Closed Bug 180210 Opened 22 years ago Closed 22 years ago

nsCookie::~nsCookie frees uninitialized values

Categories

(Core :: Networking: Cookies, defect)

Product:
Core
Component:
Networking: Cookies
Platform:
x86
Windows 2000
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
VERIFIED FIXED

People

(Reporter: timeless, Assigned: timeless)

References

Details

(Keywords: crash)

Attachments

(1 file)

initialize the values and check for null before freeing them
(deleted), patch
morse
: review+
bzbarsky
: superreview+
Details | Diff | Splinter Review
nsCRT::free(char * 0xcdcdcdcd) line 179 + 9 bytes nsCookie::~nsCookie() line 75 + 13 bytes nsCookie::`scalar deleting destructor'() + 15 bytes nsCookie::Release(nsCookie * const 0x03edf040) line 46 + 183 bytes XPCWrappedNative::~XPCWrappedNative() line 547 + 18 bytes XPCWrappedNative::`scalar deleting destructor'(unsigned int 1) + 15 bytes XPCWrappedNative::Release(XPCWrappedNative * const 0x03edefc0) line 777 + 147 bytes XPCWrappedNative::FlatJSObjectFinalized(JSContext * 0x004f4e70, JSObject * 0x014a42e0) line 897 XPC_WN_NoHelper_Finalize(JSContext * 0x004f4e70, JSObject * 0x014a42e0) line 630 js_FinalizeObject(JSContext * 0x004f4e70, JSObject * 0x014a42e0) line 1840 + 96 bytes js_GC(JSContext * 0x004f4e70, unsigned int 5) line 1311 + 11 bytes Note that some code does check for null values (especially getters). + cookieName 0xcdcdcdcd "" + cookieValue 0xcdcdcdcd "" + cookieHost 0xcdcdcdcd "" + cookiePath 0xcdcdcdcd ""
Attachment #106268 - Flags: superreview?(bzbarsky)
Attachment #106268 - Flags: review?(morse)
Severity: normal → critical
Keywords: crash
Comment on attachment 106268 [details] [diff] [review] initialize the values and check for null before freeing them can you use nsnull rather than null to make it clear you're init'ing a pointer?
Attachment #106268 - Flags: superreview?(bzbarsky) → superreview+
Attachment #106268 - Flags: review?(morse) → review+
checked in
Status: NEW → RESOLVED
Closed: 22 years ago
Resolution: --- → FIXED
verified patch checked in with lxr on mozilla trunk, values are initialized and free'd properly
Status: RESOLVED → VERIFIED
Blocks: 181491
Blocks: 181494
Blocks: 181496
Blocks: 181498
Blocks: 181500
Blocks: 181503
Blocks: 181505
Blocks: 181507
Blocks: 181509
Blocks: 181512
No longer blocks: 181512
No longer blocks: 181509
No longer blocks: 181507
No longer blocks: 181505
No longer blocks: 181500
No longer blocks: 181498
No longer blocks: 181496
No longer blocks: 181494
No longer blocks: 181503
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: