pkix_PolicyChecker_MakeMutableCopy calls PKIX_DECREF(object) uninitialized if PKIX_CHECK(PKIX_List_Create(...)...) bails

RESOLVED FIXED in 3.12.7

Status

NSS
Libraries
P2
critical
RESOLVED FIXED
8 years ago
8 years ago

People

(Reporter: timeless, Assigned: timeless)

Tracking

({coverity, crash})

trunk
3.12.7
coverity, crash

Firefox Tracking Flags

(Not tracked)

Details

(URL)

Attachments

(1 attachment)

(Assignee)

Description

8 years ago
867 pkix_PolicyChecker_MakeMutableCopy(

875         PKIX_PL_Object *object;

880         PKIX_CHECK(PKIX_List_Create(&newList, plContext),

900 cleanup:

902         PKIX_DECREF(object);
(Assignee)

Comment 1

8 years ago
Created attachment 431172 [details] [diff] [review]
initialize
Assignee: nobody → timeless
Status: NEW → ASSIGNED
Attachment #431172 - Flags: review?(nelson)
OS: Linux → All
Hardware: x86 → All
Comment on attachment 431172 [details] [diff] [review]
initialize

Timeless, please ask Alexei to review patches to libPKIX, thanks.
Attachment #431172 - Flags: review?(nelson) → review?(alexei.volkov.bugs)

Comment 3

8 years ago
Comment on attachment 431172 [details] [diff] [review]
initialize

r=alexei
Attachment #431172 - Flags: review?(alexei.volkov.bugs) → review+
Bug 550929: pkix_PolicyChecker_MakeMutableCopy calls PKIX_DECREF(object) uninitialized if PKIX_CHECK(PKIX_List_Create(...)...) bails
Patch contributed by timeless <timeless@mozdev.org>, r=alexei.volkov

Checking in pkix_policychecker.c; new revision: 1.2; previous revision: 1.1
Status: ASSIGNED → RESOLVED
Last Resolved: 8 years ago
Priority: -- → P2
Resolution: --- → FIXED
Target Milestone: --- → 3.12.7

Updated

8 years ago
Duplicate of this bug: 568168
Duplicate of this bug: 485982
(Assignee)

Updated

8 years ago
Severity: normal → critical
Keywords: crash
You need to log in before you can comment on or make changes to this bug.