Closed Bug 711528 Opened 13 years ago Closed 3 years ago

Address of stack memory returned by sqlite3SelectNew

Categories

(Core :: General, defect)

Product:
Core
Component:
General
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED INVALID

People

(Reporter: gps, Unassigned)

References

(Blocks 1 open bug)

Details

The Clang static analyzer found a bug in sqlite3SelectNew: http://people.mozilla.org/~gszorc/clang/2011-12-15-13/report-uUcClX.html#EndPath In a gist, it is possible for sqlite3SelectNew to return the address of the local stack variable standin. I'm not sure if this function is in any call paths nor have I checked if it is fixed upstream.

Resolving as invalid. While the function sqlite3SelectNew does take the address of local variable standin if mallocFailed, it will reset the return value pnew to null if mallocFailed before returning:

https://searchfox.org/mozilla-central/rev/2f2b2fb6fb82c99c14cfdb909dd826ed4c3eb1b6/security/nss/lib/sqlite/sqlite3.c#125281,125285,125316,125321

Status: NEW → RESOLVED
Closed: 3 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.