Closed
Bug 514974
Opened 15 years ago
Closed 15 years ago
Read after free in nptest.cpp
Categories
(Core Graveyard :: Plug-ins, defect)
Tracking
(status1.9.2 beta1-fixed)
RESOLVED
FIXED
| Tracking | Status | |
|---|---|---|
| status1.9.2 | --- | beta1-fixed |
People
(Reporter: roc, Assigned: roc)
Details
Attachments
(1 file)
|
810 bytes,
patch
|
jaas
:
review+
jaas
:
approval1.9.2+
|
Details | Diff | Splinter Review |
Julian Seward noticed that NPP_Destroy reads via instanceData after we've freed it.
Attachment #398988 -
Flags: review?(joshmoz)
Attachment #398988 -
Flags: review?(joshmoz) → review+
Comment on attachment 398988 [details] [diff] [review] fix Ha, I was just about to post this patch.
|
Assignee | |
Comment 2•15 years ago
|
||
http://hg.mozilla.org/mozilla-central/rev/68762e0a8a56
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
|
|
Assignee | |
Comment 3•15 years ago
|
||
Comment on attachment 398988 [details] [diff] [review] fix We should take this trivial memory safety fix on branch
Attachment #398988 -
Flags: approval1.9.2?
Attachment #398988 -
Flags: approval1.9.2? → approval1.9.2+
|
|
Assignee | |
Updated•15 years ago
|
Whiteboard: [needs 192 landing]
|
||
Comment 4•15 years ago
|
||
Looks like jgriffin checked in an analogous fix in http://hg.mozilla.org/releases/mozilla-1.9.2/rev/0bbcf751c0a6 Marking status1.9.2 = beta1fixed. Please reopen if you disagree.
status1.9.2:
--- → beta1-fixed
Whiteboard: [needs 192 landing]
|
||
Updated•2 years ago
|
Product: Core → Core Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•