sr=brendan r=wtc a=dbaron
The issue is the use of the PL_DHash* functions. It's possible that a given call
to PL_DHashOperate which adds a new entry may cause the hash table to expand,
and all the existing entries to be reallocated. PL_DHash does this by allocating
new memory, then copying the entries.
getCacheEntry() returns one of these hash entries. CmpBy() makes two consecutive
calls to getCacheEntry, then uses the returned entries for it's comparisons. If
the second entry call causes a new entry to be added to the table, and causes
the hash table to expand, the pointer to the first entry we retrieved will point
to freed memory.
The fix is to make the usable entry a pointer in the hashtable entry, and return
that pointer. When the hashtable rebuilds it's entries, the pointer will be
copied to the new entry and not be disturbed.
git-svn-id: svn://10.0.0.236/trunk@177782 18797224-902f-48f8-a5cc-f745e15eee43
493a0a3758