Closed Bug 1142681 Opened 10 years ago Closed 10 years ago

[WebCrypto] |CreateECParamsForCurve| leaks |params|

Tracking

()

Status:

RESOLVED FIXED

Milestone:

mozilla39

Tracking Flags:

Tracking

Status

firefox39

---

fixed

People

(Reporter: erahm, Assigned: ttaubert)

References

(Blocks 1 open bug)

Details

(Keywords: coverity, Whiteboard: [MemShrink][CID 1286416])

Attachments

(1 file)

0001-Bug-1142681-Let-CreateECParamsForCurve-assert-a-non-.patch 10 years ago Tim Taubert [:ttaubert] (inactive) (deleted), patch	keeler : review+	Details \| Diff \| Splinter Review

Eric Rahm [:erahm]

Reporter

Description

•

10 years ago

Coverity indicates that |CreateECParamsForCurve| leaks |params| if the sanity check [1] fails. [1] https://hg.mozilla.org/mozilla-central/annotate/0190a1d17294/dom/crypto/WebCryptoCommon.h#l320

Tim Taubert [:ttaubert] (inactive)

Assignee

Comment 1

•

10 years ago

The SECItem is alloced in the ScopedPLArenaPool given by the caller. Once that goes out of scope we should free the memory as well here. This is assuming that aArena ≠ null, so should we maybe add an assertion here? All existing callers pass a non-null arena but we could avoid future accidental leaks?

Flags: needinfo?(dkeeler)

Dana Keeler (she/her) (use needinfo) (:keeler for reviews)

Comment 2

•

10 years ago

That sounds reasonable. I don't know if coverity will be satisfied by that, but maybe we could annotate it or something.

Flags: needinfo?(dkeeler)

Eric Rahm [:erahm]

Reporter

Comment 3

•

10 years ago

An assertion sounds good. If Coverity doesn't pick up on it someone triaging defects probably will.

Tim Taubert [:ttaubert] (inactive)

Assignee

Comment 4

•

10 years ago

Attached patch 0001-Bug-1142681-Let-CreateECParamsForCurve-assert-a-non-.patch (deleted) — Details — Splinter Review

Assignee: nobody → ttaubert

Status: NEW → ASSIGNED

Attachment #8577455 - Flags: review?(dkeeler)

Dana Keeler (she/her) (use needinfo) (:keeler for reviews)

Updated

•

10 years ago

Attachment #8577455 - Flags: review?(dkeeler) → review+

Tim Taubert [:ttaubert] (inactive)

Assignee

Comment 5

•

10 years ago

https://hg.mozilla.org/integration/mozilla-inbound/rev/fcf4cac17e3a

Phil Ringnalda (:philor)

Comment 6

•

10 years ago

https://hg.mozilla.org/mozilla-central/rev/fcf4cac17e3a

Status: ASSIGNED → RESOLVED

Closed: 10 years ago

status-firefox39: --- → fixed

Resolution: --- → FIXED

Target Milestone: --- → mozilla39

Tim Taubert [:ttaubert] (inactive)

Assignee

Comment 7

•

10 years ago

Eric, out of curiosity: does Coverity still report a leak?

Flags: needinfo?(erahm)

Eric Rahm [:erahm]

Reporter

Comment 8

•

10 years ago

(In reply to Tim Taubert [:ttaubert] from comment #7) > Eric, out of curiosity: does Coverity still report a leak? The latest run shows it as fixed, so a release assertion seems to have done the job.

Eric Rahm [:erahm]

Reporter

Updated

•

10 years ago

Flags: needinfo?(erahm)

Sylvestre Ledru [:Sylvestre]

Updated

•

6 years ago

Blocks: coverity-analysis

You need to log in before you can comment on or make changes to this bug.

Bugzilla

[WebCrypto] |CreateECParamsForCurve| leaks |params|

Categories

(Core :: DOM: Security, defect)

Tracking

()

People

(Reporter: erahm, Assigned: ttaubert)

References

(Blocks 1 open bug)

Details

(Keywords: coverity, Whiteboard: [MemShrink][CID 1286416])

Crash Data

Security

(public)

User Story

Attachments

(1 file)

Description

Comment 1

Comment 2

Comment 3

Comment 4

Updated

Comment 5

Comment 6

Comment 7

Comment 8

Updated

Updated

Attachment

General

Description

File Name

Content Type