Closed Bug 696599 Opened 13 years ago Closed 13 years ago

Corrupted free [@ free | moz_free | nsACString_internal::Finalize| nsFSURLEncoded::URLEncode]

Categories

(Core :: General, defect)

Product:
Core
Component:
General
Platform:
x86
Solaris
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla10

People

(Reporter: ginnchen+exoracle, Assigned: ginnchen+exoracle)

References

Details

Attachments

(1 file)

patch
826 bytes, patch
benjamin
: review+
karlt
: review+
Details | Diff | Splinter Review 
For PR_Malloc(), nspr_use_zone_allocator is read, after s/PRBool/bool, the value becomes a random int, and zone allocator is used.

It crashed when moz_free() is used to free the buffer.
Blocks: 675553
No longer blocks: 690297
Attached patch patchSplinter Review 
Assignee: nobody → ginn.chen
Status: NEW → ASSIGNED

        Attachment #568901 -
        Flags: review?(benjamin)

    
    

    
  
Besides changing it back to PRBool, I wonder if it is right to use PR_Malloc() in nsSaveAsCharset::DoCharsetConversion().

    
    

    
  
Comment on attachment 568901 [details] [diff] [review]
patch

The patch is definitely right.  NSPR types need to be used for NSPR symbols.
(I don't know about comment 2.)

        Attachment #568901 -
        Flags: review+

    
  

        Attachment #568901 -
        Flags: review?(benjamin) → review+

    
    

    
  
https://hg.mozilla.org/mozilla-central/rev/32ab009026d7
Status: ASSIGNED → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla10

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: