V 1 (obsolete) — Splinter Review 
Hi Nelson,

   Please review the patch.

Thanks,
Shailendra
Attachment #437016 - Flags: review?(nelson)
Comment on attachment 437016 [details] [diff] [review]
Patch V 1

One of the paths to loser leaves rvCache->lock as NULL.
If you call nssTokenObjectCache_Destroy with rvCache->lock being NULL
it will call PR_DestroyLock with NULL, which will crash.  
(PZ_DestroyLock is just a wrapper for PR_DestroyLock)

The solution to this problem, IMO, is to fix 
nssTokenObjectCache_Destroy so that it does not call PZ_DestroyLock 
if cache->lock is NULL.  
When your patch also does that, it will be complete.

> loser:
>+    nssTokenObjectCache_Destroy(rvCache);
>     return (nssTokenObjectCache *)NULL;
> }
> 
> static void
> clear_cache (
>   nssTokenObjectCache *cache
> )
> {
Attachment #437016 - Flags: review?(nelson) → review-
Attached patch Patch Version 2Splinter Review 
Hi Nelson,

  I have made the required changes in this new patch.

Regards,
Shailendra
Attachment #437016 - Attachment is obsolete: true
Attachment #437267 - Flags: review?(nelson)
Comment on attachment 437267 [details] [diff] [review]
Patch Version 2

r=nelson
Attachment #437267 - Flags: review?(nelson) → review+
Assignee: bugzilla+nospam → shailen.n.jain
Target Milestone: --- → 3.12.7
Version: unspecified → 3.12.2
Bug 505820: nssTokenObjectCache_Create leaks rvCache if PZ_NewLock fails
Patch by Shailendra Jain <shailen.n.jain@gmail.com>, r=nelson

Checking in nss/lib/dev/devutil.c; new revision: 1.35; previous revision: 1.34

Thanks, Shailendra
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: