Closed Bug 679610 Opened 14 years ago Closed 14 years ago

memory leak in crlutil.c

Categories

(NSS :: Tools, defect)

Product:
NSS
Component:
Tools
Type:
defect
Priority:
Not set
Severity:
trivial

Tracking

(Not tracked)

Status:
RESOLVED FIXED
Milestone:
3.13.4

People

(Reporter: david.volgyes, Assigned: aceman)

References

Details

Attachments

(1 file, 1 obsolete file)

patch per comment 5
868 bytes, patch
wtc
: review+
Details | Diff | Splinter Review
Attached patch proposed fix. (obsolete) — Splinter Review
User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:6.0) Gecko/20100101 Firefox/6.0 Build ID: 20110812233755 Steps to reproduce: cppcheck 1.49 (http://cppcheck.sourceforge.net/) found a resource leak in in security/nss/cmd/crlutil/crlutil.c in main() Actual results: Memory is allocated with strdup, but it is not released. case 't': { char *type; type = strdup(optstate->value); crlType = atoi (type); + free(type); if (crlType != SEC_CRL_TYPE && crlType != SEC_KRL_TYPE) { PR_fprintf(PR_STDERR, "%s: invalid crl type\n", progName); PL_DestroyOptState(optstate); return -1; } break; Expected results: You should free the memory.
Blocks: cppcheck
Assignee: nobody → nobody
Component: General → Tools
Product: Firefox → NSS
QA Contact: general → tools
Version: Trunk → trunk
Status: UNCONFIRMED → NEW
Ever confirmed: true
Priority: -- → P3
Summary: memory leak in clrutil.c → memory leak in crlutil.c
Whiteboard: [MemShrink]
Did you mean to set this r?(wtc) ?
Assignee: nobody → david.volgyes
(In reply to Ed Morley [:edmorley] from comment #1) > Did you mean to set this r?(wtc) ? I do not understand your question. I meant: you have to insert a free(), because strdup makes an allocation, and somewhere this memory should be released. By the way, why did you assigned the task to me? I cannot commit to the code, I have no review right, I just was the reporter. (Actually, I have very limited time, so I hardly could report the bug, and I have no more time to take care of it.)
Sorry, I'll clarify a bit. By "set this r?(wtc)" I meant did you mean to ask for review (r?) from wtc, who does NSS reviews. (In reply to David Volgyes from comment #2) > I cannot commit to the code, I have no review right, I just was the reporter. > (Actually, I have very limited time, so I hardly could report the bug, and I > have no more time to take care of it.) On bugzilla, the assignee field is used for whomever is working on the bug, which is normally the patch submitter. Lots of people forget to change the assignee when working on a bug, which means that people searching for un-owned bugs to work on can't easily exclude those bugs. The person who is assigned the bug does not need to review the patches, nor is commit access necessary, since they can ask someone else to review/commit. However in this case, if you uploaded the patch just as a help for someone else to work on it - then I'll unassign from you. Do you wish me to do the same for all the others? Either way - thanks for filing these bugs and providing example fixes, it's really appreciated. The important thing now is to make sure that other people don't think you are working on the bugs and the patches sit here untouched - so I'll likely add a whiteboard notice to all your bugs explaining.
Assignee: david.volgyes → nobody
Whiteboard: [MemShrink] → [MemShrink] [has patch, needs new assignee]
> Either way - thanks for filing these bugs and providing example fixes, it's > really appreciated. The important thing now is to make sure that other > people don't think you are working on the bugs and the patches sit here > untouched - so I'll likely add a whiteboard notice to all your bugs > explaining. That would be great. Thanks.
Maybe I'm missing something terribly obvious, but does it even have to duplicate the string at all? As far as I can see, all it does with the copy is to pass it to atoi() and in that case it could just as well use the original string, couldn't it?
I believe that this code is a tool which runs during our build process and it's not in code shipped inside of Firefox, so it is outside of the scope of the MemShrink project.
Whiteboard: [MemShrink] [has patch, needs new assignee] → [has patch, needs new assignee]
Assignee: nobody → acelists
Attachment #553687 - Attachment is obsolete: true
Status: NEW → ASSIGNED
Attachment #589663 - Flags: review?(wtc)
Severity: normal → trivial
OS: Linux → All
Priority: P3 → --
Hardware: x86_64 → All
Whiteboard: [has patch, needs new assignee]
Comment on attachment 589663 [details] [diff] [review] patch per comment 5 r=wtc. I wonder if we should check for a null pointer as we do in case 'r' above.
Attachment #589663 - Flags: review?(wtc) → review+
Print that "Invalid crl" in that case?
Keywords: checkin-needed
Checking in security/nss/cmd/crlutil/crlutil.c; /cvsroot/mozilla/security/nss/cmd/crlutil/crlutil.c,v <-- crlutil.c new revision: 1.35; previous revision: 1.34 done
Status: ASSIGNED → RESOLVED
Closed: 14 years ago
Keywords: checkin-needed
Resolution: --- → FIXED
Target Milestone: --- → 3.13.4
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: