Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-11-23 12:51:06 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Bug 976922 - heap-use-after-free mozilla::net::CacheEntry::GetMetaDataElement in NS_strdup, r=honzab

Browse Source
This commit is contained in:
Michal Novotny 2014-03-05 18:14:19 +01:00
parent f06539de43
commit dc96947b54
3 changed files with 12 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
netwerk/cache2/CacheEntry.cpp
View File

@ -1052,16 +1052,15 @@ NS_IMETHODIMP CacheEntry::GetSecurityInfo(nsISupports * *aSecurityInfo)
NS_ENSURE_SUCCESS(mFileStatus, NS_ERROR_NOT_AVAILABLE);
char const* info;
nsXPIDLCString info;
nsCOMPtr<nsISupports> secInfo;
nsresult rv;
rv = mFile->GetElement("security-info", &info);
rv = mFile->GetElement("security-info", getter_Copies(info));
NS_ENSURE_SUCCESS(rv, rv);
if (info) {
rv = NS_DeserializeObject(nsDependentCString(info),
getter_AddRefs(secInfo));
rv = NS_DeserializeObject(info, getter_AddRefs(secInfo));
NS_ENSURE_SUCCESS(rv, rv);
}
@ -1148,15 +1147,7 @@ NS_IMETHODIMP CacheEntry::GetMetaDataElement(const char * aKey, char * *aRetval)
{
NS_ENSURE_SUCCESS(mFileStatus, NS_ERROR_NOT_AVAILABLE);
const char *value;
nsresult rv = mFile->GetElement(aKey, &value);
NS_ENSURE_SUCCESS(rv, rv);
if (!value)
return NS_ERROR_NOT_AVAILABLE;
*aRetval = NS_strdup(value);
return NS_OK;
return mFile->GetElement(aKey, aRetval);
}
NS_IMETHODIMP CacheEntry::SetMetaDataElement(const char * aKey, const char * aValue)

9
netwerk/cache2/CacheFile.cpp
View File

@ -775,13 +775,18 @@ CacheFile::ThrowMemoryCachedData()
}
nsresult
CacheFile::GetElement(const char *aKey, const char **_retval)
CacheFile::GetElement(const char *aKey, char **_retval)
{
CacheFileAutoLock lock(this);
MOZ_ASSERT(mMetadata);
NS_ENSURE_TRUE(mMetadata, NS_ERROR_UNEXPECTED);
*_retval = mMetadata->GetElement(aKey);
const char *value;
value = mMetadata->GetElement(aKey);
if (!value)
return NS_ERROR_NOT_AVAILABLE;
*_retval = NS_strdup(value);
return NS_OK;
}

2
netwerk/cache2/CacheFile.h
View File

@ -83,7 +83,7 @@ public:
nsresult ThrowMemoryCachedData();
// metadata forwarders
nsresult GetElement(const char *aKey, const char **_retval);
nsresult GetElement(const char *aKey, char **_retval);
nsresult SetElement(const char *aKey, const char *aValue);
nsresult ElementsSize(uint32_t *_retval);
nsresult SetExpirationTime(uint32_t aExpirationTime);