Corrupted free [@ free | moz_free | nsACString_internal::Finalize| nsFSURLEncoded::URLEncode]

RESOLVED FIXED in mozilla10

Status

()

Core
General
RESOLVED FIXED
6 years ago
6 years ago

People

(Reporter: Ginn Chen, Assigned: Ginn Chen)

Tracking

Trunk
mozilla10
x86
Solaris
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

826 bytes, patch
bsmedberg
: review+
karlt
: review+
Details | Diff | Splinter Review
(Assignee)

Description

6 years ago
For PR_Malloc(), nspr_use_zone_allocator is read, after s/PRBool/bool, the value becomes a random int, and zone allocator is used.

It crashed when moz_free() is used to free the buffer.

Updated

6 years ago
Blocks: 675553
No longer blocks: 690297
(Assignee)

Comment 1

6 years ago
Created attachment 568901 [details] [diff] [review]
patch
Assignee: nobody → ginn.chen
Status: NEW → ASSIGNED
Attachment #568901 - Flags: review?(benjamin)
(Assignee)

Comment 2

6 years ago
Besides changing it back to PRBool, I wonder if it is right to use PR_Malloc() in nsSaveAsCharset::DoCharsetConversion().
Comment on attachment 568901 [details] [diff] [review]
patch

The patch is definitely right.  NSPR types need to be used for NSPR symbols.
(I don't know about comment 2.)
Attachment #568901 - Flags: review+
Attachment #568901 - Flags: review?(benjamin) → review+
(Assignee)

Comment 4

6 years ago
https://hg.mozilla.org/integration/mozilla-inbound/rev/32ab009026d7

Comment 5

6 years ago
https://hg.mozilla.org/mozilla-central/rev/32ab009026d7
Status: ASSIGNED → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla10
You need to log in before you can comment on or make changes to this bug.