Last Comment Bug 696599 - Corrupted free [@ free | moz_free | nsACString_internal::Finalize| nsFSURLEncoded::URLEncode]
: Corrupted free [@ free | moz_free | nsACString_internal::Finalize| nsFSURLEnc...
Status: RESOLVED FIXED
:
Product: Core
Classification: Components
Component: General (show other bugs)
: Trunk
: x86 Solaris
: -- normal (vote)
: mozilla10
Assigned To: Ginn Chen
:
:
Mentors:
Depends on:
Blocks: 675553
  Show dependency treegraph
 
Reported: 2011-10-22 12:42 PDT by Ginn Chen
Modified: 2011-10-28 04:43 PDT (History)
3 users (show)
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---


Attachments
patch (826 bytes, patch)
2011-10-22 12:52 PDT, Ginn Chen
benjamin: review+
karlt: review+
Details | Diff | Splinter Review

Description Ginn Chen 2011-10-22 12:42:28 PDT
For PR_Malloc(), nspr_use_zone_allocator is read, after s/PRBool/bool, the value becomes a random int, and zone allocator is used.

It crashed when moz_free() is used to free the buffer.
Comment 1 Ginn Chen 2011-10-22 12:52:38 PDT
Created attachment 568901 [details] [diff] [review]
patch
Comment 2 Ginn Chen 2011-10-22 13:17:13 PDT
Besides changing it back to PRBool, I wonder if it is right to use PR_Malloc() in nsSaveAsCharset::DoCharsetConversion().
Comment 3 Karl Tomlinson (:karlt) 2011-10-25 20:27:50 PDT
Comment on attachment 568901 [details] [diff] [review]
patch

The patch is definitely right.  NSPR types need to be used for NSPR symbols.
(I don't know about comment 2.)
Comment 5 Ed Morley [:emorley] 2011-10-28 04:43:00 PDT
https://hg.mozilla.org/mozilla-central/rev/32ab009026d7

Note You need to log in before you can comment on or make changes to this bug.