зеркало из https://github.com/mozilla/pjs.git
c27b32ee74
sr=brendan r=wtc a=dbaron The issue is the use of the PL_DHash* functions. It's possible that a given call to PL_DHashOperate which adds a new entry may cause the hash table to expand, and all the existing entries to be reallocated. PL_DHash does this by allocating new memory, then copying the entries. getCacheEntry() returns one of these hash entries. CmpBy() makes two consecutive calls to getCacheEntry, then uses the returned entries for it's comparisons. If the second entry call causes a new entry to be added to the table, and causes the hash table to expand, the pointer to the first entry we retrieved will point to freed memory. The fix is to make the usable entry a pointer in the hashtable entry, and return that pointer. When the hashtable rebuilds it's entries, the pointer will be copied to the new entry and not be disturbed. |
||
|---|---|---|
| .. | ||
| boot | ||
| locales | ||
| pki | ||
| ssl | ||
| .cvsignore | ||
| Makefile.in | ||
| psm.pkg | ||