Closed
Bug 1082547
Opened 10 years ago
Closed 10 years ago
OptionsBase::ParseString (eventually) free()'s memory allocated with js_malloc
Categories
(Core :: XPConnect, defect)
Core
XPConnect
Tracking
()
RESOLVED
FIXED
mozilla36
People
(Reporter: ggp, Unassigned)
Details
Attachments
(1 file)
1.18 KB,
patch
|
bholley
:
review+
|
Details | Diff | Splinter Review |
OptionsBase::ParseString [1] has a nsCString adopt a buffer that was allocated via js_malloc [2]. The nsCString will later attempt to free(), as opposed to js_free(), that buffer. 1- http://dxr.mozilla.org/mozilla-central/source/js/xpconnect/src/Sandbox.cpp?from=js/xpconnect/src/Sandbox.cpp#1242 2- http://dxr.mozilla.org/mozilla-central/source/js/src/jsapi.cpp#5510
Reporter | ||
Comment 1•10 years ago
|
||
One possible fix is to just copy the buffer returned from JS_EncodeString then js_free() it.
Attachment #8504714 -
Flags: review?(bobbyholley)
Updated•10 years ago
|
Attachment #8504714 -
Flags: review?(bobbyholley) → review+
Reporter | ||
Comment 2•10 years ago
|
||
Thanks for the quick review! https://tbpl.mozilla.org/?tree=Try&rev=514895dd4c0a
Keywords: checkin-needed
Comment 3•10 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/56d729d290c7
Keywords: checkin-needed
Comment 4•10 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/56d729d290c7
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla36
You need to log in
before you can comment on or make changes to this bug.
Description
•