On Sun, Mar 29, 2009 at 5:01 PM, Neil <n...@parkwaycc.co.uk> wrote: > > Using the above criteria, I found the following allocator mismatches under > security/* > > nsNSSCallbacks.cpp: HandshakeCallback calls Adopt(cipherName) instead of > Assign and PORT_Free. In fact, it can leak cipherName. > > nsNSSCertificate.cpp: several times it Adopt()s the result of CERT_Hexify, > when it should use PORT_Free. > > nsNSSIOLayer.cpp: both adopts the result of and allocates an outparam using > nsCRT::strdup, when both times it should use NS_strdup, while SSL_RevealURL > allocates with PL_strdup but charCleaner uses PR_FREEIF. > > nsSSLStatus.cpp: allocates an outparam using PL_strdup, when it should use > ToNewCString.
For these four files under mozilla/security/manager, please file a bug report for product=Core, component=Security: PSM, and cc Kai Engert (:kaie) and Honza Bambas. > pk12util.c: uses PR_Free for a string allocated with malloc, and PORT_ZFree > for a string allocated with PL_strdup. For this file, please file a bug for product=NSS, component=Tools. Thanks, Wan-Teh -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
