Closed Bug 5683 Opened 26 years ago Closed

check for count > 0 before alloc?

Categories

(Core :: XPCOM, defect, P3)

x86
All
defect

Tracking

()

RESOLVED FIXED

People

(Reporter: jband_mozilla, Assigned: mike+mozilla)

References

()

Details

#5 0x4afbdd1c in DoInterfaceDescriptor (outer=0xbfffec98, idp=0x4af6dffc) at ../../../../mozilla/xpcom/libxpt/src/xpt_struct.c:490 485 if (!XPT_Do16(cursor, &id->num_constants)) { 486 goto error; 487 } 488 489 if (mode == XPT_DECODE) 490 > id->const_descriptors = XPT_CALLOC(id->num_constants * 491 sizeof(XPTConstDescriptor)); 492 493 for (i = 0; i < id->num_constants; i++) { 494 if (!DoConstDescriptor(cursor, &id->const_descriptors[i])) { (gdb) p id->num_constants $1 = 0
Status: NEW → ASSIGNED
Target Milestone: M6
Thanks for catching this! I have a fix in my tree that makes the const case parallel to the method case; that is, a check is made for number of consts > 0 before anything is alloc'ed. Looking atht ecode, I'm wondering if this isn't the only similar case... I'll check it in when the tree opens.
Checked in a fix. Thanks for spotting this.
Component: xpidl → XPCOM
QA Contact: mike+mozilla → xpcom
You need to log in before you can comment on or make changes to this bug.