Closed Bug 620237 Opened 9 years ago Closed 9 years ago

server_port_flush is awkward

Categories

(Core :: IPC, defect, critical)

defect
Not set
critical

Tracking

()

RESOLVED INVALID

People

(Reporter: timeless, Unassigned)

References

(Blocks 1 open bug, )

Details

(Keywords: coverity, crash, Whiteboard: [sg:nse in Mozilla])

1765 server_request_free(struct server_request *req)
1766 {
1795         if (rc == 0) {
1797                 free(req);
1798                 return (1);
1799         }
1800         free(req);
1801         return (0);
1802 }

server_request_free frees req unconditionally.

1181 server_port_flush(struct evdns_server_port *port)
1183         while (port->pending_replies) {
1184                 struct server_request *req = port->pending_replies;
1193                 if (server_request_free(req)) {
1194                         /* we released the last reference to req->port. */

afaict you released it whether or not it returned true, this seems like a bad idea.

1195                         return;
1196                 }
1197         }
This code is not used in Mozilla so closing INVALID (not our bug).

BenT: you imported this I think, please let some chromium folks know so they can decide if this is a problem for them or not before we un-hide the bug.
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → INVALID
Whiteboard: [sg:nse in Mozilla]
Group: core-security
You need to log in before you can comment on or make changes to this bug.